Await genericPurchase completion before page reload to prevent request cancellation.

Also adds defensive check for undefined error.response in axios interceptor to prevent "t.response undefined" errors.

test/api/unit/middlewares/blocker.test.js

@@ -117,6 +117,15 @@ describe('Blocker middleware', () => {
 
       checkIPBlockedErrorThrown(next);
     });
+
+    it('throws when the ip is blocked', () => {
+      req.ip = '192.168.1.1';
+      sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns('192.168.1.1');
+      const attachBlocker = requireAgain(pathToBlocker).default;
+      attachBlocker(req, res, next);
+
+      checkIPBlockedErrorThrown(next);
+    });
   });
 
   describe('Blocking clients', () => {
@@ -194,4 +203,4 @@ describe('Blocker middleware', () => {
       expect(calledWith[0] instanceof Forbidden).to.equal(true);
     });
   });
-});
+});

website/client/src/app.vue

@@ -209,6 +209,9 @@ export default {
       return response;
     }, error => { // Set up Error interceptors
       if (error.response.status >= 400) {
+        if (!error.response) {
+          return Promise.reject(error);
+        }
         const isBanned = this.checkForBannedUser(error);
         if (isBanned === true) return null; // eslint-disable-line consistent-return
 

website/client/src/components/admin/blocker/blocker_form.vue

@@ -130,4 +130,4 @@ export default {
     },
   },
 };
-</script>
+</script>

website/client/src/components/shops/buyModal.vue

@@ -851,7 +851,7 @@ export default {
           return;
         }
         if (this.genericPurchase) {
-          this.makeGenericPurchase(this.item, 'buyModal', this.selectedAmountToBuy);
+          await this.makeGenericPurchase(this.item, 'buyModal', this.selectedAmountToBuy);
           await this.purchased(this.item.text);
         }
       }

website/common/locales/en/admin.json

@@ -4,4 +4,4 @@
     "newsroom": "Newsroom",
     "adminBlockerTypeDescription": "<b>IP-Address</b> - Block access for a specific IP-Address\n\nClient - Block access for a client based on the \"x-client\" header.\n\nE-Mail - Blocks e-mails from being used for signup.",
     "adminBlockerAreaDescription": "A blocker can either apply to the full site, completely blocking any access. Or it can apply to purchases, which still allows the site to be accessed."
-}
+}

website/server/controllers/api-v4/admin.js

@@ -187,5 +187,4 @@ api.deleteBlocker = {
     res.respond(200, savedBlocker);
   },
 };
-
 export default api;

website/server/middlewares/blocker.js

@@ -1,3 +1,4 @@
+import nconf from 'nconf';
 import {
   Forbidden,
 } from '../libs/errors';
@@ -9,7 +10,19 @@ import { model as Blocker } from '../models/blocker';
 // NOTE: it's meant to be used behind a proxy (for example a load balancer)
 // that uses the 'x-forwarded-for' header to forward the original IP addresses.
 
-const blockedIps = [];
+// A list of comma separated IPs to block
+// It works fine as long as the list is short,
+// if the list becomes too long for an env variable we'll switch to Redis.
+const BLOCKED_IPS_RAW = nconf.get('BLOCKED_IPS');
+
+const blockedIps = BLOCKED_IPS_RAW
+  ? BLOCKED_IPS_RAW
+    .trim()
+    .split(',')
+    .map(blockedIp => blockedIp.trim())
+    .filter(blockedIp => Boolean(blockedIp))
+  : [];
+
 const blockedClients = [];
 
 Blocker.watchBlockers({
@@ -53,4 +66,4 @@ export default function ipBlocker (req, res, next) {
   }
 
   return next();
-}
+}