sasjs/server
1
0
Fork 0
mirror of https://github.com/sasjs/server.git synced 2026-01-07 06:30:06 +00:00
Code Issues Projects Releases Wiki Activity

chore: quick fix

Browse Source
This commit is contained in:
Sabir Hassan
2023-03-29 23:22:32 +05:00
parent 462829fd9a
commit 570995e572
2 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
api/src/routes/api/spec/web.spec.ts
View File

@@ -82,7 +82,7 @@ describe('web', () => {
}) })
}) })
it('should respond with too many requests when attempting with invalid password for a same user 10 times', async () => { it('should respond with too many requests when attempting with invalid password for a same user too many times', async () => {
await userController.createUser(user) await userController.createUser(user)
const promises: request.Test[] = [] const promises: request.Test[] = []
@@ -91,7 +91,7 @@ describe('web', () => {
process.env.MAX_CONSECUTIVE_FAILS_BY_USERNAME_AND_IP process.env.MAX_CONSECUTIVE_FAILS_BY_USERNAME_AND_IP
) )
Array(maxConsecutiveFailsByUsernameAndIp) Array(maxConsecutiveFailsByUsernameAndIp + 1)
.fill(0) .fill(0)
.map((_, i) => { .map((_, i) => {
promises.push( promises.push(
@@ -117,7 +117,7 @@ describe('web', () => {
.expect(429) .expect(429)
}) })
it('should respond with too many requests when attempting with invalid credentials for different users but with same ip 100 times', async () => { it('should respond with too many requests when attempting with invalid credentials for different users but with same ip too many times', async () => {
await userController.createUser(user) await userController.createUser(user)
const promises: request.Test[] = [] const promises: request.Test[] = []
@@ -126,7 +126,7 @@ describe('web', () => {
process.env.MAX_WRONG_ATTEMPTS_BY_IP_PER_DAY process.env.MAX_WRONG_ATTEMPTS_BY_IP_PER_DAY
) )
Array(maxWrongAttemptsByIpPerDay) Array(maxWrongAttemptsByIpPerDay + 1)
.fill(0) .fill(0)
.map((_, i) => { .map((_, i) => {
promises.push( promises.push(

5
api/src/utils/rateLimiter.ts
View File

@@ -60,6 +60,11 @@ export class RateLimiter {
this.limiterConsecutiveFailsByUsernameAndIP.get(usernameIPkey) this.limiterConsecutiveFailsByUsernameAndIP.get(usernameIPkey)
]) ])
// NOTE: To make use of blockDuration option from RateLimiterMongo
// comparison in both following if statements should have greater than symbol
// otherwise, blockDuration option will not work
// For more info see: https://github.com/animir/node-rate-limiter-flexible/wiki/Options#blockduration
// Check if IP or Username + IP is already blocked // Check if IP or Username + IP is already blocked
if ( if (
resSlowByIP !== null && resSlowByIP !== null &&