gabehf/massflip
1
0
Fork 0
mirror of https://github.com/gabehf/massflip.git synced 2026-03-07 13:38:14 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

0.0.4 rate limiting, captcha, more better auth, bug fixes

Browse source
This commit is contained in:
gabe farrell 2022-06-27 23:15:45 -04:00
parent fdbf7217e9
commit a3e56fa753
19 changed files with 363 additions and 95 deletions
Download patch file Download diff file Expand all files Collapse all files

82
accounts.go
View file

@ -6,6 +6,8 @@ import (
"fmt"
"log"
"net/http"
"net/url"
"os"
"regexp"
"strings"
"time"
@ -13,11 +15,15 @@ import (
"github.com/google/uuid"
"go.mongodb.org/mongo-driver/bson"
"go.mongodb.org/mongo-driver/bson/primitive"
"go.mongodb.org/mongo-driver/mongo"
"go.mongodb.org/mongo-driver/mongo/options"
"go.mongodb.org/mongo-driver/mongo/readpref"
"golang.org/x/crypto/bcrypt"
)
// Note: I would love to embed a lot of these structs to avoid
// duplicate fields, but it breaks json.(Un)marshal and I dont want to deal with that
type Credentials struct {
Username string `json:"username" bson:"username"`
Password string `json:"password" bson:"password"`
@ -29,6 +35,13 @@ type Login struct {
RememberMe bool `json:"remember"`
}
type CreateAccount struct {
Username string `json:"username" bson:"username"`
Password string `json:"password" bson:"password"`
RememberMe bool `json:"remember"`
Token string `json:"token"`
}
type Session struct {
Session string `json:"session" bson:"session"`
}
@ -61,13 +74,55 @@ func createAccount(w http.ResponseWriter, r *http.Request) {
if err != nil {
DB = openDB()
}
userCollection := DB.Database("Users").Collection("Users")
var userCollection *mongo.Collection
if os.Getenv("ENVIRONMENT") == "production" {
userCollection = DB.Database("Users").Collection("Users")
} else {
userCollection = DB.Database("Development").Collection("Users")
}
// var v contains POST credentials
var v Login
var v CreateAccount
err = json.NewDecoder(r.Body).Decode(&v)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
log.Println("* Create Account Refused: Bad form data")
return
}
if err != nil || len(v.Password) < 8 || len(v.Password) > 255 || !UsernameRegex.MatchString(v.Username) {
var verify struct {
Secret string
Response string
}
verify.Secret = os.Getenv("CAPTCHA_SECRET")
verify.Response = v.Token
//url := "https://www.google.com/recaptcha/api/siteverify?secret=" + url.QueryEscape(verify.Secret) + "?response=" + url.QueryEscape(verify.Response)
u := "https://www.google.com/recaptcha/api/siteverify"
d := url.Values{"secret": []string{verify.Secret}, "response": []string{verify.Response}}
resp, err := http.PostForm(u, d)
var captchaResponse struct {
Success bool `json:"success"`
Time primitive.Timestamp `json:"challenge_ts"`
Hostname string `json:"hostname"`
Errors []string `json:"error-codes"`
}
json.NewDecoder(resp.Body).Decode(&captchaResponse)
if !captchaResponse.Success {
w.WriteHeader(http.StatusBadRequest)
log.Print("* Create Account Refused: Unsuccessful reCaptcha challenge\nErrors: ")
for _, e := range captchaResponse.Errors {
fmt.Print(e + " ")
}
fmt.Print("\n")
return
}
if len(v.Password) < 8 || len(v.Password) > 255 || !UsernameRegex.MatchString(v.Username) {
w.WriteHeader(http.StatusBadRequest)
fmt.Fprint(w, "{\"error\":\"there was a problem with your request. Please try again with different values\"}")
return
@ -148,7 +203,12 @@ func login(w http.ResponseWriter, r *http.Request) {
DB = openDB()
}
w.Header().Set("Content-Type", "application/json")
userCollection := DB.Database("Users").Collection("Users")
var userCollection *mongo.Collection
if os.Getenv("ENVIRONMENT") == "production" {
userCollection = DB.Database("Users").Collection("Users")
} else {
userCollection = DB.Database("Development").Collection("Users")
}
// decode POST into v struct
var v Login
@ -234,7 +294,12 @@ func loginBySession(w http.ResponseWriter, r *http.Request) {
if err != nil {
DB = openDB()
}
userCollection := DB.Database("Users").Collection("Users")
var userCollection *mongo.Collection
if os.Getenv("ENVIRONMENT") == "production" {
userCollection = DB.Database("Users").Collection("Users")
} else {
userCollection = DB.Database("Development").Collection("Users")
}
var id Session
var account ReturnedAccount
@ -263,7 +328,12 @@ func logout(w http.ResponseWriter, r *http.Request) {
if err != nil {
DB = openDB()
}
userCollection := DB.Database("Users").Collection("Users")
var userCollection *mongo.Collection
if os.Getenv("ENVIRONMENT") == "production" {
userCollection = DB.Database("Users").Collection("Users")
} else {
userCollection = DB.Database("Development").Collection("Users")
}
var v Credentials

9
chat.go
View file

@ -4,10 +4,12 @@ import (
"context"
"encoding/json"
"net/http"
"os"
"strings"
"go.mongodb.org/mongo-driver/bson"
"go.mongodb.org/mongo-driver/bson/primitive"
"go.mongodb.org/mongo-driver/mongo"
"go.mongodb.org/mongo-driver/mongo/options"
"go.mongodb.org/mongo-driver/mongo/readpref"
)
@ -23,7 +25,12 @@ func chatColor(w http.ResponseWriter, r *http.Request) {
if err != nil {
DB = openDB()
}
userCollection := DB.Database("Users").Collection("Users")
var userCollection *mongo.Collection
if os.Getenv("ENVIRONMENT") == "production" {
userCollection = DB.Database("Users").Collection("Users")
} else {
userCollection = DB.Database("Development").Collection("Users")
}
// decode PUT into v struct
var v ColorRequest

26
client.go
View file

@ -47,6 +47,14 @@ type Client struct {
send chan []byte
username string
auth bool
}
type Auth struct {
Type string `json:"type"`
Username string `json:"username"`
Key string `json:"key"`
}
// readPump pumps messages from the websocket connection to the hub.
@ -70,18 +78,28 @@ func (c *Client) readPump() {
}
break
}
var v WsBetMessage
var v Auth
err = json.Unmarshal(message, &v)
if err == nil {
if v.Type == "bind" {
// check for authorization messages
if v.Type == "auth" {
// bind the WS client to the username (useful)
c.username = strings.ToLower(v.Username)
// if auth key matches session, they are authorized to bet/chat etc
if DBGetUserByUsername(c.username).Session == v.Key {
c.auth = true
}
// if the user has bet (and then reloaded the page) send them their state
if c.hub.allUsers[c.username] != "" {
c.send <- []byte("{\"type\":\"hasbet\",\"value\":true,\"bet\":\"" + c.hub.allUsers[c.username] + "\"}")
c.send <- []byte("{\"type\":\"state\",\"value\":true,\"bet\":\"" + c.hub.allUsers[c.username] + "\"}")
}
continue
}
}
c.hub.broadcast <- message
// only authorized clients are allowed to push to the Hub
if c.auth {
c.hub.broadcast <- message
}
}
}

3
clock.go
View file

@ -24,8 +24,7 @@ func (h *Hub) runGameClock() {
msg = "{\"type\":\"flip\",\"value\":\"tails\"}"
}
h.broadcast <- []byte(msg)
time.Sleep(4 * time.Second)
time.Sleep(5 * time.Second)
h.broadcastPoolUpdate()
time.Sleep(1 * time.Second)
}
}

34
db.go
View file

@ -7,7 +7,6 @@ import (
"os"
"time"
"github.com/joho/godotenv"
"go.mongodb.org/mongo-driver/bson"
"go.mongodb.org/mongo-driver/bson/primitive"
"go.mongodb.org/mongo-driver/mongo"
@ -15,26 +14,21 @@ import (
"go.mongodb.org/mongo-driver/mongo/readpref"
)
var DB = openDB()
var DB *mongo.Client
func openDB() *mongo.Client {
err := godotenv.Load()
if err != nil {
log.Fatal("Unable to load database. Shutting down...")
}
dbUsername := os.Getenv("DB_USERNAME")
dbPassword := os.Getenv("DB_PASSWORD")
serverAPIOptions := options.ServerAPI(options.ServerAPIVersion1)
clientOptions := options.Client().
ApplyURI("mongodb+srv://" + dbUsername + ":" + dbPassword + "@cluster0.tqrat.mongodb.net/myFirstDatabase?retryWrites=true&w=majority").
ApplyURI("mongodb+srv://" + dbUsername + ":" + dbPassword + "@cluster0.tqrat.mongodb.net/?retryWrites=true&w=majority").
SetServerAPIOptions(serverAPIOptions)
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
defer cancel()
client, err := mongo.Connect(ctx, clientOptions)
err = client.Ping(ctx, readpref.Primary())
if err != nil {
log.Fatal("DB Error: " + err.Error())
log.Fatal(err)
}
return client
}
@ -44,7 +38,13 @@ func DBSubtractPoints(user string, p int) error {
if err != nil {
DB = openDB()
}
userCollection := DB.Database("Users").Collection("Users")
var userCollection *mongo.Collection
if os.Getenv("ENVIRONMENT") == "production" {
userCollection = DB.Database("Users").Collection("Users")
} else {
userCollection = DB.Database("Development").Collection("Users")
}
var v ExistingAccount
err = userCollection.FindOne(context.Background(), bson.D{primitive.E{Key: "username", Value: user}}).Decode(&v)
@ -67,7 +67,12 @@ func DBAddPoints(user string, p int) error {
if err != nil {
DB = openDB()
}
userCollection := DB.Database("Users").Collection("Users")
var userCollection *mongo.Collection
if os.Getenv("ENVIRONMENT") == "production" {
userCollection = DB.Database("Users").Collection("Users")
} else {
userCollection = DB.Database("Development").Collection("Users")
}
var v ExistingAccount
err = userCollection.FindOne(context.Background(), bson.D{primitive.E{Key: "username", Value: user}}).Decode(&v)
@ -92,7 +97,12 @@ func DBGetUserByUsername(user string) ExistingAccount {
if err != nil {
DB = openDB()
}
userCollection := DB.Database("Users").Collection("Users")
var userCollection *mongo.Collection
if os.Getenv("ENVIRONMENT") == "production" {
userCollection = DB.Database("Users").Collection("Users")
} else {
userCollection = DB.Database("Development").Collection("Users")
}
var v ExistingAccount
err = userCollection.FindOne(context.Background(), bson.D{primitive.E{Key: "username", Value: user}}).Decode(&v)

36
frontend/package-lock.json generated
View file

@ -1,18 +1,19 @@
{
"name": "massflip",
"version": "0.0.3",
"version": "0.0.4",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "massflip",
"version": "0.0.3",
"version": "0.0.4",
"dependencies": {
"core-js": "^3.8.3",
"dotenv": "^16.0.1",
"pinia": "^2.0.0-rc.10",
"vue": "^3.2.13",
"vue-gtag": "^2.0.1"
"vue-gtag": "^2.0.1",
"vue-recaptcha-v3": "^2.0.1"
},
"devDependencies": {
"@babel/core": "^7.12.16",
@ -9264,6 +9265,11 @@
"node": ">=8.10.0"
}
},
"node_modules/recaptcha-v3": {
"version": "1.10.0",
"resolved": "https://registry.npmjs.org/recaptcha-v3/-/recaptcha-v3-1.10.0.tgz",
"integrity": "sha512-aGTxYSk3FFNKnXeKDbLpgRDRyIHRZNBF5HyaXXAN1Aj4TSyyZvmoAn9CylvpqLV3pYpIQavwc+2rzhNFn5SsLQ=="
},
"node_modules/regenerate": {
"version": "1.4.2",
"resolved": "https://registry.npmjs.org/regenerate/-/regenerate-1.4.2.tgz",
@ -10788,6 +10794,17 @@
"node": ">=8"
}
},
"node_modules/vue-recaptcha-v3": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/vue-recaptcha-v3/-/vue-recaptcha-v3-2.0.1.tgz",
"integrity": "sha512-isEDtOfHU4wWRrZZuxciAELtQmPOeEEdicPNa0f1AOyLPy3sCcBEcpFt+FOcO3RQv5unJ3Yn5NlsWtXv9rXqjg==",
"dependencies": {
"recaptcha-v3": "^1.8.0"
},
"peerDependencies": {
"vue": "^3.0.11"
}
},
"node_modules/vue-style-loader": {
"version": "4.1.3",
"resolved": "https://registry.npmjs.org/vue-style-loader/-/vue-style-loader-4.1.3.tgz",
@ -18387,6 +18404,11 @@
"picomatch": "^2.2.1"
}
},
"recaptcha-v3": {
"version": "1.10.0",
"resolved": "https://registry.npmjs.org/recaptcha-v3/-/recaptcha-v3-1.10.0.tgz",
"integrity": "sha512-aGTxYSk3FFNKnXeKDbLpgRDRyIHRZNBF5HyaXXAN1Aj4TSyyZvmoAn9CylvpqLV3pYpIQavwc+2rzhNFn5SsLQ=="
},
"regenerate": {
"version": "1.4.2",
"resolved": "https://registry.npmjs.org/regenerate/-/regenerate-1.4.2.tgz",
@ -19558,6 +19580,14 @@
}
}
},
"vue-recaptcha-v3": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/vue-recaptcha-v3/-/vue-recaptcha-v3-2.0.1.tgz",
"integrity": "sha512-isEDtOfHU4wWRrZZuxciAELtQmPOeEEdicPNa0f1AOyLPy3sCcBEcpFt+FOcO3RQv5unJ3Yn5NlsWtXv9rXqjg==",
"requires": {
"recaptcha-v3": "^1.8.0"
}
},
"vue-style-loader": {
"version": "4.1.3",
"resolved": "https://registry.npmjs.org/vue-style-loader/-/vue-style-loader-4.1.3.tgz",

5
frontend/package.json
View file

@ -1,6 +1,6 @@
{
"name": "massflip",
"version": "0.0.2",
"version": "0.0.4",
"private": true,
"scripts": {
"serve": "vue-cli-service serve",
@ -12,7 +12,8 @@
"dotenv": "^16.0.1",
"pinia": "^2.0.0-rc.10",
"vue": "^3.2.13",
"vue-gtag": "^2.0.1"
"vue-gtag": "^2.0.1",
"vue-recaptcha-v3": "^2.0.1"
},
"devDependencies": {
"@babel/core": "^7.12.16",

12
frontend/src/App.vue
View file

@ -28,7 +28,7 @@ onMounted(() => {
let id = jar["session"]
// handle logged in user
let req = new XMLHttpRequest
req.open("POST", "/api/login/bysession")
req.open('POST', '/api/login/bysession')
req.send(JSON.stringify({
session: id
}))
@ -36,14 +36,16 @@ onMounted(() => {
if (req.readyState == XMLHttpRequest.DONE) {
let usr = JSON.parse(req.responseText)
if ("error" in usr) {
document.cookie = "session=; Max-Age=-99999999"
console.log(usr["error"])
document.cookie = 'session=; Max-Age=-99999999'
console.log(usr['error'])
return
}
userStore().updateUser(usr)
let jar = cookiesToObj(cookieStr)
let msg = JSON.stringify({
type: "bind",
username: usr.username
type: "auth",
username: usr.username,
key: jar['session']
})
WSSend(msg)
}

46
frontend/src/components/BetBox.vue
View file

@ -69,6 +69,7 @@ onMounted(() => {
if (isNaN(hP)) {
headsPercent.value = 0
headsStyle['--p'] = 50
} else {
headsPercent.value = hP
headsStyle['--p'] = headsPercent.value
@ -83,26 +84,30 @@ onMounted(() => {
tailsPool.value = wsMsg.tailspool
}
WS.addEventListener("message", function (evt) {
let wsMsg = JSON.parse(evt.data)
if (wsMsg.type == "pool") {
updatePool(wsMsg)
} else if (wsMsg.type == "win") {
userStore().addPoints(wsMsg.value)
} else if (wsMsg.type == "tick") {
let time = wsMsg.clock
let timeString = (Math.floor(time/60)).toString() + ":" + ((time%60)>9?"":"0") + (time%60).toString() + "s"
clock.value = timeString
until.value = 'until next flip'
updatePool(wsMsg)
} else if (wsMsg.type == "flip") {
clock.value = wsMsg.value
until.value = ''
userStore().setBet("")
} else if (wsMsg.type == "hasbet") {
if (wsMsg.value == true) {
userStore().bet = wsMsg.bet
let MSGs = evt.data.split('\n')
MSGs.forEach((i) => {
let wsMsg = JSON.parse(i)
if (wsMsg.type == "pool") {
updatePool(wsMsg)
} else if (wsMsg.type == "win") {
userStore().addPoints(wsMsg.value)
} else if (wsMsg.type == "tick") {
let time = wsMsg.clock
let timeString = (Math.floor(time/60)).toString() + ":" + ((time%60)>9?"":"0") + (time%60).toString() + "s"
clock.value = timeString
until.value = 'until next flip'
updatePool(wsMsg)
} else if (wsMsg.type == "flip") {
clock.value = wsMsg.value
until.value = ''
userStore().setBet("")
} else if (wsMsg.type == "state") {
if (wsMsg.value == true) {
userStore().bet = wsMsg.bet
}
}
}
})
})
})
@ -192,6 +197,9 @@ onMounted(() => {
background:var(--c);
transform:rotate(calc(var(--p)*3.6deg - 90deg)) translate(calc(var(--w)/2 - 50%));
}
@-moz-keyframes p{
from{--p:0}
}
@keyframes p{
from{--p:0}
}

6
frontend/src/components/BetInput.vue
View file

@ -22,10 +22,14 @@ function submitBet(HorT){
if (userStore().bet != '') {
return
}
if (bet.value <= 0) {
if (bet.value <= 0 || isNaN(bet.value)) {
hasError.value = true
error.value = "Error: bet must be greater than 0"
return
} else if (bet.value % 1 != 0) {
hasError.value = true
error.value = "Error: bet must be a whole number"
return
}
if (userStore().points - bet.value < 0) {
hasError.value = true

48
frontend/src/components/ChatBox.vue
View file

@ -31,10 +31,11 @@ const ChatColors = {
green: "limegreen",
yellow: "gold",
cyan: "cyan",
red: "firebrick",
red: "crimson",
pink: "fuchsia",
violet: "violet",
orange: "orange",
blue: "cornflowerblue"
}
const _CHAT_MAX_HISTORY = 75;
@ -49,28 +50,31 @@ onMounted(() => {
}
}
WS.addEventListener("message", function (evt) {
let wsMsg = JSON.parse(evt.data)
if (wsMsg.type == "chat") {
chatQueue.enqueue(wsMsg)
if (chatQueue.length >= _CHAT_MAX_HISTORY) {
chatQueue.dequeue()
let MSGs = evt.data.split('\n')
MSGs.forEach((i) => {
let wsMsg = JSON.parse(i)
if (wsMsg.type == "chat") {
chatQueue.enqueue(wsMsg)
if (chatQueue.length >= _CHAT_MAX_HISTORY) {
chatQueue.dequeue()
}
log.innerHTML = ""
for (let message of Object.values(chatQueue.elements)) {
var item = document.createElement("div")
let fromUser = document.createElement("span")
fromUser.style = `color: ${message.color};`
fromUser.innerText = message.username
item.appendChild(fromUser)
let chatScore = document.createElement("span")
chatScore.innerText = `(${message.points})`
chatScore.style = `color: ${message.color};font-family: 'Helvetica';font-size: 12px;`
item.appendChild(chatScore)
let chatMsg = document.createTextNode(`: ${message.message}`)
item.appendChild(chatMsg)
appendLog(item)
}
}
log.innerHTML = ""
for (let message of Object.values(chatQueue.elements)) {
var item = document.createElement("div")
let fromUser = document.createElement("span")
fromUser.style = `color: ${message.color};`
fromUser.innerText = message.username
item.appendChild(fromUser)
let chatScore = document.createElement("span")
chatScore.innerText = `(${message.points})`
chatScore.style = `color: ${message.color};font-family: 'Helvetica';font-size: 12px;`
item.appendChild(chatScore)
let chatMsg = document.createTextNode(`: ${message.message}`)
item.appendChild(chatMsg)
appendLog(item)
}
}
})
})
})

20
frontend/src/components/LoginForm.vue
View file

@ -16,8 +16,9 @@
</div>
<div id="noAcc" @click="toggleCreate">Don't have an account?</div>
</div>
<button class="submit" v-show="!tCreate" @click="login">Login</button>
<button class="submit" v-show="tCreate" @click="createAccount">Create</button>
<button class="submit" v-if="!tCreate" @click="login">Login</button>
<button class="submit" v-if="tCreate" @click="createAccount">Create</button>
</form>
<p id="serverResponse"> {{ serverResponse }}</p>
</div>
@ -26,6 +27,8 @@
<script setup>
import { defineEmits, ref, reactive } from 'vue'
import { useReCaptcha } from 'vue-recaptcha-v3'
const { executeRecaptcha, recaptchaLoaded } = useReCaptcha()
defineEmits(['display'])
const form = reactive({
username: '',
@ -39,6 +42,11 @@ const pHasError = ref(false)
const serverResponse = ref('')
function toggleCreate() {
tCreate.value = !tCreate.value
if (tCreate.value) {
document.getElementById("noAcc").innerText = "Already have an account?"
} else {
document.getElementById("noAcc").innerText = "Don't have an account?"
}
}
function loginFieldsReady() {
let ret = true
@ -73,13 +81,17 @@ async function createAccount(e) {
serverResponse.value = "passwords do not match"
return
}
serverResponse.value = ""
await recaptchaLoaded()
const token = await executeRecaptcha('login')
let req = new XMLHttpRequest()
req.open("POST", "/api/createaccount")
req.withCredentials = true
req.send(JSON.stringify({
username: form.username,
password: form.password,
remember: form.remember
remember: form.remember,
token: token
}))
req.onreadystatechange = () => {
if (req.readyState == XMLHttpRequest.DONE) {
@ -104,7 +116,7 @@ function login(e) {
req.send(JSON.stringify({
username: form.username,
password: form.password,
remember: form.remember
remember: form.remember,
}))
req.onreadystatechange = () => {
if (req.readyState == XMLHttpRequest.DONE) {

2
frontend/src/components/PageFooter.vue
View file

@ -1,5 +1,5 @@
<template>
<p>Massflip v0.0.3 - Copyright 2022 MNRVA</p>
<p>Massflip v0.0.4 - Copyright 2022 MNRVA</p>
</template>
<script setup>

6
frontend/src/main.js
View file

@ -2,10 +2,11 @@ import { createApp } from 'vue'
import { createPinia } from 'pinia'
import App from './App.vue'
import VueGtag from "vue-gtag";
import { VueReCaptcha } from 'vue-recaptcha-v3';
// switch these in production
export const WS = new WebSocket("wss://" + "massflip.mnrva.dev" + "/ws")
//export const WS = new WebSocket("ws://" + "127.0.0.1:8000" + "/ws")
//export const WS = new WebSocket("ws://" + "localhost:8000" + "/ws")
WS.onclose = function() {
alert("WebSocket connection closed.")
@ -65,5 +66,8 @@ const pinia = createPinia()
var app = createApp(App)
app.use(pinia)
app.use(VueGtag, {config: { id: "G-C3WQH98SZB" }})
app.use(VueReCaptcha, { siteKey: '6LeDtKUgAAAAAH0OVNYPyxE8-k9EtjeSDW5jamle' }) // prod
//app.use(VueReCaptcha, { siteKey: '6LfD6qUgAAAAAHCKSiEW1fuyuCJiZrAPya26Ro8Z' }) // dev
app.mount('#app')

4
frontend/vue.config.js
View file

@ -6,11 +6,11 @@ module.exports = defineConfig({
module.exports = {
devServer: {
host: "localhost",
port: 8000,
proxy: {
"/": {
target: "http://localhost:8000",
secure: false,
ws: true
secure: false
}
}
}

12
go.mod
View file

@ -6,20 +6,24 @@ require github.com/go-chi/chi/v5 v5.0.7 // direct
require github.com/gorilla/websocket v1.5.0 // direct
require (
github.com/google/uuid v1.3.0
github.com/joho/godotenv v1.4.0
go.mongodb.org/mongo-driver v1.8.4
golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f
golang.org/x/time v0.0.0-20220609170525-579cf78fd858
)
require (
github.com/go-chi/cors v1.2.0 // indirect
github.com/go-stack/stack v1.8.0 // indirect
github.com/golang/snappy v0.0.1 // indirect
github.com/google/uuid v1.3.0 // indirect
github.com/joho/godotenv v1.4.0 // indirect
github.com/klauspost/compress v1.13.6 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/xdg-go/pbkdf2 v1.0.0 // indirect
github.com/xdg-go/scram v1.0.2 // indirect
github.com/xdg-go/stringprep v1.0.2 // indirect
github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d // indirect
go.mongodb.org/mongo-driver v1.8.4 // indirect
golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f // indirect
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e // indirect
golang.org/x/text v0.3.5 // indirect
)

2
go.sum
View file

@ -51,6 +51,8 @@ golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXR
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.5 h1:i6eZZ+zk0SOf0xgBpEpPD18qWcJda6q1sxt3S0kzyUQ=
golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/time v0.0.0-20220609170525-579cf78fd858 h1:Dpdu/EMxGMFgq0CeYMh4fazTD2vtlZRYE7wyynxJb9U=
golang.org/x/time v0.0.0-20220609170525-579cf78fd858/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190531172133-b3315ee88b7d/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

80
limits.go Normal file
View file

@ -0,0 +1,80 @@
package main
import (
"net"
"net/http"
"sync"
"golang.org/x/time/rate"
)
// IP limiter code taken from
// https://medium.com/@pliutau/rate-limiting-http-requests-in-go-based-on-ip-address-4e66d1bea4cf
var limiter = NewIPRateLimiter(1, 10)
// IPRateLimiter
type IPRateLimiter struct {
ips map[string]*rate.Limiter
mu *sync.RWMutex
r rate.Limit
b int
}
// NewIPRateLimiter
func NewIPRateLimiter(r rate.Limit, b int) *IPRateLimiter {
i := &IPRateLimiter{
ips: make(map[string]*rate.Limiter),
mu: &sync.RWMutex{},
r: r,
b: b,
}
return i
}
// AddIP creates a new rate limiter and adds it to the ips map,
// using the IP address as the key
func (i *IPRateLimiter) AddIP(ip string) *rate.Limiter {
i.mu.Lock()
defer i.mu.Unlock()
limiter := rate.NewLimiter(i.r, i.b)
i.ips[ip] = limiter
return limiter
}
// GetLimiter returns the rate limiter for the provided IP address if it exists.
// Otherwise calls AddIP to add IP address to the map
func (i *IPRateLimiter) GetLimiter(ip string) *rate.Limiter {
i.mu.Lock()
limiter, exists := i.ips[ip]
if !exists {
i.mu.Unlock()
return i.AddIP(ip)
}
i.mu.Unlock()
return limiter
}
func limitMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
ip, _, err := net.SplitHostPort(r.RemoteAddr)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
return
}
limiter := limiter.GetLimiter(ip)
if !limiter.Allow() {
http.Error(w, http.StatusText(http.StatusTooManyRequests), http.StatusTooManyRequests)
return
}
next.ServeHTTP(w, r)
})
}

25
main.go
View file

@ -7,16 +7,27 @@ import (
"net/http"
"github.com/go-chi/chi/v5"
"github.com/joho/godotenv"
)
/*
* TODO:
Later:
- user pages
- figure out an actual goal for the game
*
0.0.4
- added rate limiting
- added captcha for account creation
- added WebSocket authentication
- fixed BetInput bugs (NaN, decimals)
- seperated development and production environment
- frontend bug fixes
*/
func init() {
err := godotenv.Load()
if err != nil {
fmt.Println("* No .env file found")
}
DB = openDB()
}
func main() {
// prepare router
@ -30,6 +41,8 @@ func main() {
// disconnect to DB on application exit
defer DB.Disconnect(context.Background())
// rate limiting middleware
r.Use(limitMiddleware)
// handlers
r.Handle("/*", http.FileServer(http.Dir("./frontend/dist")))
r.Get("/ws", func(w http.ResponseWriter, r *http.Request) {
@ -42,6 +55,6 @@ func main() {
r.Put("/api/chatcolor", chatColor)
// run server
fmt.Println("* Listening on localhost:8000")
log.Println("* Listening on localhost:8000")
log.Fatal(http.ListenAndServe(":8000", r))
}