Add UA_MAIL_BLOCKLIST option

2025-10-03 01:39:31 +02:00 · 2024-03-18 01:00:00 +01:00 · 2024-03-18 01:00:00 +01:00 · e6cc08a292
commit e6cc08a292
parent 120ea33547
3 changed files with 15 additions and 4 deletions
--- a/docs/usage/configuration.md
+++ b/docs/usage/configuration.md
@ -57,3 +57,5 @@
 - SIGN_SECRET
  - used for signing tokens
  - if not set or set to an empty string, then the features that depend on it are disabled
+- UA_MAIL_BLOCKLIST
+  - List of user agents, separated by comma, that are not allowed to trigger sign in mails
--- a/src/api/auth.ts
+++ b/src/api/auth.ts
@ -17,7 +17,8 @@

 import { json } from 'body-parser'
 import { Router } from 'express'
-import { BadRequest } from 'http-errors'
+import { BadRequest, Forbidden } from 'http-errors'
+import { config } from '../config'
 import { Database } from '../database'
 import { sendLoginCode, signInByMailCode } from '../function/authentication/login-by-mail'
 import { isMailAddressCoveredByWhitelist, isMailServerBlacklisted, sanitizeMailAddress } from '../util/mail'
@ -49,6 +50,8 @@ export const createAuthRouter = (database: Database) => {
        res.json({ mailAddressNotWhitelisted: true })
      } else if (isMailServerBlacklisted(mail)) {
        res.json({ mailServerBlacklisted: true })
+      } else if (config.uaMailBlocklist.indexOf(req.headers['user-agent'] || '') !== -1) {
+        throw new Forbidden()
      } else {
        const { mailLoginToken } = await sendLoginCode({
          mail,
--- a/src/config.ts
+++ b/src/config.ts
@ -1,6 +1,6 @@
 /*
 * server component for the TimeLimit App
- * Copyright (C) 2019 - 2022 Jonas Lochmann
+ * Copyright (C) 2019 - 2024 Jonas Lochmann
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
@ -22,6 +22,7 @@ interface Config {
  pingInterval: number
  alwaysPro: boolean
  signSecret: string
+  uaMailBlocklist: Array<string>
 }

 function parseYesNo (value: string) {
@ -34,12 +35,17 @@ function parseYesNo (value: string) {
  }
 }

+function parseList(list: string) {
+  return list.split(',').map((item) => item.trim()).filter((item) => item.length > 0)
+}
+
 class ParseYesNoException extends Error {}

 export const config: Config = {
-  mailWhitelist: (process.env.MAIL_WHITELIST || '').split(',').map((item) => item.trim()).filter((item) => item.length > 0),
+  mailWhitelist: parseList(process.env.MAIL_WHITELIST || ''),
  disableSignup: parseYesNo(process.env.DISABLE_SIGNUP || 'no'),
  pingInterval: parseInt(process.env.PING_INTERVAL_SEC || '25', 10) * 1000,
  alwaysPro: process.env.ALWAYS_PRO ? parseYesNo(process.env.ALWAYS_PRO) : false,
-  signSecret: process.env.SIGN_SECRET || ''
+  signSecret: process.env.SIGN_SECRET || '',
+  uaMailBlocklist: parseList(process.env.UA_MAIL_BLOCKLIST || '')
 }