github/siv
1
1
Fork 0
mirror of https://github.com/siv-org/siv.git synced 2026-01-10 19:07:57 -05:00
Code Issues Packages Projects Releases Wiki Activity

/malware-check: Alert admin on bad OTPs

Browse Source
This commit is contained in:
David Ernst
2026-01-05 22:48:55 -08:00
parent a5e790ac69
commit 0b14fc2e49
3 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pages/api/malware-check/confirm.ts
View File

@@ -22,7 +22,7 @@ export default async (req: NextApiRequest, res: NextApiResponse) => {
// Find matching check entry by OTP
const checkEntry = data.checks.find((entry: { otp?: string }) => entry.otp === otp)
if (!checkEntry) {
await pushover('Malware check: Invalid OTP', `${election_id}: ${auth_token}\nOTP: ${otp}`)
await pushover('Malware check, confirm: Invalid OTP', `${election_id}: ${auth_token}\nOTP: ${otp}`)
return res.status(404).json({ error: 'Invalid OTP' })
}

7
pages/api/malware-check/decrypt-success.ts
View File

@@ -1,6 +1,6 @@
import { NextApiRequest, NextApiResponse } from 'next'
import { firebase } from '../_services'
import { firebase, pushover } from '../_services'
export default async (req: NextApiRequest, res: NextApiResponse) => {
const { auth_token, election_id, otp } = req.body
@@ -20,7 +20,10 @@ export default async (req: NextApiRequest, res: NextApiResponse) => {
// Find matching check entry by OTP
const checkEntry = data.checks.find((entry: { otp?: string }) => entry.otp === otp)
if (!checkEntry) return res.status(404).json({ error: 'Invalid OTP' })
if (!checkEntry) {
await pushover('Malware check, decrypt success: Invalid OTP', `${election_id}: ${auth_token}\nOTP: ${otp}`)
return res.status(404).json({ error: 'Invalid OTP' })
}
// Update the specific check entry
const updatedChecks = data.checks.map((entry: { otp?: string }) => {

2
pages/api/malware-check/download.ts
View File

@@ -25,7 +25,7 @@ export default async (req: NextApiRequest, res: NextApiResponse) => {
// Find matching check entry by OTP
const checkEntry = data.checks.find((entry: { otp?: string }) => entry.otp === otp)
if (!checkEntry) {
await pushover('Malware check: Invalid OTP', `${election_id}: ${auth_token}\nOTP: ${otp}`)
await pushover('Malware check, download: Invalid OTP', `${election_id}: ${auth_token}\nOTP: ${otp}`)
return res.status(401).json({ error: 'Invalid OTP' })
}