lucien/tanuki-s-forum
1
0
Fork 0
generated from lucien/api-template
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

improved rate limits

Browse source
This commit is contained in:
Lukian 2025-04-21 20:58:46 +02:00
parent 46aea20bf5
commit 9806fc3b3c
3 changed files with 44 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

17
back/api/auth.js
View file

@ -4,6 +4,8 @@ const jwt = require('jsonwebtoken');
const { getConnection, getUserByUsername, addUser, setUserPfp, setUserUsername, setUserPassword } = require('../libs/mysql');
const { checkAuth } = require('../libs/middlewares');
const multer = require('multer')
const rateLimit = require("express-rate-limit");
const slowDown = require("express-slow-down");
const fs = require('node:fs');
const upload = multer({ dest: 'data/pfps/' })
@ -12,9 +14,20 @@ upload.limits = {
files: 1,
};
const limiter = rateLimit({
windowMs: 3 * 1000,
max: 2,
});
const speedLimiter = slowDown({
windowMs: 1 * 1000,
delayAfter: 2,
delayMs: () => 5000,
});
const router = express.Router();
router.post('/login', async (req, res) => {
router.post('/login', speedLimiter, limiter, async (req, res) => {
const { username, password } = req.body;
if (!username || !password) {
@ -35,7 +48,7 @@ router.post('/login', async (req, res) => {
res.status(401).send({ error: 'Invalid username or password' });
});
router.post('/register', async (req, res) => {
router.post('/register', speedLimiter, limiter, async (req, res) => {
const { username, password } = req.body;
const connection = await getConnection();