increased fake result security by hasing objects and checking duplicate timestamps

This commit is contained in:
Jack 2021-08-27 21:00:11 +01:00
parent ce0d7e1bac
commit 82a45bfb7d
3 changed files with 25 additions and 0 deletions

View file

@ -7,6 +7,7 @@ const {
validateResult,
} = require("../../handlers/validation");
const { stdDev, roundTo2 } = require("../../handlers/misc");
const objecthash = require("object-hash");
class ResultController {
static async getResults(req, res, next) {
@ -92,6 +93,21 @@ class ResultController {
.json({ message: "Result data doesn't make sense" });
}
let resulthash = result.hash;
delete result.hash;
const serverhash = objecthash(result);
if (serverhash !== resulthash) {
return res.status(400).json({ message: "Incorrect result hash" });
}
let timestampres = await ResultDAO.getResultByTimestamp(
uid,
result.timestamp
);
if (timestampres) {
return res.status(400).json({ message: "Duplicate result" });
}
try {
result.keySpacingStats = {
average:

View file

@ -47,6 +47,10 @@ class ResultDAO {
return result;
}
static async getResultByTimestamp(uid, timestamp) {
return await mongoDB().collection("results").findOne({ uid, timestamp });
}
static async getResults(uid, start, end) {
start = start ?? 0;
end = end ?? 1000;

View file

@ -37,6 +37,8 @@ import * as Wordset from "./wordset";
import * as ChallengeContoller from "./challenge-controller";
import * as RateQuotePopup from "./rate-quote-popup";
const objecthash = require("object-hash");
let glarsesMode = false;
export function toggleGlarses() {
@ -1781,6 +1783,9 @@ export async function finish(difficultyFailed = false) {
completedEvent.challenge = ChallengeContoller.verify(
completedEvent
);
console.time("hash");
completedEvent.hash = objecthash(completedEvent);
console.timeEnd("hash");
axiosInstance
.post("/results/add", {
result: completedEvent,