Created
August 13, 2019 14:51
-
-
Save zrosenbauer/03cf0c4f8e484d77bbfc7117bcc33ebf to your computer and use it in GitHub Desktop.
Credential Stuffing: Block Lists
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 'use strict'; | |
| const Redis = require('ioredis'); | |
| const redis = new Redis('cache:6379'); | |
| const blockList = [ | |
| '[email protected]' | |
| ]; | |
| const badEmailDomains = [ | |
| 'hacker.com' | |
| ]; | |
| const badEmailHandles = [ | |
| 'iamahacker' | |
| ]; | |
| const MINUTES_15 = 60 * 15; | |
| async function assertSafe ({ email, ipAddress }) { | |
| const [handle, domain] = email.split('@'); | |
| if (blockList.includes(email)) { | |
| throw new Error('ATOStopper: Blocked email'); | |
| } | |
| if (badEmailHandles.includes(handle)) { | |
| throw new Error('ATOStopper: Blocked email handle'); | |
| } | |
| if (badEmailDomains.includes(domain)) { | |
| throw new Error('ATOStopper: Blocked email domain'); | |
| } | |
| } | |
| module.exports = { | |
| assertSafe | |
| }; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment