From 7dd6f3729b54009276bd328a7577685b84b017f2 Mon Sep 17 00:00:00 2001 From: Andres Date: Sun, 15 Oct 2023 10:41:19 +0200 Subject: [PATCH] feat: login-limiter --- .gitignore | 3 ++- backend/routes/auth.js | 8 +++++--- backend/services/auth.js | 4 ++-- .../components/LogIn/components/LogInUser/LogInUser.jsx | 7 +++++-- 4 files changed, 14 insertions(+), 8 deletions(-) diff --git a/.gitignore b/.gitignore index 0a35440..8ff8d26 100644 --- a/.gitignore +++ b/.gitignore @@ -161,4 +161,5 @@ sketch # and uncomment the following lines # .pnp.* -# End of https://www.toptal.com/developers/gitignore/api/vscode,yarn,react,node \ No newline at end of file +# End of https://www.toptal.com/developers/gitignore/api/vscode,yarn,react,node +.yarn/cache/* \ No newline at end of file diff --git a/backend/routes/auth.js b/backend/routes/auth.js index 0b3bbb8..3712878 100644 --- a/backend/routes/auth.js +++ b/backend/routes/auth.js @@ -1,5 +1,5 @@ import express from "express"; -import rateLimit from "express-rate-limit" +import rateLimit from "express-rate-limit"; const router = express.Router(); import * as auth from "../services/auth.js"; @@ -7,7 +7,10 @@ import * as auth from "../services/auth.js"; const loginLimiter = rateLimit({ windowMs: 15 * 60 * 1000, // 15 minutes max: 5, // limit each IP to 5 requests per windowMs - message: "Too many login attempts, please try again in 15 minutes.", + message: { + status: 429, + error: "Too many login attempts, please try again in 15 minutes.", + }, }); router.get("/login", async function (req, res) { @@ -21,7 +24,6 @@ router.get("/login", async function (req, res) { router.post("/login", loginLimiter, async function (req, res) { if (req.body.username && req.body.password) { auth.authorize(req.body.username, req.body.password, function (err, user) { - console.log(err.message) if (user) { res.send({ token: user["token"] }); } else { diff --git a/backend/services/auth.js b/backend/services/auth.js index f908037..c7e1d7c 100644 --- a/backend/services/auth.js +++ b/backend/services/auth.js @@ -8,12 +8,12 @@ export async function authorize(username, password, callback) { throw err; } const user = users.find({ username: username }); - if (!user.value()) return callback(new Error("Cannot find user")); + if (!user.value()) return callback(new Error("Invalid username or password")); // If return "user not found" someone can do a user listing const verified = await verifyHash(password, user.value()["password_hash"]); if (verified) { return callback(null, user.value()); } else { - return callback(new Error("Invalid password")); + return callback(new Error("Invalid username or password")); } } diff --git a/frontend/src/components/LogIn/components/LogInUser/LogInUser.jsx b/frontend/src/components/LogIn/components/LogInUser/LogInUser.jsx index 38256fd..0658d3c 100644 --- a/frontend/src/components/LogIn/components/LogInUser/LogInUser.jsx +++ b/frontend/src/components/LogIn/components/LogInUser/LogInUser.jsx @@ -17,6 +17,8 @@ function LogInUser() { const [open, setOpen] = useState(false); const [snackbarOpen, setSnackbarOpen] = useState(false); + const [error, setError] = useState(""); + const [username, setUsername] = useState(""); const [password, setPassword] = useState(""); @@ -65,7 +67,8 @@ function LogInUser() { .catch(function (error) { setPassword(""); setSnackbarOpen(true); - console.error(error); + setError(error.response.data.error); + // console.error(error.response.data.error); }); }; @@ -114,7 +117,7 @@ function LogInUser() { vertical: "top", horizontal: "center", }} - message="Invalid username or password" + message={error} /> );