♻️ Hash approved subnets

staart · Oct 30, 2020 · fe97396 · fe97396
1 parent 9f2898c
commit fe97396
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 6 deletions.
diff --git a/src/modules/approved-subnets/approved-subnets.module.ts b/src/modules/approved-subnets/approved-subnets.module.ts
@@ -1,10 +1,11 @@
 import { Module } from '@nestjs/common';
+import { ConfigModule } from '@nestjs/config';
 import { PrismaModule } from '../prisma/prisma.module';
 import { ApprovedSubnetController } from './approved-subnets.controller';
 import { ApprovedSubnetsService } from './approved-subnets.service';
 
 @Module({
-  imports: [PrismaModule],
+  imports: [PrismaModule, ConfigModule],
   controllers: [ApprovedSubnetController],
   providers: [ApprovedSubnetsService],
 })

diff --git a/src/modules/approved-subnets/approved-subnets.service.ts b/src/modules/approved-subnets/approved-subnets.service.ts
@@ -13,10 +13,16 @@ import {
 import { Expose } from 'src/modules/prisma/prisma.interface';
 import { PrismaService } from '../prisma/prisma.service';
 import anonymize from 'ip-anonymize';
+import { hash } from 'bcrypt';
+import { ConfigService } from '@nestjs/config';
 
 @Injectable()
 export class ApprovedSubnetsService {
-  constructor(private prisma: PrismaService) {}
+  constructor(
+    private prisma: PrismaService,
+    private configService: ConfigService,
+  ) {}
+
   async getApprovedSubnets(
     userId: number,
     params: {
@@ -72,7 +78,10 @@ export class ApprovedSubnetsService {
   }
 
   async approveNewSubnet(userId: number, ipAddress: string) {
-    const subnet = anonymize(ipAddress);
+    const subnet = await hash(
+      anonymize(ipAddress),
+      this.configService.get<number>('security.saltRounds'),
+    );
     const approved = await this.prisma.approvedSubnets.create({
       data: {
         user: { connect: { id: userId } },

diff --git a/src/modules/auth/auth.service.ts b/src/modules/auth/auth.service.ts
@@ -352,9 +352,14 @@ export class AuthService {
   ): Promise<void> {
     if (!checkLocationOnLogin) return;
     const subnet = anonymize(ipAddress);
-    const isApproved = await this.prisma.approvedSubnets.findFirst({
-      where: { user: { id }, subnet },
+    const previousSubnets = await this.prisma.approvedSubnets.findMany({
+      where: { user: { id } },
     });
+    let isApproved = false;
+    for await (const item of previousSubnets) {
+      if (!isApproved)
+        if (await compare(subnet, item.subnet)) isApproved = true;
+    }
     if (!isApproved) {
       const user = await this.prisma.users.findOne({
         where: { id },

diff --git a/src/modules/prisma/prisma.service.ts b/src/modules/prisma/prisma.service.ts
@@ -1,5 +1,11 @@
 import { Injectable, OnModuleInit, OnModuleDestroy } from '@nestjs/common';
-import { emails, PrismaClient, sessions, users } from '@prisma/client';
+import {
+  approvedSubnets,
+  emails,
+  PrismaClient,
+  sessions,
+  users,
+} from '@prisma/client';
 import { Expose } from 'src/modules/prisma/prisma.interface';
 
 @Injectable()
@@ -20,6 +26,7 @@ export class PrismaService extends PrismaClient
     delete ((item as any) as users).twoFactorSecret;
     delete ((item as any) as sessions).token;
     delete ((item as any) as emails).emailSafe;
+    delete ((item as any) as approvedSubnets).subnet;
     return item;
   }
 }