From 41f12ad2f32f3ae7d66acb2e9e4fa412fe523f06 Mon Sep 17 00:00:00 2001
From: dec0dOS <alex.potapov21@gmail.com>
Date: Sun, 15 Oct 2023 21:41:52 +0100
Subject: [PATCH] chore: small changes

---
 README.md              | 4 ++--
 backend/routes/auth.js | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 5522daa..228587a 100755
--- a/README.md
+++ b/README.md
@@ -168,8 +168,8 @@ Advanced manual setups are also supported. Check the following environment varia
 | ZU_DISABLE_AUTH | unset | If set to true, automatically log in all users. This is useful if ZeroUI is protected by an authentication proxy. Note that when this value is changed, the localStorage of instances of logged-in panels should be cleared |
 | ZU_LAST_SEEN_FETCH | `true`| Enables [Last Seen feature](https://github.com/dec0dOS/zero-ui/issues/40) |
 | ZU_LAST_SEEN_SCHEDULE | `*/5 * * * *` | Last Seen cron-like schedule |
-| ZT_BAN_TIME | 30 | The duration of the user's ban. (in minutes). |
-| ZT_TRIES_TO_BAN | 50 | User/password combination attemps before ban. |
+| ZU_LOGIN_LIMIT_WINDOW | 30 | The duration of the IP ban in minutes |
+| ZT_LOGIN_LIMIT_ATTEMPTS | 50 | Login attemps before ban |
 
 ZeroUI could be deployed as a regular nodejs web application, but it requires a ZeroTier controller that is installed with the `zerotier-one` package. For more info about the network controller, you could read [here](https://github.com/zerotier/ZeroTierOne/tree/master/controller/#readme).
 
diff --git a/backend/routes/auth.js b/backend/routes/auth.js
index 7cc1a80..f1d2368 100644
--- a/backend/routes/auth.js
+++ b/backend/routes/auth.js
@@ -5,8 +5,8 @@ const router = express.Router();
 import * as auth from "../services/auth.js";
 
 const loginLimiter = rateLimit({
-  windowMs: (Number(process.env.ZT_BAN_TIME) || 30) * 60 * 1000, // 30 minutes
-  max: Number(process.env.ZT_TRIES_TO_BAN) || 50, // limit each IP to 50 requests per windowMs
+  windowMs: (Number(process.env.ZU_LOGIN_LIMIT_WINDOW) || 30) * 60 * 1000, // 30 minutes
+  max: Number(process.env.ZT_LOGIN_LIMIT_ATTEMPTS) || 50, // limit each IP to 50 requests per windowMs
   message: {
     status: 429,
     error: "Too many login attempts, please try again in 15 minutes.",