Adds caching to vulnerable API call #47

Merged
nikooo777 merged 2 commits from cache2 into master 2019-01-04 13:57:14 +01:00
4 changed files with 355 additions and 586 deletions

View file

@ -6,14 +6,14 @@
"license": "MIT", "license": "MIT",
"require": { "require": {
"php": ">=5.6", "php": ">=5.6",
"cakephp/cakephp": "^3.6", "cakephp/cakephp": "3.4.*",
"mobiledetect/mobiledetectlib": "2.*", "mobiledetect/mobiledetectlib": "2.*",
"cakephp/migrations": "~1.0", "cakephp/migrations": "~1.0",
"cakephp/plugin-installer": "~1.0", "cakephp/plugin-installer": "~1.0",
"mdanter/ecc": "^0.5.0", "mdanter/ecc": "^0.5.0",
"nesbot/carbon": "~1.18", "nesbot/carbon": "~1.18",
"endroid/qrcode": "^2.2.2", "predis/predis": "^1.1.1",
"predis/predis": "^1.1.1" "endroid/qr-code": "^3.5"
}, },
"require-dev": { "require-dev": {
"psy/psysh": "@stable", "psy/psysh": "@stable",

846
composer.lock generated

File diff suppressed because it is too large Load diff

View file

@ -74,7 +74,7 @@ CREATE TABLE `Addresses`
`TotalReceived` DECIMAL(18,8) DEFAULT 0 NOT NULL, `TotalReceived` DECIMAL(18,8) DEFAULT 0 NOT NULL,
`TotalSent` DECIMAL(18,8) DEFAULT 0 NOT NULL, `TotalSent` DECIMAL(18,8) DEFAULT 0 NOT NULL,
`Balance` DECIMAL(18,8) AS (`TotalReceived` - `TotalSent`) PERSISTENT, `Balance` DECIMAL(18,8) AS (`TotalReceived` - `TotalSent`) PERSISTENT,
`Tag` VARCHAR(30) NOT NULL, `Tag` VARCHAR(30),
`TagUrl` VARCHAR(200), `TagUrl` VARCHAR(200),
`Created` DATETIME NOT NULL, `Created` DATETIME NOT NULL,
`Modified` DATETIME NOT NULL, `Modified` DATETIME NOT NULL,

View file

@ -13,6 +13,7 @@ use Cake\Log\Log;
use Endroid\QrCode\ErrorCorrectionLevel; use Endroid\QrCode\ErrorCorrectionLevel;
use Endroid\QrCode\LabelAlignment; use Endroid\QrCode\LabelAlignment;
use Endroid\QrCode\QrCode; use Endroid\QrCode\QrCode;
use Endroid\QrCode\Response\QrCodeResponse;
class MainController extends AppController { class MainController extends AppController {
@ -20,6 +21,8 @@ class MainController extends AppController {
const lbcPriceKey = 'lbc.price'; const lbcPriceKey = 'lbc.price';
const txOutSetInfo = 'lbrcrd.tosi';
const bittrexMarketUrl = 'https://bittrex.com/api/v1.1/public/getticker?market=BTC-LBC'; const bittrexMarketUrl = 'https://bittrex.com/api/v1.1/public/getticker?market=BTC-LBC';
const blockchainTickerUrl = 'https://blockchain.info/ticker'; const blockchainTickerUrl = 'https://blockchain.info/ticker';
@ -557,12 +560,6 @@ class MainController extends AppController {
$recentTxs = []; $recentTxs = [];
$tagRequestAmount = 0; $tagRequestAmount = 0;
// Check for pending tag request
$this->loadModel('TagAddressRequests');
$pending = $this->TagAddressRequests->find()->where(['Address' => $addr, 'IsVerified <>' => 1])->first();
if (!$pending) {
$tagRequestAmount = '25.' . rand(11111111, 99999999);
}
$address = $this->Addresses->find()->where(['Address' => $addr])->first(); $address = $this->Addresses->find()->where(['Address' => $addr])->first();
if (!$address) { if (!$address) {
@ -623,8 +620,6 @@ class MainController extends AppController {
$this->set('offset', $offset); $this->set('offset', $offset);
$this->set('canTag', $canTag); $this->set('canTag', $canTag);
$this->set('pending', $pending);
$this->set('tagRequestAmount', $tagRequestAmount);
$this->set('address', $address); $this->set('address', $address);
$this->set('totalReceived', $totalRecvAmount); $this->set('totalReceived', $totalRecvAmount);
$this->set('totalSent', $totalSentAmount); $this->set('totalSent', $totalSentAmount);
@ -647,15 +642,15 @@ class MainController extends AppController {
$qrCode->setSize(300); $qrCode->setSize(300);
// Set advanced options // Set advanced options
$qrCode $qrCode->setWriterByName('png');
->setWriterByName('png') $qrCode->setMargin(10);
->setMargin(10) $qrCode->setEncoding('UTF-8');
->setEncoding('UTF-8') $qrCode->setErrorCorrectionLevel(new ErrorCorrectionLevel(ErrorCorrectionLevel::LOW));
->setErrorCorrectionLevel(ErrorCorrectionLevel::LOW) $qrCode->setForegroundColor(['r' => 0, 'g' => 0, 'b' => 0, 'a' => 0]);
->setForegroundColor(['r' => 0, 'g' => 0, 'b' => 0]) $qrCode->setBackgroundColor(['r' => 255, 'g' => 255, 'b' => 255, 'a' => 0]);
->setBackgroundColor(['r' => 255, 'g' => 255, 'b' => 255]) $qrCode->setLogoWidth(150);
->setLogoWidth(150) $qrCode->setValidateResult(false);
->setValidateResult(false);
header('Content-Type: '.$qrCode->getContentType()); header('Content-Type: '.$qrCode->getContentType());
echo $qrCode->writeString(); echo $qrCode->writeString();
@ -697,17 +692,47 @@ class MainController extends AppController {
} }
} }
private function _gettxoutsetinfo() { protected function _gettxoutsetinfo() {
$now = new \DateTime('now', new \DateTimeZone('UTC'));
$txOutSetInfo = new \stdClass();
$txOutSetInfo->time = $now->format('c');
$shouldRefreshSet = false;
if (!$this->redis) {
$shouldRefreshSet = true;
} else {
if (!$this->redis->exists(self::txOutSetInfo)) {
$shouldRefreshSet = true;
} else {
$txOutSetInfo = json_decode($this->redis->get(self::txOutSetInfo));
$lastTOSIDt = new \DateTime($txOutSetInfo->time);
$diff = $now->diff($lastTOSIDt);
$diffMinutes = $diff->i;
if ($diffMinutes >= 15 || $txOutSetInfo->set == 'N/A') {
$shouldRefreshSet = true;
}
}
}
if ($shouldRefreshSet) {
$req = ['method' => 'gettxoutsetinfo', 'params' => []]; $req = ['method' => 'gettxoutsetinfo', 'params' => []];
try { try {
$res = json_decode(self::curl_json_post(self::$rpcurl, json_encode($req))); $res = json_decode(self::curl_json_post(self::$rpcurl, json_encode($req)));
if (!isset($res->result)) { if (!isset($res->result)) {
return 0; $txOutSetInfo->tosi = 'N/A';
} }
return $res->result; $txOutSetInfo->tosi = $res->result;
} catch (\Exception $e) { } catch (\Exception $e) {
return 'N/A'; $txOutSetInfo->tosi = 'N/A';
} }
$txOutSetInfo->time = $now->format('c');
if ($this->redis) {
$this->redis->set(self::txOutSetInfo, json_encode($txOutSetInfo));
}
}
return (isset($txOutSetInfo->tosi)) ? $txOutSetInfo->tosi : 'N/A';
} }
public function apistatus() { public function apistatus() {
@ -937,5 +962,3 @@ class MainController extends AppController {
return $response; return $response;
} }
} }
?>