2023-10-07 04:11:40 +08:00
|
|
|
import express from "express";
|
2023-10-13 23:02:50 +08:00
|
|
|
import rateLimit from "express-rate-limit"
|
2021-03-22 03:25:13 +08:00
|
|
|
const router = express.Router();
|
|
|
|
|
|
2023-10-08 22:37:26 +08:00
|
|
|
import * as auth from "../services/auth.js";
|
2021-03-22 03:25:13 +08:00
|
|
|
|
2023-10-13 23:02:50 +08:00
|
|
|
const loginLimiter = rateLimit({
|
|
|
|
|
windowMs: 15 * 60 * 1000, // 15 minutes
|
|
|
|
|
max: 5, // limit each IP to 5 requests per windowMs
|
|
|
|
|
message: "Too many login attempts, please try again in 15 minutes.",
|
|
|
|
|
});
|
|
|
|
|
|
2022-05-24 10:09:30 +08:00
|
|
|
router.get("/login", async function (req, res) {
|
|
|
|
|
if (process.env.ZU_DISABLE_AUTH === "true") {
|
|
|
|
|
res.send({ enabled: false });
|
|
|
|
|
} else {
|
|
|
|
|
res.send({ enabled: true });
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
2023-10-13 23:02:50 +08:00
|
|
|
router.post("/login", loginLimiter, async function (req, res) {
|
2021-03-22 03:25:13 +08:00
|
|
|
if (req.body.username && req.body.password) {
|
2023-10-08 22:37:26 +08:00
|
|
|
auth.authorize(req.body.username, req.body.password, function (err, user) {
|
2023-10-13 23:02:50 +08:00
|
|
|
console.log(err.message)
|
2021-03-22 03:25:13 +08:00
|
|
|
if (user) {
|
|
|
|
|
res.send({ token: user["token"] });
|
|
|
|
|
} else {
|
|
|
|
|
res.status(401).send({
|
|
|
|
|
error: err.message,
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
} else {
|
|
|
|
|
res.status(400).send({ error: "Specify username and password" });
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
2023-10-07 04:11:40 +08:00
|
|
|
export default router;
|
