Fixes #8 Store sender IP address

models/pasteContent.js

@@ -2,7 +2,7 @@
 const DatabaseModel = require("./DatabaseModel.js").DatabaseModel;
 const mCrypto = require('../src/crypto.js');
 
-function PasteContent(privId, type) {
+function PasteContent(privId, type, ipAddress) {
     this.created = new Date();
     this.apiKey = null;
     this.privId = privId;
@@ -10,6 +10,7 @@ function PasteContent(privId, type) {
     this.type = type;
     this.expire = this.created;
     this.expired = false;
+    this.ipAddress = ipAddress;
     this.data = null;
     this.renew();
 }
@@ -36,6 +37,7 @@ PasteContent.prototype.createOrUpdateBase = async function(dbHelper) {
         type string not null,
         expired boolean not null,
         apiKey string,
+        ipAddress string not null,
         data string
         )`);
 }
@@ -49,6 +51,7 @@ PasteContent.prototype.describe = function() {
         "type": this.type,
         "apiKey": this.apiKey,
         "expired": this.expired,
+        "ipAddress": this.ipAddress,
         "data": this.data
     };
 }
@@ -61,6 +64,7 @@ PasteContent.prototype.fromDb = function(dbObj) {
     this.apiKey = dbObj['apiKey'];
     this.type = dbObj['type'];
     this.expired = dbObj['expired'];
+    this.ipAddress = dbObj['ipAddress'];
     this.data = dbObj['data'];
 }
 

router/input.js

@@ -72,7 +72,7 @@ module.exports = { register: app => {
         const privId = mCrypto.string(content);
 
         if (req.body['g-recaptcha-response']) {
-            const captchaOk = await Security.captchaCheck(req.body['g-recaptcha-response'], req.headers['x-forwarded-for'] || req.socket.remoteAddress);
+            const captchaOk = await Security.captchaCheck(req.body['g-recaptcha-response'], Security.getRequestIp(req));
             if (!captchaOk)
                 return app.routerUtils.jsonResponse(res, { err: "Invalid captcha input", id: null });
         } else if (req.body['apiKey']) {
@@ -89,7 +89,7 @@ module.exports = { register: app => {
             entity.renew();
             await app.databaseHelper.update({privId: privId}, entity);
         } else {
-            entity = entity || new PasteContent(privId, "paste");
+            entity = entity || new PasteContent(privId, "paste", Security.getRequestIp(req));
             entity.expired = false;
             entity.apiKey = req.body['apiKey'] || null;
             entity.renew();
@@ -111,13 +111,13 @@ module.exports = { register: app => {
     app.router.post("/short", async (req, res) => {
         const link = "" + req.body.content;
         const privId = mCrypto.string(await app.databaseHelper.count(PasteContent) + link);
-        const captchaOk = await Security.captchaCheck(req.body['g-recaptcha-response'], req.headers['x-forwarded-for'] || req.socket.remoteAddress);
+        const captchaOk = await Security.captchaCheck(req.body['g-recaptcha-response'], Security.getRequestIp(req));
 
         if (!captchaOk)
             return app.routerUtils.jsonResponse(res, { err: "Invalid captcha input", id: null });
         if (!link || !link.length)
             return app.routerUtils.jsonResponse(res, { err: "Empty input", id: null });
-        entity = new PasteContent(privId, "short");
+        entity = new PasteContent(privId, "short", Security.getRequestIp(req));
         entity.data = link;
         await app.databaseHelper.insertOne(entity);
         app.routerUtils.jsonResponse(res, { err: null, id: entity.privId });
@@ -138,7 +138,7 @@ module.exports = { register: app => {
             return app.routerUtils.jsonResponse(res, { err: "Invalid captcha input", id: null });
         if (!formData.content?.fileData || !formData.content.fileData.length)
             return app.routerUtils.jsonResponse(res, { err: "Empty input", id: null });
-        const entity = new PasteContent(privId, "file");
+        const entity = new PasteContent(privId, "file", Security.getRequestIp(req));
         entity.data = JSON.stringify({ name: formData.content.fileName, type: formData.content.fileType });
         fs.writeFileSync(app.getData(privId), formData.content.fileData, {encoding: formData.content.fileType.indexOf('text') >= 0 ? 'utf8' : 'binary'});
         await app.databaseHelper.insertOne(entity);
@@ -153,7 +153,7 @@ module.exports = { register: app => {
     });
     app.router.post("/api", async (req, res) => {
         const ipAddress = req.headers['x-forwarded-for'] || req.socket.remoteAddress;
-        const captchaOk = await Security.captchaCheck(req.body['g-recaptcha-response'], ipAddress);
+        const captchaOk = await Security.captchaCheck(req.body['g-recaptcha-response'], Security.getRequestIp(req));
 
         if (!captchaOk)
             return app.routerUtils.jsonResponse(res, { err: "Invalid captcha input", id: null });

src/security.js

@@ -3,7 +3,9 @@ const request = require('request');
 
 const CONFIG = require('./config.js');
 
-module.exports.captchaCheck = function(captcha, remoteIp) {
+module.exports.getRequestIp = (req) => req.headers['x-forwarded-for'] || req.socket.remoteAddress;
+
+function captchaCheck(captcha, remoteIp) {
     return new Promise((ok, ko) => {
         request(`https://www.google.com/recaptcha/api/siteverify?secret=${CONFIG.reCaptchaSecret}&response=${captcha}&remoteip=${remoteIp}`,
         (err, response, body) => {
@@ -11,9 +13,15 @@ module.exports.captchaCheck = function(captcha, remoteIp) {
                 console.error("Security::captchaCheck", err);
                 ok(false);
             }
+            if (response.statusCode === 400 && remoteIp) {
+                captchaCheck(captcha).then(result => ok(result)).catch(e => ko(e));
+                return;
+            }
             try {
                 body = JSON.parse(body);
             } catch (e) {
+                console.error(remoteIp, body);
+                console.error(e);
                 return ko();
             }
             console.log(body);
@@ -22,5 +30,6 @@ module.exports.captchaCheck = function(captcha, remoteIp) {
             ok(false);
         });
     });
-}
+};
 
+module.exports.captchaCheck = captchaCheck;