github/zero-ui
1
0
Fork 0
mirror of https://github.com/dec0dOS/zero-ui.git synced 2025-08-21 05:43:57 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat:rateLimiter

Browse source
This commit is contained in:
Andrés Ruz Nieto 2023-10-13 17:02:50 +02:00
commit 60777f5165
3 changed files with 20 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
backend/package.json
View file

@ -15,6 +15,7 @@
"dotenv": "^16.3.1",
"express": "^4.18.2",
"express-bearer-token": "^2.4.0",
"express-rate-limit": "^7.1.1",
"helmet": "^5.1.1",
"lodash": "^4.17.21",
"lowdb": "^1.0.0",

10
backend/routes/auth.js
View file

@ -1,8 +1,15 @@
import express from "express";
import rateLimit from "express-rate-limit"
const router = express.Router();
import * as auth from "../services/auth.js";
const loginLimiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 5, // limit each IP to 5 requests per windowMs
message: "Too many login attempts, please try again in 15 minutes.",
});
router.get("/login", async function (req, res) {
if (process.env.ZU_DISABLE_AUTH === "true") {
res.send({ enabled: false });
@ -11,9 +18,10 @@ router.get("/login", async function (req, res) {
}
});
router.post("/login", async function (req, res) {
router.post("/login", loginLimiter, async function (req, res) {
if (req.body.username && req.body.password) {
auth.authorize(req.body.username, req.body.password, function (err, user) {
console.log(err.message)
if (user) {
res.send({ token: user["token"] });
} else {