auto-smart-security 1.0.10 → 1.0.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -12,12 +12,16 @@ class RedisBlacklistStore {
|
|
|
12
12
|
return `${this.prefix}${ip}`;
|
|
13
13
|
}
|
|
14
14
|
async isBlocked(ip) {
|
|
15
|
+
if (!this.redis)
|
|
16
|
+
return false;
|
|
15
17
|
if (this.staticBlacklist.includes(ip))
|
|
16
18
|
return true;
|
|
17
19
|
const value = await this.redis.get(this.key(ip));
|
|
18
20
|
return value === '1';
|
|
19
21
|
}
|
|
20
22
|
async block(ip, ttlSeconds) {
|
|
23
|
+
if (!this.redis)
|
|
24
|
+
return;
|
|
21
25
|
const ttl = ttlSeconds ?? this.ttlSeconds;
|
|
22
26
|
await this.redis.set(this.key(ip), '1', 'EX', ttl);
|
|
23
27
|
}
|
package/dist/bot-detector.d.ts
CHANGED
package/dist/bot-detector.js
CHANGED
|
@@ -6,8 +6,11 @@ class BotDetector {
|
|
|
6
6
|
constructor(limit = 8) {
|
|
7
7
|
this.limit = limit;
|
|
8
8
|
this.scores = new Map();
|
|
9
|
+
this.ttl = 60000; // 1 phút
|
|
9
10
|
}
|
|
10
11
|
detect(req) {
|
|
12
|
+
if (req.method === 'OPTIONS')
|
|
13
|
+
return false;
|
|
11
14
|
let score = 0;
|
|
12
15
|
const ua = (req.headers?.['user-agent'] || '').toLowerCase();
|
|
13
16
|
if (!ua || ua.length < 20)
|
|
@@ -25,8 +28,13 @@ class BotDetector {
|
|
|
25
28
|
if (/(wp-admin|\.env|phpmyadmin|cgi-bin)/i.test(req.originalUrl))
|
|
26
29
|
score += 5;
|
|
27
30
|
const ip = (0, utils_1.getClientIP)(req);
|
|
28
|
-
const
|
|
29
|
-
this.scores.
|
|
31
|
+
const now = Date.now();
|
|
32
|
+
const entry = this.scores.get(ip);
|
|
33
|
+
let total = score;
|
|
34
|
+
if (entry && now - entry.ts < this.ttl) {
|
|
35
|
+
total += entry.score;
|
|
36
|
+
}
|
|
37
|
+
this.scores.set(ip, { score: total, ts: now });
|
|
30
38
|
return total >= this.limit;
|
|
31
39
|
}
|
|
32
40
|
}
|