From 7e1b68be2140083dd0b752a0a6a1ca6de673f262 Mon Sep 17 00:00:00 2001
From: merelendor <merelendor@gmail.com>
Date: Wed, 11 Sep 2024 16:08:55 +0000
Subject: [PATCH] fix for SMS sending mass requests - adding IP checking

---
 pages/api/auth/phone/check.js  | 11 +++++++----
 pages/api/change/phone/send.js | 11 +++++++----
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/pages/api/auth/phone/check.js b/pages/api/auth/phone/check.js
index 461e524..47292e3 100644
--- a/pages/api/auth/phone/check.js
+++ b/pages/api/auth/phone/check.js
@@ -18,11 +18,13 @@ export default async function handler(req, res)
 	phone = phone.replace(/[^0-9.]/g, '');
 
 	const key = md5(`sms_code_${ phone }`);
-	const key_block = md5(`phone_change_sms_block_${ phone }`);
+	const key_block_ip = md5(`phone_change_sms_block_ip_${ req.headers[ process.env.IP_HEADERS_PARAM ] }`);
+	const key_block_number = md5(`phone_change_sms_block_number_${ phone }`);
 
-	const existed_phone = await RedisClient.get(key_block);
+	const existed_phone_ip = await RedisClient.get(key_block_ip);
+	const existed_phone_number = await RedisClient.get(key_block_number);
 
-	if(existed_phone === null)
+	if(existed_phone_ip === null && existed_phone_number === null)
 	{
 		const response = await new Promise((resolve, reject) => 
 		{
@@ -52,7 +54,8 @@ export default async function handler(req, res)
 
 		if(response.status === "success")
 		{
-			await RedisClient.set(key_block, key_block, 'EX', 60);
+			await RedisClient.set(key_block_ip, key_block_ip, 'EX', 60);
+			await RedisClient.set(key_block_number, key_block_number, 'EX', 60);
 
 			let code = ``;
 			for(let i = 0; i < 6; i++) { code = `${ code }${ Math.floor(Math.random() * 10) }`; }
diff --git a/pages/api/change/phone/send.js b/pages/api/change/phone/send.js
index 18ddeba..a6cf03c 100644
--- a/pages/api/change/phone/send.js
+++ b/pages/api/change/phone/send.js
@@ -19,13 +19,16 @@ export default async function handler(req, res)
 	phone = phone.replace(/[^0-9.]/g, '');
 
 	const key = md5(`phone_change_sms_code_${ phone }`);
-	const key_block = md5(`phone_change_sms_block_${ phone }`);
+	const key_block_ip = md5(`phone_change_sms_block_ip_${ req.headers[ process.env.IP_HEADERS_PARAM ] }`);
+	const key_block_number = md5(`phone_change_sms_block_number_${ phone }`);
 
-	const existed_phone = await RedisClient.get(key_block);
+	const existed_phone_ip = await RedisClient.get(key_block_ip);
+	const existed_phone_number = await RedisClient.get(key_block_number);
 
-	if(existed_phone === null)
+	if(existed_phone_ip === null && existed_phone_number === null)
 	{
-		await RedisClient.set(key_block, key_block, 'EX', 60);
+		await RedisClient.set(key_block_ip, key_block_ip, 'EX', 60);
+		await RedisClient.set(key_block_number, key_block_number, 'EX', 60);
 
 		let code = ``;
 		for(let i = 0; i < 6; i++) { code = `${ code }${ Math.floor(Math.random() * 10) }`; }