express-bouncer
v0.2.0
Published
Express middleware for mitigating brute-force attacks
Downloads
1,082
Maintainers
Readme
Express Bouncer
Installation
$ npm install express-bouncer
Quick Start
// Creates a new instance of our bouncer (args optional)
var bouncer = require ("express-bouncer")(500, 900000);
// Add white-listed addresses (optional)
bouncer.whitelist.push ("127.0.0.1");
// In case we want to supply our own error (optional)
bouncer.blocked = function (req, res, next, remaining)
{
res.send (429, "Too many requests have been made, " +
"please wait " + remaining / 1000 + " seconds");
};
// Route we wish to protect with bouncer middleware
app.post ("/login", bouncer.block, function (req, res)
{
if (LoginFailed)
{
// Login failed
}
else
{
bouncer.reset (req);
// Login succeeded
}
});
// Clear all logged addresses
// (Usually never really used)
bouncer.addresses = { };
Documentation
Constructor
express-bouncer ([min], [max], [free])
- min The minimum number of milliseconds the user can be forced to wait. (default: 500 ms)
- max The maximum number of milliseconds the user can be forced to wait. (default: 10 min)
- free The number of attempts a user can make before being forced to wait. (default: 2)
Functions
- reset Resets the wait time between attempts for the specified request.
- block Middleware that will block requests which are occurring too often.
Properties
- addresses A list of logged IP addresses. Cleared by overriding with new object.
- whitelist A list of white-listed IP addresses. These addresses will never be blocked.
- blocked Function to be called when a request has been blocked. (see quick start)
Author
- Email: [email protected]
- Home: dave.krutsko.net
- GitHub: github.com/dkrutsko