feat: prevent brute force attack by rate limiting login endpoint

2026-01-06 06:10:04 +00:00 · 2023-03-28 21:43:10 +05:00
parent c4066d32a0
commit a82cabb001
13 changed files with 286 additions and 16 deletions
--- a/api/src/routes/web/web.ts
+++ b/api/src/routes/web/web.ts
@@ -35,7 +35,11 @@ webRouter.post('/SASLogon/login', desktopRestrict, async (req, res) => {
    const response = await controller.login(req, body)
    res.send(response)
  } catch (err: any) {
-    res.status(403).send(err.toString())
+    if (err instanceof Error) {
+      res.status(500).send(err.toString())
+    } else {
+      res.status(err.code).send(err.message)
+    }
  }
 })