diff options
author | gumi <git@gumi.ca> | 2020-03-03 23:02:36 -0500 |
---|---|---|
committer | gumi <git@gumi.ca> | 2020-03-03 23:02:36 -0500 |
commit | 349053954d45e4625ab35e6b2383608e5132eba3 (patch) | |
tree | 1939eb58d8296bd43ce21e80708381c56e0aa120 /src/brute.js | |
parent | 2df2f8a3f9eafdf1a28ce458a874135d666d0cf9 (diff) | |
download | api-349053954d45e4625ab35e6b2383608e5132eba3.tar.gz api-349053954d45e4625ab35e6b2383608e5132eba3.tar.bz2 api-349053954d45e4625ab35e6b2383608e5132eba3.tar.xz api-349053954d45e4625ab35e6b2383608e5132eba3.zip |
add rudimentary anti-bruteforcing
Diffstat (limited to 'src/brute.js')
-rw-r--r-- | src/brute.js | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/src/brute.js b/src/brute.js new file mode 100644 index 0000000..2ea767e --- /dev/null +++ b/src/brute.js @@ -0,0 +1,18 @@ +const limiters = new Map(); // Map<route, Map<ip, counter>> + +const consume = (req, max = 5, expire = 3.6e6) => { + const route = req.method + req.baseUrl + req.path; + const route_map = limiters.get(route) || limiters.set(route, new Map()).get(route); + const attempts = route_map.get(req.ip) || route_map.set(req.ip, []).get(req.ip); + + if (attempts.length >= max) { + return 0; + } else { + attempts.push(setTimeout(() => attempts.pop(), expire)); + return max - attempts.length; + } +}; + +module.exports = { + consume, +}; |