public/mailtrain
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Require subscribers to have JavaScript turned on

Browse source
This commit is contained in:
Andris Reinman 2016-09-08 20:43:02 +03:00
parent 83ac907f24
commit e1ace459cf
5 changed files with 34 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

8
routes/subscription.js
View file

@ -216,10 +216,14 @@ router.post('/:cid/subscribe', passport.parseForm, passport.csrfProtection, (req
return res.redirect('/subscription/' + encodeURIComponent(req.params.cid) + '?' + tools.queryParams(req.body));
}
// Check if the subscriber seems legit. This is a really simple check, the only requirement is that
// the subsciber has JavaScript turned on and thats it. If Mailtrain gets more targeted then this
// simple check should be replaced with an actual captcha
let subTime = Number(req.body.sub) || 0;
let subTest = !!(subTime > Date.now() - 3600 * 1000 && subTime < Date.now() + 3600 * 1000);
// allow clock skew 24h in the past and 24h to the future
let subTimeTest = !!(subTime > Date.now() - 24 * 3600 * 1000 && subTime < Date.now() + 24 * 3600 * 1000);
let addressTest = !req.body.address;
let testsPass = subTest && addressTest;
let testsPass = subTimeTest && addressTest;
lists.getByCid(req.params.cid, (err, list) => {
if (!err && !list) {