Having a website on the server side via node.js, it generates a new code every time the page is refreshed, I want to detect if 24 hours have passed since the last code generation, the problem is that to do this I need to get To be clear if 24 hours has passed, if I use setTimeout() on the user's IP, two problems arise, the first is that they can easily change their ip and get a new code, or even restart the router and assign a new one code ip, because some routers come with dynamic ips, the second problem is considering that thousands of users will access the website every day or even hourly with such a number of setTimeouts, the server will be overloaded with the amount of memory allocated for setTimeouts alone. I've read how setTimeouts work, they allocate some space in the JavaScript compiler to run at a specified time, so my heap or memory will definitely be overloaded with this, is there a better way to determine if 24 hours has passed or not? Don't use setTimeout()?
I tried to find the same problem but couldn't find any solution to this problem, I thought of using a database to solve this problem but another problem arises because I need to loop the whole database to check if the current time is 24 than The document creation time is several hours higher and such a loop would either take days to complete and fail if the API goes down (I restart it regularly to update the content)
I'm trying to find a solution that won't break my server using setTimeouts and won't fail if the API goes down for any reason, and optionally be able to determine if the user is spoofing the ips p>
P粉3563617222023-09-11 10:24:42
To solve your problem, you can use a combination of server-side storage and timestamps. Here is one possible approach:
When new code is generated, store it with a timestamp in a database or a persistent storage solution such as Redis.
When a user visits the website, retrieve the last generated code and its timestamp from storage.
Compares the current timestamp with the stored timestamp to determine if 24 hours have passed since the last code generation. You can use the Date object in JavaScript to handle timestamps.
If more than 24 hours have passed, a new code is generated and the code and timestamp stored in the database are updated.
By using this approach you avoid a lot of setTimeout calls and also don't need to loop through the entire database for each user. Instead, you just do a simple comparison of the timestamps of each user visit.
Regarding the issue of users spoofing IPs, completely preventing IP spoofing is challenging because users can use a variety of techniques to change their IP addresses. However, you can implement additional security measures to minimize the impact of IP spoofing:
Implement user authentication: require users to create an account and log in to access the website. This way, even if they change their IP, they still need valid credentials to generate new code.
Implement rate limiting: Limit the number of code generation requests per user within a specific time frame. This helps prevent abuse and reduce the impact of IP spoofing.
Monitor for suspicious activity: Implement logging and monitoring mechanisms to detect unusual patterns or behavior that may indicate IP spoofing attempts. You can set up alerts or triggers to notify you when suspicious activity is detected.
While these measures cannot completely eliminate the possibility of IP spoofing, they can make it more difficult for users to abuse the system and reduce the impact of such attempts.