From cecb7c07a25f4523bdb7ae76cc78a2139458fc1f Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Wed, 16 Apr 2025 00:16:43 +1000
Subject: [PATCH] Updated blacklist rules

---
 VERSION.txt                                        | 2 +-
 app/Http/Middleware/ValidJson.php                  | 1 +
 app/Http/Requests/Account/CreateAccountRequest.php | 1 +
 app/Http/ValidationRules/Account/BlackListRule.php | 5 +++++
 config/ninja.php                                   | 4 ++--
 routes/api.php                                     | 2 +-
 6 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/VERSION.txt b/VERSION.txt
index f221d57044..8ec8e54b4e 100644
--- a/VERSION.txt
+++ b/VERSION.txt
@@ -1 +1 @@
-5.11.67
\ No newline at end of file
+5.11.68
\ No newline at end of file
diff --git a/app/Http/Middleware/ValidJson.php b/app/Http/Middleware/ValidJson.php
index 02706be0f4..2df94e6f07 100644
--- a/app/Http/Middleware/ValidJson.php
+++ b/app/Http/Middleware/ValidJson.php
@@ -34,6 +34,7 @@ class ValidJson
 
         if (
             $request->isJson() &&
+            $request->getContent() !== '' &&
             is_null(json_decode($request->getContent())) &&
             json_last_error() !== JSON_ERROR_NONE
         ) {
diff --git a/app/Http/Requests/Account/CreateAccountRequest.php b/app/Http/Requests/Account/CreateAccountRequest.php
index 90b0aa4280..5eeea248c4 100644
--- a/app/Http/Requests/Account/CreateAccountRequest.php
+++ b/app/Http/Requests/Account/CreateAccountRequest.php
@@ -54,6 +54,7 @@ class CreateAccountRequest extends Request
             'utm_campaign'      => 'sometimes|nullable|string',
             'utm_term'          => 'sometimes|nullable|string',
             'utm_content'       => 'sometimes|nullable|string',
+            // 'cf-turnstile' => 'required|string',
         ];
     }
 
diff --git a/app/Http/ValidationRules/Account/BlackListRule.php b/app/Http/ValidationRules/Account/BlackListRule.php
index 8c220d7922..d31269c8a0 100644
--- a/app/Http/ValidationRules/Account/BlackListRule.php
+++ b/app/Http/ValidationRules/Account/BlackListRule.php
@@ -21,6 +21,11 @@ class BlackListRule implements ValidationRule
 {
     /** Bad domains +/- disposable email domains */
     private array $blacklist = [
+        'easymailer.live',
+        'mynes.com',
+        'techeback.online',
+        'deliverydaily.org',
+        'ptct.net',
         'cybtric.com',
         'intady.com',
         'nike4s.com',
diff --git a/config/ninja.php b/config/ninja.php
index b5a25d8356..8785d87f6a 100644
--- a/config/ninja.php
+++ b/config/ninja.php
@@ -17,8 +17,8 @@ return [
     'require_https' => env('REQUIRE_HTTPS', true),
     'app_url' => rtrim(env('APP_URL', ''), '/'),
     'app_domain' => env('APP_DOMAIN', 'invoicing.co'),
-    'app_version' => env('APP_VERSION', '5.11.67'),
-    'app_tag' => env('APP_TAG', '5.11.67'),
+    'app_version' => env('APP_VERSION', '5.11.68'),
+    'app_tag' => env('APP_TAG', '5.11.68'),
     'minimum_client_version' => '5.0.16',
     'terms_version' => '1.0.1',
     'api_secret' => env('API_SECRET', false),
diff --git a/routes/api.php b/routes/api.php
index f403cf34cb..5b39788274 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -130,7 +130,7 @@ use App\Http\Controllers\Reports\RecurringInvoiceReportController;
 use App\Http\Controllers\Reports\PurchaseOrderItemReportController;
 
 Route::group(['middleware' => ['throttle:api', 'api_secret_check']], function () {
-    Route::post('api/v1/signup', [AccountController::class, 'store'])->name('signup.submit');
+    Route::post('api/v1/signup', [AccountController::class, 'store'])->name('signup.submit')->middleware('throttle:1,10');
     Route::post('api/v1/oauth_login', [LoginController::class, 'oauthApiLogin']);
 });