fedi/mastodon
1
0
Fork 1
mirror of https://github.com/mastodon/mastodon.git synced 2024-11-21 21:57:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add guard on req.ip not being a valid IP address

Browse source
This commit is contained in:
Emelia Smith 2024-11-17 17:37:02 +01:00
parent 4a4f590611
commit 162506a6bb
No known key found for this signature in database
1 changed files with 15 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
streaming/index.js
View file

@ -2,6 +2,7 @@
import fs from 'node:fs';
import http from 'node:http';
import net from 'node:net';
import path from 'node:path';
import url from 'node:url';
@ -384,7 +385,20 @@ const startServer = async () => {
// Track the usage of the access token if necessary:
// This is the same code as: app/controllers/concerns/api/access_token_tracking_concern.rb
if (accessToken.last_used_at === null || accessToken.last_used_at < Date.now() - ACCESS_TOKEN_UPDATE_FREQUENCY) {
await pgPool.query('UPDATE "oauth_access_tokens" SET "last_used_at" = $2, "last_used_ip" = $3 WHERE "oauth_access_tokens"."id" = $1', [ accessToken.id, new Date(), req.ip ]);
let query, variables = [];
if (req.ip && net.isIP(req.ip)) {
query = 'UPDATE "oauth_access_tokens" SET "last_used_at" = $2, "last_used_ip" = $3 WHERE "oauth_access_tokens"."id" = $1';
variables = [ accessToken.id, new Date(), req.ip ];
} else {
query = 'UPDATE "oauth_access_tokens" SET "last_used_at" = $2 WHERE "oauth_access_tokens"."id" = $1';
variables = [ accessToken.id, new Date() ];
}
try {
await pgPool.query(query, variables);
} catch (err) {
req.log.error(err, 'Error updating Access Token usage tracking');
}
}
req.accessTokenId = accessToken.id;