mirror of
https://github.com/naturalcrit/homebrewery.git
synced 2026-01-14 10:42:38 +00:00
"Added express-rate-limit package and implemented rate limiting for admin API login attempts"
This commit is contained in:
Víctor Losada Hernández
30315
package-lock.json
generated
30315
package-lock.json
generated
File diff suppressed because it is too large
Load Diff
@@ -97,6 +97,7 @@
|
|||||||
"expr-eval": "^2.0.2",
|
"expr-eval": "^2.0.2",
|
||||||
"express": "^4.19.2",
|
"express": "^4.19.2",
|
||||||
"express-async-handler": "^1.2.0",
|
"express-async-handler": "^1.2.0",
|
||||||
|
"express-rate-limit": "^7.2.0",
|
||||||
"express-static-gzip": "2.1.7",
|
"express-static-gzip": "2.1.7",
|
||||||
"fs-extra": "11.2.0",
|
"fs-extra": "11.2.0",
|
||||||
"js-yaml": "^4.1.0",
|
"js-yaml": "^4.1.0",
|
||||||
|
|||||||
@@ -1,29 +1,39 @@
|
|||||||
const HomebrewModel = require('./homebrew.model.js').model;
|
const HomebrewModel = require('./homebrew.model.js').model;
|
||||||
const router = require('express').Router();
|
const router = require('express').Router();
|
||||||
const Moment = require('moment');
|
const Moment = require('moment');
|
||||||
//const render = require('vitreum/steps/render');
|
|
||||||
const templateFn = require('../client/template.js');
|
const templateFn = require('../client/template.js');
|
||||||
const zlib = require('zlib');
|
const zlib = require('zlib');
|
||||||
|
const rateLimit = require('express-rate-limit');
|
||||||
|
|
||||||
|
// Define rate limiter options
|
||||||
|
const loginLimiter = rateLimit({
|
||||||
|
windowMs: 24 * 60 * 60 * 1000, // 24 hours window
|
||||||
|
max: 10, // limit each IP to 10 requests per windowMs
|
||||||
|
message: "Too many login attempts from this IP, please try again later"
|
||||||
|
});
|
||||||
|
|
||||||
process.env.ADMIN_USER = process.env.ADMIN_USER || 'admin';
|
process.env.ADMIN_USER = process.env.ADMIN_USER || 'admin';
|
||||||
process.env.ADMIN_PASS = process.env.ADMIN_PASS || 'password3';
|
process.env.ADMIN_PASS = process.env.ADMIN_PASS || 'password3';
|
||||||
|
|
||||||
const mw = {
|
const mw = {
|
||||||
adminOnly : (req, res, next)=>{
|
adminOnly: [
|
||||||
if(!req.get('authorization')){
|
loginLimiter,
|
||||||
return res
|
(req, res, next) => {
|
||||||
.set('WWW-Authenticate', 'Basic realm="Authorization Required"')
|
if (!req.get('authorization')) {
|
||||||
.status(401)
|
return res
|
||||||
.send('Authorization Required');
|
.set('WWW-Authenticate', 'Basic realm="Authorization Required"')
|
||||||
}
|
.status(401)
|
||||||
const [username, password] = Buffer.from(req.get('authorization').split(' ').pop(), 'base64')
|
.send('Authorization Required');
|
||||||
.toString('ascii')
|
}
|
||||||
.split(':');
|
const [username, password] = Buffer.from(req.get('authorization').split(' ').pop(), 'base64')
|
||||||
if(process.env.ADMIN_USER === username && process.env.ADMIN_PASS === password){
|
.toString('ascii')
|
||||||
return next();
|
.split(':');
|
||||||
}
|
if (process.env.ADMIN_USER === username && process.env.ADMIN_PASS === password) {
|
||||||
return res.status(401).send('Access denied');
|
return next();
|
||||||
}
|
}
|
||||||
|
return res.status(401).send('Access denied');
|
||||||
|
}
|
||||||
|
]
|
||||||
};
|
};
|
||||||
|
|
||||||
const junkBrewPipeline = [
|
const junkBrewPipeline = [
|
||||||
|
|||||||
Reference in New Issue
Block a user