chore: move brute force protection logic to middleware and a singleton class

2026-01-09 07:20:05 +00:00 · 2023-03-29 15:33:32 +05:00
parent a82cabb001
commit 89048ce943
12 changed files with 190 additions and 121 deletions
--- a/api/src/middlewares/bruteForceProtection.ts
+++ b/api/src/middlewares/bruteForceProtection.ts
@@ -0,0 +1,21 @@
+import { RequestHandler } from 'express'
+import { RateLimiter, secondsToHms } from '../utils'
+
+export const bruteForceProtection: RequestHandler = async (req, res, next) => {
+  const ip = req.ip
+  const username = req.body.username
+
+  const rateLimiter = RateLimiter.getInstance()
+
+  const retrySecs = await rateLimiter.check(ip, username)
+
+  if (retrySecs > 0) {
+    res
+      .status(429)
+      .send(`Too Many Requests! Retry after ${secondsToHms(retrySecs)}`)
+
+    return
+  }
+
+  next()
+}
--- a/api/src/middlewares/index.ts
+++ b/api/src/middlewares/index.ts
@@ -4,3 +4,4 @@ export * from './csrfProtection'
 export * from './desktop'
 export * from './verifyAdmin'
 export * from './verifyAdminIfNeeded'
+export * from './bruteForceProtection'