1

CODE:

exports.create = function (req, res) {
  var article = new Article(req.body);
  article.user = req.user;

  console.log("1) LAST: "+article.user.last.getTime());
  console.log("Date.now() "+Date.now());

  if (article.user.last != null && article.user.last != undefined) {
      console.log("1");
      console.log("DATE: "+(Date.now() - article.user.last));
      if ((Date.now() - article.user.last.getTime() > 1000 * 60 * 60)) {
            article.save(function (err) {
                if (err) {
                  return res.status(422).send({
                    message: errorHandler.getErrorMessage(err)
                  });
                } else {
                    res.json(article);

                    if (article.user) {
                        article.user.last = Date.now();
                        console.log("2) LAST: "+article.user.last.getTime());
                    } else {
                        res.status(401).send({
                          message: 'User is not signed in'
                        });
                    }
                }
            });
      }
      else {
          return res.status(422).send({
            message: "You need to wait 1 hour between Article creations or if you just created an account."
          });
      }
  }
  else {
      console.log("2");
      article.save(function (err) {
        if (err) {
          return res.status(422).send({
            message: errorHandler.getErrorMessage(err)
          });
        } else {
          res.json(article);

            if (article.user) {
                article.user.last = Date.now();
                console.log("3) LAST: "+article.user.last.getTime());
            } else {
                res.status(401).send({
                  message: 'User is not signed in'
                });
            }
        }
    });
  }
};

SITUATION:

Instead of using Date.now(), I would like to use the server time.

My anti-spam timer prevents a user from posting more than once every hour.

It works fine except for one thing: if I use Date.now(), I am able to bypass the timer by simply advancing my local clock by 1 hour.

Coder1000
  • 4,071
  • 9
  • 35
  • 84
  • `Date.now()` executed on the server is the **server** time. PS: From your code, this has nothing to do with angular nor mongodb. – qqilihq Feb 06 '17 at 19:43
  • @qqilihq The code you see above is my anti-spam timer. You need to wait 1 hour between posts. If Date.now() executed on the server IS the sever time, then why was I able to just advance my local clock by 1 hour to bypass the timer ? – Coder1000 Feb 06 '17 at 20:02
  • @Coder1000 - Because you're testing locally. Your machine time is the server time. – tymeJV Feb 06 '17 at 20:05
  • @tymeJV Mind Blown :O – Coder1000 Feb 06 '17 at 20:06
  • @tymeJV Write an answer so I can accept it ;) – Coder1000 Feb 06 '17 at 20:06

2 Answers2

2

When you're testing locally - your machine is the server - so your test of setting your local machine ahead 1 hour wasn't really a valid test, as it also set the server time ahead an hour.

Date.now() is the correct way to get the time, btw. I'd also like to say to remember to use UTC when you're working with times like this.

tymeJV
  • 103,943
  • 14
  • 161
  • 157
  • Great ! I thought Date.now() was always taking the time of the client. TIL :D Thx! – Coder1000 Feb 06 '17 at 20:10
  • Why UTC ? (I just used the default Date.now(), do I need to make a change ?) – Coder1000 Feb 06 '17 at 20:11
  • UTC is how dates should be stored, in case your ever going to do more advanced things regarding timezones. `Date.now()` will work fine - unless your server unexpectedly switches timezones, then it could have issues. Always a fun read: http://yellerapp.com/posts/2015-01-12-the-worst-server-setup-you-can-make.html – tymeJV Feb 06 '17 at 20:21
  • Thx ! Will take a look at it :) (Also, you forgot to ping me, luckily I checked back here :D) – Coder1000 Feb 07 '17 at 13:14
  • Ok, I read it. This is a setting I will just have to configure on my Server (VMs on Google Cloud Compute Engine), or is it something I have to set in my code ? – Coder1000 Feb 07 '17 at 13:17
  • After a quick google search, it seems it should be done at the application level, not the server: http://stackoverflow.com/questions/29079052/jelastic-how-to-change-server-date-and-time-to-utc – Coder1000 Feb 07 '17 at 13:20
  • Ok I found this: `$ export TZ="Europe/Amsterdam"; gulp myTask`here: http://stackoverflow.com/questions/8083410/how-can-i-set-the-default-timezone-in-node-js So I suppose that for UTC I should just do `$ export TZ="UTC"; gulp myTask` ? – Coder1000 Feb 07 '17 at 13:29
  • @Coder1000 -- I would honestly just use `momentjs` on your node server, then just do `moment` methods: http://stackoverflow.com/questions/26873200/momentjs-getting-javascript-date-in-utc (this is the way I've done it with node in the past, I can't speak much to the gulp stuff) – tymeJV Feb 07 '17 at 13:45
  • Hello, would you know what causes this ? http://stackoverflow.com/questions/42102929/gigantic-time-lapse-between-two-date-now?noredirect=1#comment71376054_42102929 – Coder1000 Feb 08 '17 at 01:20
-1

Use $currentDate

See docs here: https://docs.mongodb.com/manual/reference/operator/update/currentDate/

Santanu Biswas
  • 4,699
  • 2
  • 22
  • 21
  • Does not work. I tried replacing `Date.now()` with `$currentDate` . "$currentDate is undefined". What have I done wrong ? – Coder1000 Feb 06 '17 at 19:39
  • Thats not the way. Please read the docs. Since you have not written your full query in the question am unable to mention how to use $currentDate in your query. – Santanu Biswas Feb 06 '17 at 19:42