Add abuse detection for demos using sockets

Author: keitharm

sockets.js

@@ -9,6 +9,54 @@ const Generators = app.get('Generators');
 const Snippet = require('./models/Snippet');
 const Version = require('./models/Version');
 
+const abuseLimit = 20;
+let abuseCache   = {};
+let timeout      = {};
+
+function checkAbuse(id) {
+  // abuse is considered <abuseLimit> requests per second from same socket
+  // Block further requests until until 5 seconds have passed without another barrage
+
+  if (!(id in abuseCache)) {
+    abuseCache[id] = {
+      firstAccess: new Date().getTime(),
+      lastAccess:  new Date().getTime(),
+      total: 1
+    };
+
+  // Update current stats
+  } else {
+    abuseCache[id].lastAccess = new Date().getTime();
+    abuseCache[id].total++;
+  }
+
+  // Check for abuse
+  if (abuseCache[id] && abuseCache[id].total > abuseLimit && abuseCache[id].lastAccess - abuseCache[id].firstAccess < 1000) {
+    timeout[id] = new Date().getTime(); // time they were placed into time out
+    return true;
+  }
+
+  if (id in timeout) {
+    return true;
+  }
+  return false;
+}
+
+function checkTimeout() {
+  _.each(timeout, (a, b) => {
+    if (new Date().getTime() - a > 1000) {
+      delete timeout[b];
+    }
+  });
+}
+
+// Reset abuse cache every second
+setInterval(() => {
+  abuseCache = {};
+}, 1000);
+
+setInterval(checkTimeout, 2500);
+
 // Attach the user's session to the socket object
 // If user isn't logged in, set session to null for front page demo
 io.use((socket, next) => {
@@ -27,8 +75,11 @@ io.use((socket, next) => {
 });
 
 io.on('connection', socket => {
+
   // Search
   socket.on('search', msg => {
+    if (checkAbuse(socket.id)) return socket.emit('abuse');
+
     let tags = _.uniq(msg.query.slice(0, 255).split(',').map(tag => tag.trim()).filter(tag => tag !== "")).filter(tag => tag.match(/^([a-zA-Z0-9 _\-\.+\[\]\{\}\(\)]{1,32})$/g) !== null);
     Snippet.search(tags).then(data => {
       let obj = data.reduce(function(o, v, i) {
@@ -41,11 +92,27 @@ io.on('connection', socket => {
 
   // Snippet info
   socket.on('snippet', msg => {
-    Version.getCond({snippetID: msg.id}).then(snippet => socket.emit('snippetResults', snippet));
+    if (checkAbuse(socket.id)) return socket.emit('abuse');
+
+    Version.getCond({snippetID: msg.id}).then(snippet => {
+      Snippet.getCond({['s.id']: snippet.snippetID}).then(orig => {
+        if (snippet === null) {
+          socket.emit('snippetResults', null);
+        } else if (snippet.published === 0) {
+          Version.getVersion(orig.ref, snippet.version-1).then(ver => {
+            socket.emit('snippetResults', ver)
+          });
+        } else {
+          socket.emit('snippetResults', snippet)
+        }
+      });
+    });
   });
 
   // Generators
   socket.on('lintCode', msg => {
+    if (checkAbuse(socket.id)) return socket.emit('abuse');
+
     msg.code = String(msg.code).slice(0, 8192);
     let shortest = Math.floor(Math.random() * Generators.realtime.length);
     for (let i = 0; i < Generators.realtime.length; i++) {
@@ -68,6 +135,8 @@ io.on('connection', socket => {
   });
 
   socket.on('lintDemoCode', msg => {
+    if (checkAbuse(socket.id)) return socket.emit('abuse');
+
     msg.code = String(msg.code).slice(0, 8192);
     let shortest = Math.floor(Math.random() * Generators.demo.length);
     for (let i = 0; i < Generators.demo.length; i++) {
@@ -90,6 +159,8 @@ io.on('connection', socket => {
   });
 
   socket.on('lintSnippetCode', msg => {
+    if (checkAbuse(socket.id)) return socket.emit('abuse');
+
     msg.code = String(msg.code).slice(0, 8192);
     let shortest = Math.floor(Math.random() * Generators.realtime.length);
     for (let i = 0; i < Generators.realtime.length; i++) {

src/js/demoEditor.js

@@ -1,15 +1,15 @@
 socket = io($('server').html());
 
-let editor = ace.edit("aceEditor");
+let typingTimer, lastAbuse;
+let editor   = ace.edit("aceEditor");
+let codeArea = $(editor.textInput.getElement());
+
 editor.setTheme("ace/theme/twilight");
 editor.session.setMode("ace/mode/javascript");
 editor.setValue(editor.getValue(), 1);
 editor.focus();
-
 lintCode();
 
-let typingTimer;
-let codeArea = $(editor.textInput.getElement());
 codeArea.keyup(() => {
   clearTimeout(typingTimer);
   typingTimer = setTimeout(lintCode, 250);
@@ -27,6 +27,23 @@ socket.on('codeLinted', msg => {
   }
 });
 
+socket.on('abuse', msg => {
+  if (new Date().getTime() - lastAbuse < 1000) return;
+  lastAbuse = new Date().getTime();
+  noty({
+    text: "An error has occurred, please try again later.",
+    layout: 'top',
+    type: 'error',
+    theme: 'relax',
+    timeout: 2500,
+    closeWith: ['click'],
+    animation: {
+      open: 'animated flipInX',
+      close: 'animated flipOutX'
+    }
+  });
+});
+
 function lintCode() {
   socket.emit('lintDemoCode', {code: String(editor.getValue()).slice(0, 8192), ref: null});
 };

src/js/realtimeEditor.js

@@ -1,23 +1,23 @@
 socket = io($('server').html());
 ref = $('ref').html();
 
+let typingTimer, lastAbuse;
 let editor = ace.edit("aceEditor");
+let codeArea = $(editor.textInput.getElement());
+
 editor.setTheme("ace/theme/twilight");
 editor.session.setMode("ace/mode/javascript");
 editor.setValue(editor.getValue(), 1);
 editor.focus();
+updateCharCount();
+lintCode();
 
 $("#submit").click(() => {
   $.post('', {rename: $("#limitsInput").val(), code: editor.getValue()}, url => {
     window.location.replace(url);
   });
 });
 
-updateCharCount();
-lintCode();
-
-let typingTimer;
-let codeArea = $(editor.textInput.getElement());
 codeArea.keyup(() => {
   clearTimeout(typingTimer);
   typingTimer = setTimeout(lintCode, 250);
@@ -37,6 +37,23 @@ socket.on('codeLinted', msg => {
   }
 });
 
+socket.on('abuse', msg => {
+  if (new Date().getTime() - lastAbuse < 1000) return;
+  lastAbuse = new Date().getTime();
+  noty({
+    text: "An error has occurred, please try again later.",
+    layout: 'top',
+    type: 'error',
+    theme: 'relax',
+    timeout: 2500,
+    closeWith: ['click'],
+    animation: {
+      open: 'animated flipInX',
+      close: 'animated flipOutX'
+    }
+  });
+});
+
 function lintCode() {
   socket.emit('lintCode', {code: String(editor.getValue()).slice(0, 8192), ref});
 };

src/js/realtimeSnippetEditor.js

@@ -2,11 +2,17 @@ let socket = io($('server').html());
 let ref    = $('ref').html();
 let readonly = $('readonly').html();
 
+let typingTimer, lastAbuse;
 let editor = ace.edit("aceEditor");
+let codeArea = $(editor.textInput.getElement());
+
 editor.setTheme("ace/theme/twilight");
 editor.session.setMode("ace/mode/javascript");
 editor.setValue(editor.getValue(), 1);
 editor.focus();
+updateCharCount();
+lintCode();
+
 if (readonly == "true") {
   editor.setReadOnly(true);
 }
@@ -17,12 +23,6 @@ $("#submit").click(() => {
   });
 });
 
-updateCharCount();
-lintCode();
-
-let typingTimer;
-let codeArea = $(editor.textInput.getElement());
-
 codeArea.keyup(() => {
   clearTimeout(typingTimer);
   typingTimer = setTimeout(lintCode, 250);
@@ -42,6 +42,23 @@ socket.on('codeLinted', msg => {
   }
 });
 
+socket.on('abuse', msg => {
+  if (new Date().getTime() - lastAbuse < 1000) return;
+  lastAbuse = new Date().getTime();
+  noty({
+    text: "An error has occurred, please try again later.",
+    layout: 'top',
+    type: 'error',
+    theme: 'relax',
+    timeout: 2500,
+    closeWith: ['click'],
+    animation: {
+      open: 'animated flipInX',
+      close: 'animated flipOutX'
+    }
+  });
+});
+
 function lintCode() {
   socket.emit('lintSnippetCode', {code: String(editor.getValue()).slice(0, 8192), ref});
 };

src/js/search.js

@@ -46,8 +46,14 @@ $(() => {
   socket.on('snippetResults', msg => {
     $('#snippetInfo').empty();
 
-    let revisions = "<select name='revision'>";
-    for (let i = msg.version; i >= 1; i--) {
+    let revisions = "<select name='revision'>",
+        sub = 0;
+
+    if (msg.published === 0) {
+      sub = 1;
+    }
+
+    for (let i = msg.version-sub; i >= 1; i--) {
       revisions += `<option value='${i}'>${i}</option>`;
     }
     revisions += "</select>";
@@ -56,20 +62,20 @@ $(() => {
       Choose a revision:
       ${revisions}
       <p>Owner: ${snippets[msg.snippetID].user}<br>
-      Total revisions: ${msg.version}<br>
+      Total revisions: ${msg.version-sub}<br>
       Tags: ${snippets[msg.snippetID].tags.join(", ")}
       </p>
       <div id="revisionInfo">
         <p>
         Created: <span id="created" class="date" data-date="${snippets[msg.snippetID].created}"></span><br>
         Modified: <span id="modified" class="date" data-date="${snippets[msg.snippetID].modified}"></span><br>
         </p>
+        Usage
+        <pre><code id='usage' class="javascript">const mySnippet = require('${snippets[msg.snippetID].user}/${snippets[msg.snippetID].name}/${msg.version}');</code></pre>
         Snippet Description<br>
         <textarea id='snippetDescription' rows='5' readonly>${snippets[msg.snippetID].description}</textarea>
         Revision Description<br>
         <textarea id='revisionDescription' rows='5' readonly></textarea>
-        Usage
-        <pre><code id='usage' class="javascript">const mySnippet = require('${snippets[msg.snippetID].user}/${snippets[msg.snippetID].name}/${msg.version}');</code></pre>
       </div>
     `);
 
@@ -86,7 +92,6 @@ $(() => {
 function updateRevision() {
   let self = $("select[name='revision']");
   $.when($.ajax(`ajax/snippetLookup/${snippets[selected].ref}/${self.val()}`)).then(function(data) {
-    console.log(data);
     $('#created').data('date', data.created);
     $('#modified').data('date', data.modified);
     $('#revisionDescription').val(data.description);