github/zero-ui
1
0
Fork 0
mirror of https://github.com/dec0dOS/zero-ui.git synced 2025-07-06 04:51:44 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: login-limiter

Browse source
This commit is contained in:
Andres 2023-10-15 10:41:19 +02:00
parent 60777f5165
commit 7dd6f3729b
4 changed files with 14 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

8
backend/routes/auth.js
View file

@ -1,5 +1,5 @@
import express from "express";
import rateLimit from "express-rate-limit"
import rateLimit from "express-rate-limit";
const router = express.Router();
import * as auth from "../services/auth.js";
@ -7,7 +7,10 @@ import * as auth from "../services/auth.js";
const loginLimiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 5, // limit each IP to 5 requests per windowMs
message: "Too many login attempts, please try again in 15 minutes.",
message: {
status: 429,
error: "Too many login attempts, please try again in 15 minutes.",
},
});
router.get("/login", async function (req, res) {
@ -21,7 +24,6 @@ router.get("/login", async function (req, res) {
router.post("/login", loginLimiter, async function (req, res) {
if (req.body.username && req.body.password) {
auth.authorize(req.body.username, req.body.password, function (err, user) {
console.log(err.message)
if (user) {
res.send({ token: user["token"] });
} else {