From 9c57b4b37aefc6f0671a78fba7ff9253acf16c21 Mon Sep 17 00:00:00 2001 From: Joe Uhren Date: Wed, 20 Mar 2024 19:36:16 -0600 Subject: [PATCH] Claim address page security improvements -Removed the ability to claim an address that has 0 transactions -The "Claim" button is now disabled after submitting to help prevent double submissions --- lib/database.js | 65 +++++++++++++++++++++++------------------ views/claim_address.pug | 6 ++++ 2 files changed, 42 insertions(+), 29 deletions(-) diff --git a/lib/database.js b/lib/database.js index a6cd0519..1fbb848a 100644 --- a/lib/database.js +++ b/lib/database.js @@ -460,35 +460,42 @@ module.exports = { }, update_claim_name: function(hash, claim_name, cb) { - // check if the claim name is being removed - if (claim_name == null || claim_name == '') { - // remove the claim name - ClaimAddress.findOneAndDelete({a_id: hash}).then(() => { - // run processes after the claim name has been updated - after_update_claim_name(hash, claim_name, function() { - return cb(''); - }); - }).catch((err) => { - console.log(err); - return cb(err); - }); - } else { - // add or update the claim name - ClaimAddress.updateOne({a_id: hash}, { - a_id: hash, - claim_name: claim_name - }, { - upsert: true - }).then(() => { - // run processes after the claim name has been updated - after_update_claim_name(hash, claim_name, function() { - return cb(''); - }); - }).catch((err) => { - console.log(err); - return cb(err); - }); - } + // check if the address has received coins before by looking up the address in the local database + module.exports.get_address(hash, false, function(address) { + // check if the address was found in the local database + if (address) { + // check if the claim name is being removed + if (claim_name == null || claim_name == '') { + // remove the claim name + ClaimAddress.findOneAndDelete({a_id: hash}).then(() => { + // run processes after the claim name has been updated + after_update_claim_name(hash, claim_name, function() { + return cb(''); + }); + }).catch((err) => { + console.log(err); + return cb(err); + }); + } else { + // add or update the claim name + ClaimAddress.updateOne({a_id: hash}, { + a_id: hash, + claim_name: claim_name + }, { + upsert: true + }).then(() => { + // run processes after the claim name has been updated + after_update_claim_name(hash, claim_name, function() { + return cb(''); + }); + }).catch((err) => { + console.log(err); + return cb(err); + }); + } + } else + return cb('no_address'); + }); }, update_richlist_claim_name: function(hash, claim_name, cb) { diff --git a/views/claim_address.pug b/views/claim_address.pug index 74f234c4..f4728ddd 100644 --- a/views/claim_address.pug +++ b/views/claim_address.pug @@ -47,6 +47,8 @@ block content ) { showClaimAlert('warning', 'The captcha validation has not been set', false); } else { + $('button.btn-success').attr('disabled', true); + if ('#{selected_captcha_name}' == 'google_recaptcha2' && '#{settings.captcha.google_recaptcha2.captcha_type}' == 'invisible') { grecaptcha.execute(); } else if ('#{selected_captcha_name}' == 'google_recaptcha3') { @@ -117,6 +119,8 @@ block content // clear out the captcha to allow the form to be submitted again grecaptcha.reset(); } + + $('button.btn-success').attr('disabled', false); }); } function onSubmit(token) { @@ -124,6 +128,8 @@ block content // ensure the onSubmit event can fire again without needing to reload the page in the event that the server returns an error and the form must be submitted again grecaptcha.reset(); + + $('button.btn-success').attr('disabled', false); } .col-xs-12.col-md-12 if settings.claim_address_page.page_header.show_img == true || settings.claim_address_page.page_header.show_title == true || settings.claim_address_page.page_header.show_description == true