From aed785f14730057001e77115861a1f1f83f95102 Mon Sep 17 00:00:00 2001
From: Ylian Saint-Hilaire <ysainthilaire@hotmail.com>
Date: Sun, 9 Jan 2022 14:49:27 -0800
Subject: [PATCH] Disconnect agents that send the same console value in a loop.

---
 meshagent.js | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/meshagent.js b/meshagent.js
index c9e88e51..01be68e5 100644
--- a/meshagent.js
+++ b/meshagent.js
@@ -1203,6 +1203,17 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
             switch (command.action) {
                 case 'msg':
                     {
+                        // If the same console command is processed many times, kick out this agent.
+                        // This is a safety mesure to guard against the agent DOS'ing the server.
+                        if (command.type == 'console') {
+                            if (obj.consoleKickValue == command.value) {
+                                if (obj.consoleKickCount) { obj.consoleKickCount++; } else { obj.consoleKickCount = 1; }
+                                if (obj.consoleKickCount > 30) { obj.close(); return; } // 30 identical console messages received, kick out this agent.
+                            } else {
+                                obj.consoleKickValue = command.value;
+                            }
+                        }
+
                         // Route a message
                         parent.routeAgentCommand(command, obj.domain.id, obj.dbNodeKey, obj.dbMeshKey);
                         break;