Adds caching to vulnerable API call #47
4 changed files with 355 additions and 586 deletions
|
@ -6,14 +6,14 @@
|
||||||
"license": "MIT",
|
"license": "MIT",
|
||||||
"require": {
|
"require": {
|
||||||
"php": ">=5.6",
|
"php": ">=5.6",
|
||||||
"cakephp/cakephp": "^3.6",
|
"cakephp/cakephp": "3.4.*",
|
||||||
"mobiledetect/mobiledetectlib": "2.*",
|
"mobiledetect/mobiledetectlib": "2.*",
|
||||||
"cakephp/migrations": "~1.0",
|
"cakephp/migrations": "~1.0",
|
||||||
"cakephp/plugin-installer": "~1.0",
|
"cakephp/plugin-installer": "~1.0",
|
||||||
"mdanter/ecc": "^0.5.0",
|
"mdanter/ecc": "^0.5.0",
|
||||||
"nesbot/carbon": "~1.18",
|
"nesbot/carbon": "~1.18",
|
||||||
"endroid/qrcode": "^2.2.2",
|
"predis/predis": "^1.1.1",
|
||||||
"predis/predis": "^1.1.1"
|
"endroid/qr-code": "^3.5"
|
||||||
},
|
},
|
||||||
"require-dev": {
|
"require-dev": {
|
||||||
"psy/psysh": "@stable",
|
"psy/psysh": "@stable",
|
||||||
|
|
846
composer.lock
generated
846
composer.lock
generated
File diff suppressed because it is too large
Load diff
|
@ -74,7 +74,7 @@ CREATE TABLE `Addresses`
|
||||||
`TotalReceived` DECIMAL(18,8) DEFAULT 0 NOT NULL,
|
`TotalReceived` DECIMAL(18,8) DEFAULT 0 NOT NULL,
|
||||||
`TotalSent` DECIMAL(18,8) DEFAULT 0 NOT NULL,
|
`TotalSent` DECIMAL(18,8) DEFAULT 0 NOT NULL,
|
||||||
`Balance` DECIMAL(18,8) AS (`TotalReceived` - `TotalSent`) PERSISTENT,
|
`Balance` DECIMAL(18,8) AS (`TotalReceived` - `TotalSent`) PERSISTENT,
|
||||||
`Tag` VARCHAR(30) NOT NULL,
|
`Tag` VARCHAR(30),
|
||||||
`TagUrl` VARCHAR(200),
|
`TagUrl` VARCHAR(200),
|
||||||
`Created` DATETIME NOT NULL,
|
`Created` DATETIME NOT NULL,
|
||||||
`Modified` DATETIME NOT NULL,
|
`Modified` DATETIME NOT NULL,
|
||||||
|
|
|
@ -13,6 +13,7 @@ use Cake\Log\Log;
|
||||||
use Endroid\QrCode\ErrorCorrectionLevel;
|
use Endroid\QrCode\ErrorCorrectionLevel;
|
||||||
use Endroid\QrCode\LabelAlignment;
|
use Endroid\QrCode\LabelAlignment;
|
||||||
use Endroid\QrCode\QrCode;
|
use Endroid\QrCode\QrCode;
|
||||||
|
use Endroid\QrCode\Response\QrCodeResponse;
|
||||||
|
|
||||||
class MainController extends AppController {
|
class MainController extends AppController {
|
||||||
|
|
||||||
|
@ -20,6 +21,8 @@ class MainController extends AppController {
|
||||||
|
|
||||||
const lbcPriceKey = 'lbc.price';
|
const lbcPriceKey = 'lbc.price';
|
||||||
|
|
||||||
|
const txOutSetInfo = 'lbrcrd.tosi';
|
||||||
|
|
||||||
const bittrexMarketUrl = 'https://bittrex.com/api/v1.1/public/getticker?market=BTC-LBC';
|
const bittrexMarketUrl = 'https://bittrex.com/api/v1.1/public/getticker?market=BTC-LBC';
|
||||||
|
|
||||||
const blockchainTickerUrl = 'https://blockchain.info/ticker';
|
const blockchainTickerUrl = 'https://blockchain.info/ticker';
|
||||||
|
@ -557,12 +560,6 @@ class MainController extends AppController {
|
||||||
$recentTxs = [];
|
$recentTxs = [];
|
||||||
|
|
||||||
$tagRequestAmount = 0;
|
$tagRequestAmount = 0;
|
||||||
// Check for pending tag request
|
|
||||||
$this->loadModel('TagAddressRequests');
|
|
||||||
$pending = $this->TagAddressRequests->find()->where(['Address' => $addr, 'IsVerified <>' => 1])->first();
|
|
||||||
if (!$pending) {
|
|
||||||
$tagRequestAmount = '25.' . rand(11111111, 99999999);
|
|
||||||
}
|
|
||||||
|
|
||||||
$address = $this->Addresses->find()->where(['Address' => $addr])->first();
|
$address = $this->Addresses->find()->where(['Address' => $addr])->first();
|
||||||
if (!$address) {
|
if (!$address) {
|
||||||
|
@ -623,8 +620,6 @@ class MainController extends AppController {
|
||||||
|
|
||||||
$this->set('offset', $offset);
|
$this->set('offset', $offset);
|
||||||
$this->set('canTag', $canTag);
|
$this->set('canTag', $canTag);
|
||||||
$this->set('pending', $pending);
|
|
||||||
$this->set('tagRequestAmount', $tagRequestAmount);
|
|
||||||
$this->set('address', $address);
|
$this->set('address', $address);
|
||||||
$this->set('totalReceived', $totalRecvAmount);
|
$this->set('totalReceived', $totalRecvAmount);
|
||||||
$this->set('totalSent', $totalSentAmount);
|
$this->set('totalSent', $totalSentAmount);
|
||||||
|
@ -647,15 +642,15 @@ class MainController extends AppController {
|
||||||
$qrCode->setSize(300);
|
$qrCode->setSize(300);
|
||||||
|
|
||||||
// Set advanced options
|
// Set advanced options
|
||||||
$qrCode
|
$qrCode->setWriterByName('png');
|
||||||
->setWriterByName('png')
|
$qrCode->setMargin(10);
|
||||||
->setMargin(10)
|
$qrCode->setEncoding('UTF-8');
|
||||||
->setEncoding('UTF-8')
|
$qrCode->setErrorCorrectionLevel(new ErrorCorrectionLevel(ErrorCorrectionLevel::LOW));
|
||||||
->setErrorCorrectionLevel(ErrorCorrectionLevel::LOW)
|
$qrCode->setForegroundColor(['r' => 0, 'g' => 0, 'b' => 0, 'a' => 0]);
|
||||||
->setForegroundColor(['r' => 0, 'g' => 0, 'b' => 0])
|
$qrCode->setBackgroundColor(['r' => 255, 'g' => 255, 'b' => 255, 'a' => 0]);
|
||||||
->setBackgroundColor(['r' => 255, 'g' => 255, 'b' => 255])
|
$qrCode->setLogoWidth(150);
|
||||||
->setLogoWidth(150)
|
$qrCode->setValidateResult(false);
|
||||||
->setValidateResult(false);
|
|
||||||
|
|
||||||
header('Content-Type: '.$qrCode->getContentType());
|
header('Content-Type: '.$qrCode->getContentType());
|
||||||
echo $qrCode->writeString();
|
echo $qrCode->writeString();
|
||||||
|
@ -697,17 +692,47 @@ class MainController extends AppController {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private function _gettxoutsetinfo() {
|
protected function _gettxoutsetinfo() {
|
||||||
$req = ['method' => 'gettxoutsetinfo', 'params' => []];
|
$now = new \DateTime('now', new \DateTimeZone('UTC'));
|
||||||
try {
|
$txOutSetInfo = new \stdClass();
|
||||||
$res = json_decode(self::curl_json_post(self::$rpcurl, json_encode($req)));
|
$txOutSetInfo->time = $now->format('c');
|
||||||
if (!isset($res->result)) {
|
|
||||||
return 0;
|
$shouldRefreshSet = false;
|
||||||
|
if (!$this->redis) {
|
||||||
|
$shouldRefreshSet = true;
|
||||||
|
} else {
|
||||||
|
if (!$this->redis->exists(self::txOutSetInfo)) {
|
||||||
|
$shouldRefreshSet = true;
|
||||||
|
} else {
|
||||||
|
$txOutSetInfo = json_decode($this->redis->get(self::txOutSetInfo));
|
||||||
|
$lastTOSIDt = new \DateTime($txOutSetInfo->time);
|
||||||
|
$diff = $now->diff($lastTOSIDt);
|
||||||
|
$diffMinutes = $diff->i;
|
||||||
|
if ($diffMinutes >= 15 || $txOutSetInfo->set == 'N/A') {
|
||||||
|
$shouldRefreshSet = true;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return $res->result;
|
|
||||||
} catch (\Exception $e) {
|
|
||||||
return 'N/A';
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($shouldRefreshSet) {
|
||||||
|
|
||||||
|
$req = ['method' => 'gettxoutsetinfo', 'params' => []];
|
||||||
|
try {
|
||||||
|
$res = json_decode(self::curl_json_post(self::$rpcurl, json_encode($req)));
|
||||||
|
if (!isset($res->result)) {
|
||||||
|
$txOutSetInfo->tosi = 'N/A';
|
||||||
|
}
|
||||||
|
$txOutSetInfo->tosi = $res->result;
|
||||||
|
} catch (\Exception $e) {
|
||||||
|
$txOutSetInfo->tosi = 'N/A';
|
||||||
|
}
|
||||||
|
$txOutSetInfo->time = $now->format('c');
|
||||||
|
if ($this->redis) {
|
||||||
|
$this->redis->set(self::txOutSetInfo, json_encode($txOutSetInfo));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return (isset($txOutSetInfo->tosi)) ? $txOutSetInfo->tosi : 'N/A';
|
||||||
}
|
}
|
||||||
|
|
||||||
public function apistatus() {
|
public function apistatus() {
|
||||||
|
@ -937,5 +962,3 @@ class MainController extends AppController {
|
||||||
return $response;
|
return $response;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
?>
|
|
||||||
|
|
Loading…
Reference in a new issue