feat: login-limiter

2024-09-20 06:56:05 +08:00 · 2023-10-15 10:41:19 +02:00 · 2023-10-15 10:41:19 +02:00 · 7dd6f3729b
parent 60777f5165
commit 7dd6f3729b
4 changed files with 14 additions and 8 deletions
--- a/.gitignore
+++ b/.gitignore
@ -161,4 +161,5 @@ sketch
 # and uncomment the following lines
 # .pnp.*

-# End of https://www.toptal.com/developers/gitignore/api/vscode,yarn,react,node
+# End of https://www.toptal.com/developers/gitignore/api/vscode,yarn,react,node
+.yarn/cache/*
--- a/backend/routes/auth.js
+++ b/backend/routes/auth.js
@ -1,5 +1,5 @@
 import express from "express";
-import rateLimit from "express-rate-limit"
+import rateLimit from "express-rate-limit";
 const router = express.Router();

 import * as auth from "../services/auth.js";
@ -7,7 +7,10 @@ import * as auth from "../services/auth.js";
 const loginLimiter = rateLimit({
  windowMs: 15 * 60 * 1000, // 15 minutes
  max: 5, // limit each IP to 5 requests per windowMs
-  message: "Too many login attempts, please try again in 15 minutes.",
+  message: {
+    status: 429,
+    error: "Too many login attempts, please try again in 15 minutes.",
+  },
 });

 router.get("/login", async function (req, res) {
@ -21,7 +24,6 @@ router.get("/login", async function (req, res) {
 router.post("/login", loginLimiter, async function (req, res) {
  if (req.body.username && req.body.password) {
    auth.authorize(req.body.username, req.body.password, function (err, user) {
-      console.log(err.message)
      if (user) {
        res.send({ token: user["token"] });
      } else {
--- a/backend/services/auth.js
+++ b/backend/services/auth.js
@ -8,12 +8,12 @@ export async function authorize(username, password, callback) {
    throw err;
  }
  const user = users.find({ username: username });
-  if (!user.value()) return callback(new Error("Cannot find user"));
+  if (!user.value()) return callback(new Error("Invalid username or password")); // If return "user not found" someone can do a user listing
  const verified = await verifyHash(password, user.value()["password_hash"]);
  if (verified) {
    return callback(null, user.value());
  } else {
-    return callback(new Error("Invalid password"));
+    return callback(new Error("Invalid username or password"));
  }
 }

--- a/frontend/src/components/LogIn/components/LogInUser/LogInUser.jsx
+++ b/frontend/src/components/LogIn/components/LogInUser/LogInUser.jsx
@ -17,6 +17,8 @@ function LogInUser() {
  const [open, setOpen] = useState(false);
  const [snackbarOpen, setSnackbarOpen] = useState(false);

+  const [error, setError] = useState("");
+
  const [username, setUsername] = useState("");
  const [password, setPassword] = useState("");

@ -65,7 +67,8 @@ function LogInUser() {
      .catch(function (error) {
        setPassword("");
        setSnackbarOpen(true);
-        console.error(error);
+        setError(error.response.data.error);
+        // console.error(error.response.data.error);
      });
  };

@ -114,7 +117,7 @@ function LogInUser() {
          vertical: "top",
          horizontal: "center",
        }}
-        message="Invalid username or password"
+        message={error}
      />
    </>
  );