todo: Place some limits

1 files changed, 13 insertions, 2 deletions

diff --git a/modules/todo/todo.js b/modules/todo/todo.js
index 58322f2..0b3da3c 100644
--- a/modules/todo/todo.js
+++ b/modules/todo/todo.js
@@ -1,7 +1,5 @@
 "use strict";
 
-// {"key":"tasks","value":[{"id":1,"subject":"kaas rep","repweeks":0,"date":"2016-10-25T07:46:54.493Z"},{"id":2,"subject":"kaas","repweeks":0,"date":"2016-10-27T07:46:54.493Z"}]}
-
 var cmn=require("../$common.js"),
     persist=require("node-persist"),
     bcrypt=require("bcrypt"),
@@ -46,6 +44,11 @@ if(accounts==null){
 	accounts={};
 	persist.setItemSync("accounts",accounts);
 }
+var naccounts=0;
+(function(){
+	var user;
+	for(user in accounts)naccounts++;
+})();
 
 
 function sendUnauth(res){
@@ -110,6 +113,10 @@ module.exports=function(app,io,_moddir){
 			res.status(400).send("User already exists");
 			return;
 		}
+		if(naccounts>=20){
+			res.status(500).send("Too many accounts created, please contact Tom...");
+			return;
+		}
 		bcrypt.hash(user.pass,bcryptHashRounds,function(err,hash){
 			if(!hash){
 				res.status(500).send("Something went wrong...");
@@ -165,6 +172,10 @@ module.exports=function(app,io,_moddir){
 			res.status(400).send("Invalid data");
 			return;
 		}
+		if(tasks[req.authuser].length>=40){
+			res.status(400).send("Isn't 40 tasks enough for you?");
+			return;
+		}
 		tasks[req.authuser].push({
 			id:nextid++,
 			subject:subject,