feat: login-limiter

.gitignore

@@ -161,4 +161,5 @@ sketch
 # and uncomment the following lines
 # .pnp.*
 
-# End of https://www.toptal.com/developers/gitignore/api/vscode,yarn,react,node
+# End of https://www.toptal.com/developers/gitignore/api/vscode,yarn,react,node
+.yarn/cache/*

backend/routes/auth.js

@@ -1,5 +1,5 @@
 import express from "express";
-import rateLimit from "express-rate-limit"
+import rateLimit from "express-rate-limit";
 const router = express.Router();
 
 import * as auth from "../services/auth.js";
@@ -7,7 +7,10 @@ import * as auth from "../services/auth.js";
 const loginLimiter = rateLimit({
   windowMs: 15 * 60 * 1000, // 15 minutes
   max: 5, // limit each IP to 5 requests per windowMs
-  message: "Too many login attempts, please try again in 15 minutes.",
+  message: {
+    status: 429,
+    error: "Too many login attempts, please try again in 15 minutes.",
+  },
 });
 
 router.get("/login", async function (req, res) {
@@ -21,7 +24,6 @@ router.get("/login", async function (req, res) {
 router.post("/login", loginLimiter, async function (req, res) {
   if (req.body.username && req.body.password) {
     auth.authorize(req.body.username, req.body.password, function (err, user) {
-      console.log(err.message)
       if (user) {
         res.send({ token: user["token"] });
       } else {

backend/services/auth.js

@@ -8,12 +8,12 @@ export async function authorize(username, password, callback) {
     throw err;
   }
   const user = users.find({ username: username });
-  if (!user.value()) return callback(new Error("Cannot find user"));
+  if (!user.value()) return callback(new Error("Invalid username or password")); // If return "user not found" someone can do a user listing
   const verified = await verifyHash(password, user.value()["password_hash"]);
   if (verified) {
     return callback(null, user.value());
   } else {
-    return callback(new Error("Invalid password"));
+    return callback(new Error("Invalid username or password"));
   }
 }
 

frontend/src/components/LogIn/components/LogInUser/LogInUser.jsx

@@ -17,6 +17,8 @@ function LogInUser() {
   const [open, setOpen] = useState(false);
   const [snackbarOpen, setSnackbarOpen] = useState(false);
 
+  const [error, setError] = useState("");
+
   const [username, setUsername] = useState("");
   const [password, setPassword] = useState("");
 
@@ -65,7 +67,8 @@ function LogInUser() {
       .catch(function (error) {
         setPassword("");
         setSnackbarOpen(true);
-        console.error(error);
+        setError(error.response.data.error);
+        // console.error(error.response.data.error);
       });
   };
 
@@ -114,7 +117,7 @@ function LogInUser() {
           vertical: "top",
           horizontal: "center",
         }}
-        message="Invalid username or password"
+        message={error}
       />
     </>
   );