Merge pull request #9 from rarimo/fix/rand-v2

Debug of DDoS guard
rarimo · May 9, 2024 · 3a08c4d · 3a08c4d
2 parents 64faac6 + 9365983
commit 3a08c4d
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 12 deletions.
diff --git a/internal/assets/migrations/003_banned.sql b/internal/assets/migrations/003_banned.sql
@@ -1,5 +1,5 @@
 -- +migrate Up
 ALTER TABLE claims ADD COLUMN is_banned BOOLEAN NOT NULL DEFAULT FALSE;
 
--- -migrate Down
+-- +migrate Down
 ALTER TABLE claims DROP COLUMN is_banned;
diff --git a/internal/data/claims.go b/internal/data/claims.go
@@ -9,7 +9,7 @@ import (
 type ClaimQ interface {
 	New() ClaimQ
 	Insert(value Claim) error
-	Update(value Claim) error
+	Update(fields map[string]any) error
 	FilterBy(column string, value any) ClaimQ
 	Get() (*Claim, error)
 	Select() ([]Claim, error)

diff --git a/internal/data/pg/claims.go b/internal/data/pg/claims.go
@@ -46,9 +46,8 @@ func (q *claimsQ) Insert(value data.Claim) error {
 	return err
 }
 
-func (q *claimsQ) Update(value data.Claim) error {
-	clauses := structs.Map(value)
-	stmt := q.upd.SetMap(clauses)
+func (q *claimsQ) Update(fields map[string]any) error {
+	stmt := q.upd.SetMap(fields)
 	err := q.db.Exec(stmt)
 	return err
 }
@@ -80,7 +79,7 @@ func (q *claimsQ) Count() (int, error) {
 	var result struct {
 		Count int `db:"count"`
 	}
-	err := q.db.Select(&result, q.count)
+	err := q.db.Get(&result, q.count)
 	return result.Count, err
 }
 

diff --git a/internal/service/api/handlers/create_identity.go b/internal/service/api/handlers/create_identity.go
@@ -12,7 +12,7 @@ import (
 	"encoding/pem"
 	"fmt"
 	"math/big"
-	"math/rand/v2"
+	"math/rand"
 	"net/http"
 	"strconv"
 	"strings"
@@ -211,31 +211,33 @@ func CreateIdentity(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	existing, err := masterQ.Claim().FilterBy("document_hash", documentHash).Get()
+	existing, err := masterQ.Claim().FilterBy("document_hash", documentHash.String()).Get()
 	if err != nil {
 		Log(r).WithError(err).Error("failed to get claim by document hash")
 		ape.RenderErr(w, problems.InternalError())
 		return
 	}
 	if existing != nil {
-		log := Log(r).WithField("document_hash", documentHash)
+		log := Log(r).WithField("document_hash", documentHash.String())
 		if existing.IsBanned {
 			log.Info("user of the provided document is banned")
 			ape.RenderErr(w, problems.InternalError())
 			return
 		}
 
-		count, err := masterQ.Claim().FilterBy("document_hash", documentHash).Count()
+		count, err := masterQ.Claim().FilterBy("document_hash", documentHash.String()).Count()
 		if err != nil {
 			log.WithError(err).Error("failed to count claims by document hash")
 			ape.RenderErr(w, problems.InternalError())
 			return
 		}
 
 		if count > 0 {
-			allowed := rand.IntN(cfg.MultiAccMaxLimit-cfg.MultiAccMinLimit+1) + cfg.MultiAccMinLimit
+			allowed := rand.Intn(cfg.MultiAccMaxLimit-cfg.MultiAccMinLimit+1) + cfg.MultiAccMinLimit
 			if count >= allowed {
-				err = masterQ.Claim().FilterBy("document_hash", documentHash).Update(data.Claim{IsBanned: true})
+				err = masterQ.Claim().FilterBy("document_hash", documentHash.String()).Update(map[string]any{
+					"is_banned": true,
+				})
 
 				if err != nil {
 					log.WithError(err).Error("failed to ban user")