From 3e76e584aedb08f448aa1ee2388409c5e938975a Mon Sep 17 00:00:00 2001
From: tomsmeding <tom.smeding@gmail.com>
Date: Sun, 30 Oct 2016 07:45:06 +0100
Subject: todo: Place some limits

---
 modules/todo/todo.js | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

(limited to 'modules/todo')

diff --git a/modules/todo/todo.js b/modules/todo/todo.js
index 58322f2..0b3da3c 100644
--- a/modules/todo/todo.js
+++ b/modules/todo/todo.js
@@ -1,7 +1,5 @@
 "use strict";
 
-// {"key":"tasks","value":[{"id":1,"subject":"kaas rep","repweeks":0,"date":"2016-10-25T07:46:54.493Z"},{"id":2,"subject":"kaas","repweeks":0,"date":"2016-10-27T07:46:54.493Z"}]}
-
 var cmn=require("../$common.js"),
     persist=require("node-persist"),
     bcrypt=require("bcrypt"),
@@ -46,6 +44,11 @@ if(accounts==null){
 	accounts={};
 	persist.setItemSync("accounts",accounts);
 }
+var naccounts=0;
+(function(){
+	var user;
+	for(user in accounts)naccounts++;
+})();
 
 
 function sendUnauth(res){
@@ -110,6 +113,10 @@ module.exports=function(app,io,_moddir){
 			res.status(400).send("User already exists");
 			return;
 		}
+		if(naccounts>=20){
+			res.status(500).send("Too many accounts created, please contact Tom...");
+			return;
+		}
 		bcrypt.hash(user.pass,bcryptHashRounds,function(err,hash){
 			if(!hash){
 				res.status(500).send("Something went wrong...");
@@ -165,6 +172,10 @@ module.exports=function(app,io,_moddir){
 			res.status(400).send("Invalid data");
 			return;
 		}
+		if(tasks[req.authuser].length>=40){
+			res.status(400).send("Isn't 40 tasks enough for you?");
+			return;
+		}
 		tasks[req.authuser].push({
 			id:nextid++,
 			subject:subject,
-- 
cgit v1.2.3-54-g00ecf