Merge pull request #229 from privacy-scaling-explorations/fix/sybil

feat(sybil): add GH age check
2026-04-21 03:00:07 -04:00 · 2023-11-02 17:14:27 +00:00
parent b23376bde7 d470ab67a9
commit 40f90cfae5
4 changed files with 15 additions and 7 deletions
--- a/packages/actions/src/helpers/security.ts
+++ b/packages/actions/src/helpers/security.ts
@@ -20,7 +20,8 @@ const getGitHubStats = async (user: string): Promise<any> => {
        following: jsonData.following,
        followers: jsonData.followers,
        publicRepos: jsonData.public_repos,
-        avatarUrl: jsonData.avatar_url
+        avatarUrl: jsonData.avatar_url,
+        age: jsonData.created_at
    }

    return data
@@ -38,19 +39,21 @@ export const githubReputation = async (
    userLogin: string,
    minimumAmountOfFollowing: number,
    minimumAmountOfFollowers: number,
-    minimumAmountOfPublicRepos: number
+    minimumAmountOfPublicRepos: number,
+    minimumAge: number
 ): Promise<any> => {
    if (!process.env.GITHUB_ACCESS_TOKEN)
        throw new Error(
            "The GitHub access token is missing. Please insert a valid token to be used for anti-sybil checks on user registation, and then try again."
        )

-    const { following, followers, publicRepos, avatarUrl } = await getGitHubStats(userLogin)
+    const { following, followers, publicRepos, avatarUrl, age } = await getGitHubStats(userLogin)

    if (
        following < minimumAmountOfFollowing ||
        publicRepos < minimumAmountOfPublicRepos ||
-        followers < minimumAmountOfFollowers
+        followers < minimumAmountOfFollowers ||
+        new Date(age) > new Date(Date.now() - minimumAge)
    )
        return {
            reputable: false,
--- a/packages/backend/.default.env
+++ b/packages/backend/.default.env
@@ -29,6 +29,8 @@ GITHUB_MINIMUM_FOLLOWERS="1"
 GITHUB_MINIMUM_FOLLOWING="5"
 ## Minimum amount of public repos for the GitHub account
 GITHUB_MINIMUM_PUBLIC_REPOS="2"
+## Minimum age of the GitHub account (1 month default)
+GITHUB_MINIMUM_AGE="2592000000"
 ## Personal access token for API rate limiting (no privileges required)
 GITHUB_ACCESS_TOKEN="YOUR-GITHUB-ACCESS-TOKEN"

--- a/packages/backend/src/functions/user.ts
+++ b/packages/backend/src/functions/user.ts
@@ -64,7 +64,8 @@ export const registerAuthUser = functions
                        user.providerData[0].uid,
                        vars.minimumFollowing,
                        vars.minimumFollowers,
-                        vars.minimumPublicRepos
+                        vars.minimumPublicRepos,
+                        vars.minimumAge
                    )
                    if (!reputable) {
                        // Delete user
--- a/packages/backend/src/lib/utils.ts
+++ b/packages/backend/src/lib/utils.ts
@@ -385,14 +385,16 @@ export const getGitHubVariables = (): any => {
    if (
        !process.env.GITHUB_MINIMUM_FOLLOWERS ||
        !process.env.GITHUB_MINIMUM_FOLLOWING ||
-        !process.env.GITHUB_MINIMUM_PUBLIC_REPOS
+        !process.env.GITHUB_MINIMUM_PUBLIC_REPOS ||
+        !process.env.GITHUB_MINIMUM_AGE
    )
        logAndThrowError(COMMON_ERRORS.CM_WRONG_CONFIGURATION)

    return {
        minimumFollowers: Number(process.env.GITHUB_MINIMUM_FOLLOWERS),
        minimumFollowing: Number(process.env.GITHUB_MINIMUM_FOLLOWING),
-        minimumPublicRepos: Number(process.env.GITHUB_MINIMUM_PUBLIC_REPOS)
+        minimumPublicRepos: Number(process.env.GITHUB_MINIMUM_PUBLIC_REPOS),
+        minimumAge: Number(process.env.GITHUB_MINIMUM_AGE)
    }
 }