diff --git a/src/modules/approved-subnets/approved-subnets.module.ts b/src/modules/approved-subnets/approved-subnets.module.ts index 0724e23a2..d040112c8 100644 --- a/src/modules/approved-subnets/approved-subnets.module.ts +++ b/src/modules/approved-subnets/approved-subnets.module.ts @@ -1,10 +1,11 @@ import { Module } from '@nestjs/common'; +import { ConfigModule } from '@nestjs/config'; import { PrismaModule } from '../prisma/prisma.module'; import { ApprovedSubnetController } from './approved-subnets.controller'; import { ApprovedSubnetsService } from './approved-subnets.service'; @Module({ - imports: [PrismaModule], + imports: [PrismaModule, ConfigModule], controllers: [ApprovedSubnetController], providers: [ApprovedSubnetsService], }) diff --git a/src/modules/approved-subnets/approved-subnets.service.ts b/src/modules/approved-subnets/approved-subnets.service.ts index f3477d488..0d5da87e2 100644 --- a/src/modules/approved-subnets/approved-subnets.service.ts +++ b/src/modules/approved-subnets/approved-subnets.service.ts @@ -13,10 +13,16 @@ import { import { Expose } from 'src/modules/prisma/prisma.interface'; import { PrismaService } from '../prisma/prisma.service'; import anonymize from 'ip-anonymize'; +import { hash } from 'bcrypt'; +import { ConfigService } from '@nestjs/config'; @Injectable() export class ApprovedSubnetsService { - constructor(private prisma: PrismaService) {} + constructor( + private prisma: PrismaService, + private configService: ConfigService, + ) {} + async getApprovedSubnets( userId: number, params: { @@ -72,7 +78,10 @@ export class ApprovedSubnetsService { } async approveNewSubnet(userId: number, ipAddress: string) { - const subnet = anonymize(ipAddress); + const subnet = await hash( + anonymize(ipAddress), + this.configService.get('security.saltRounds'), + ); const approved = await this.prisma.approvedSubnets.create({ data: { user: { connect: { id: userId } }, diff --git a/src/modules/auth/auth.service.ts b/src/modules/auth/auth.service.ts index fe5c698cb..2f359df31 100644 --- a/src/modules/auth/auth.service.ts +++ b/src/modules/auth/auth.service.ts @@ -352,9 +352,14 @@ export class AuthService { ): Promise { if (!checkLocationOnLogin) return; const subnet = anonymize(ipAddress); - const isApproved = await this.prisma.approvedSubnets.findFirst({ - where: { user: { id }, subnet }, + const previousSubnets = await this.prisma.approvedSubnets.findMany({ + where: { user: { id } }, }); + let isApproved = false; + for await (const item of previousSubnets) { + if (!isApproved) + if (await compare(subnet, item.subnet)) isApproved = true; + } if (!isApproved) { const user = await this.prisma.users.findOne({ where: { id }, diff --git a/src/modules/prisma/prisma.service.ts b/src/modules/prisma/prisma.service.ts index 189e9b273..e5dbb33d2 100644 --- a/src/modules/prisma/prisma.service.ts +++ b/src/modules/prisma/prisma.service.ts @@ -1,5 +1,11 @@ import { Injectable, OnModuleInit, OnModuleDestroy } from '@nestjs/common'; -import { emails, PrismaClient, sessions, users } from '@prisma/client'; +import { + approvedSubnets, + emails, + PrismaClient, + sessions, + users, +} from '@prisma/client'; import { Expose } from 'src/modules/prisma/prisma.interface'; @Injectable() @@ -20,6 +26,7 @@ export class PrismaService extends PrismaClient delete ((item as any) as users).twoFactorSecret; delete ((item as any) as sessions).token; delete ((item as any) as emails).emailSafe; + delete ((item as any) as approvedSubnets).subnet; return item; } }