From b0492e7d58e728c33342324522dcf4076eef3413 Mon Sep 17 00:00:00 2001 From: Martin Dimitrov Date: Tue, 12 Nov 2024 22:28:35 -0800 Subject: [PATCH] make a simple blocklist for discord + bots --- .../doorman-api/functions/api/door/auth.js | 8 +++++++ .../doorman-api/functions/api/door/edit.js | 8 +++++++ .../doorman-api/functions/api/door/status.js | 8 +++++++ .../common/blockUserAgent.private.js | 23 +++++++++++++++++++ 4 files changed, 47 insertions(+) create mode 100644 packages/doorman-api/functions/common/blockUserAgent.private.js diff --git a/packages/doorman-api/functions/api/door/auth.js b/packages/doorman-api/functions/api/door/auth.js index 1d42e2e..0b3b228 100644 --- a/packages/doorman-api/functions/api/door/auth.js +++ b/packages/doorman-api/functions/api/door/auth.js @@ -5,6 +5,14 @@ exports.handler = async function(context, event, callback) { const response = new Twilio.Response(); + const blockPath = Runtime.getFunctions()['common/blockUserAgent'].path; + const block = require(blockPath); + + if (block.shouldBlockRequest(event)) { + response.setStatusCode(200); + return callback(null, response); + } + let door = event.door; let pin = event.key; diff --git a/packages/doorman-api/functions/api/door/edit.js b/packages/doorman-api/functions/api/door/edit.js index 8f24080..72268de 100644 --- a/packages/doorman-api/functions/api/door/edit.js +++ b/packages/doorman-api/functions/api/door/edit.js @@ -6,6 +6,14 @@ exports.handler = async function(context, event, callback) { const response = new Twilio.Response(); + const blockPath = Runtime.getFunctions()['common/blockUserAgent'].path; + const block = require(blockPath); + + if (block.shouldBlockRequest(event)) { + response.setStatusCode(200); + return callback(null, response); + } + let door = event.door; let approvalId = event.approvalId; let newConfig = event.newConfig; diff --git a/packages/doorman-api/functions/api/door/status.js b/packages/doorman-api/functions/api/door/status.js index f056120..cf5927d 100644 --- a/packages/doorman-api/functions/api/door/status.js +++ b/packages/doorman-api/functions/api/door/status.js @@ -5,6 +5,14 @@ exports.handler = async function(context, event, callback) { const response = new Twilio.Response(); + const blockPath = Runtime.getFunctions()['common/blockUserAgent'].path; + const block = require(blockPath); + + if (block.shouldBlockRequest(event)) { + response.setStatusCode(200); + return callback(null, response); + } + const door = event.door; if (!door) { diff --git a/packages/doorman-api/functions/common/blockUserAgent.private.js b/packages/doorman-api/functions/common/blockUserAgent.private.js new file mode 100644 index 0000000..c073d4a --- /dev/null +++ b/packages/doorman-api/functions/common/blockUserAgent.private.js @@ -0,0 +1,23 @@ +/** + * Helper method to BLOCK discordbot from scraping API links + * This is a bit of a hack until we process event links from UI instead of raw API + */ +exports.shouldBlockRequest = (event) => { + let headers = event?.request?.headers; + let userAgentString = ""; + + if (headers && headers['user-agent']) { + userAgentString = headers['user-agent']; + } + + console.log("[BlockUserAgent] got useragent", userAgentString); + + let blockList = ["Discord", "bot", "facebook"]; + + console.log("[BlockUserAgent] blocked useragents are", blockList); + + let willBlock = blockList.some(term => userAgentString.includes(term)); + + console.log("[BlockUserAgent] should block request: ", willBlock); + return willBlock; +};