[Task] #43, ratelimit for login page

Type-Style · Mar 8, 2024 · 45ee2b9 · 45ee2b9
1 parent 95b5322
commit 45ee2b9
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 7 deletions.
diff --git a/src/controller/read.ts b/src/controller/read.ts
@@ -5,7 +5,7 @@ import { validationResult, query } from 'express-validator';
 import jwt from 'jsonwebtoken';
 import logger from '@src/scripts/logger';
 import { crypt } from '@src/scripts/crypt';
-import { loginSlowDown, loginLimiter } from '@src/middleware/limit';
+import { loginSlowDown, loginLimiter, baseSlowDown, baseRateLimiter } from '@src/middleware/limit';
 
 const router = express.Router();
 
@@ -37,7 +37,7 @@ router.get('/',
 
 
 // TODO write test for checking the limit on request body
-router.get("/login/", async function login(req: Request, res: Response) {
+router.get("/login/", baseSlowDown, baseRateLimiter, async function login(req: Request, res: Response) {
   logger.log("login was called");
   res.locals.text = "start";
 
@@ -110,4 +110,4 @@ function createToken(req: Request, res: Response) {
   return token;
 }
 
-export default router;
+export default router;
diff --git a/src/middleware/limit.ts b/src/middleware/limit.ts
@@ -8,7 +8,7 @@ import logger from '@src/scripts/logger';
 */
 const baseOptions: Partial<rateLimiterOptions & slowDownOptions> = {
   windowMs: 30 * 60 * 1000,
-  //skip: (req, res) => (res.locals.ip == "127.0.0.1" || res.locals.ip == "::1")
+  skip: (req, res) => (res.locals.ip == "127.0.0.1" || res.locals.ip == "::1")
 }
 
 const baseSlowDownOptions: Partial<slowDownOptions> = {
@@ -28,8 +28,8 @@ const baseRateLimitOptions: Partial<rateLimiterOptions> = {
       ipsThatReachedLimit[res.locals.ip] = { limitReachedOnError: true, time: Date.now() };
     }
     res.status(options.statusCode).send(options.message);
-  }
-
+  },
+  message: "Too many attempts"
 }
 
 
@@ -58,6 +58,7 @@ export const loginSlowDown = slowDown({
     delayMs: (used: number) => (used - 1) * 250, // Add delay after delayAfter is reached
   });
 
+export const baseRateLimiter = rateLimit(baseRateLimitOptions);
 
 export const errorRateLimiter = rateLimit({
   ...baseRateLimitOptions,
@@ -68,5 +69,5 @@ export const loginLimiter = rateLimit({
   ...baseRateLimitOptions,
   windowMs: 3 * 60 * 1000,
   limit: 3,
-  message: 'Too many failed login attempts',
+  message: 'Too many attempts without valid login',
 });