wmantly/mp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #31 from Newtbot/BRUTEFORCE

Browse Source 
ADDED BRUTE FORCE PREVENTION
This commit is contained in:
noot 2024-01-18 03:14:15 +08:00 committed by GitHub
commit a6ae83265e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 673 additions and 2153 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Sean/server.js
View File

@ -1,5 +1,6 @@
const express = require("express"); const express = require("express");
const session = require("express-session"); const session = require("express-session");
const rateLimit = require('express-rate-limit');
const mysql2 = require('mysql2'); const mysql2 = require('mysql2');
const bodyParser = require("body-parser"); const bodyParser = require("body-parser");
const bcrypt = require("bcrypt"); const bcrypt = require("bcrypt");
@ -128,6 +129,14 @@ const logActivity = async (username, success, message) => {
} }
}; };
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 5, // limit each IP to 3 requests per windowMs
message: 'Too many login attempts from this IP, please try again later.',
});
app.use('/login', limiter);
app.post('/login', [ app.post('/login', [
body('username').escape().trim().isLength({ min: 1 }).withMessage('Username must not be empty'), body('username').escape().trim().isLength({ min: 1 }).withMessage('Username must not be empty'),
body('password').escape().trim().isLength({ min: 1 }).withMessage('Password must not be empty'), body('password').escape().trim().isLength({ min: 1 }).withMessage('Password must not be empty'),

2685
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff