Teaching Newbies since 2014

kauress

  • Home
  • Javascript ❤
    • JavaScript
    • Node.js
  • WebDev Tuts
  • screencasts
  • Resources
  • VR & AR
  • Contact
  • Github
  • Twitter
  • YouTube
  • RSS
  • C++
You are here: Home / Javascript ❤ / Simply Auth now on heroku!

July 27, 2019 by: Kauress

Simply Auth now on heroku!

Past week I’ve been fixing issues with the simply auth project now on heroku! https://simplyauth.herokuapp.com/

I will add a rate limiting feature to limit login attempts to 3 and call it a day with this project. Rate limiting helps with brute force attacks so that a request from the same I.P address cannot have an unlimited amount of login attempts.

It also makes an ‘app’ more legit since you limit  requests as a security precaution for genuine users.

In this project the idea is to rate limit login POST requests from a specific I.P address to 5 attempts per 15 minutes. So I used express-rate-limit package.

This package is a rate-limiting middleware found at: https://www.npmjs.com/package/express-rate-limit

I was too bogged down building other features of the API so I wanted to keep this simple and effective:

Console code:

// in the console
npm install --save express-rate-limit
In app.js
const RateLimit = require('express-rate-limit');
/*rate limiter
5 login requests per 15 minutes
limit each IP to 5 requests per windowMs
*/
var limiter = new RateLimit({
windowMs: 15 * 60 * 1000,
max: 5,
message: "Too many login attempts from this IP, please try again after sometime"
});

/*rate limiter 
5 registration requests per 15 minutes 
limit each IP to 5 requests per windowMs 
*/

var createAccountLimiter = new RateLimit({
windowMs: 15 * 60 * 1000,
max: 5,
message: "Too many registration attempts from this IP, please try again after sometime"
});

// apply rate limiter to all requests //app.use(limiter); //rate limiting for login route app.use('/users/login',limiter); //rate limiting for post route app.use('/users/register',createAccountLimiter);

  • To use with proxies (example if your app is deployed on Heroku) in app.js use:

app.enable(‘trust-proxy’);

NOTE:  According to a stackoverflow  post you can  also apply a per-account rate limit. For instance, 100 requests per minute per user.

express_rate_limiter.jpg

Plug and Play Authentication for express.js
Conditionally rendering EJS template with res.locals in express.js

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Copyright © 2021 ·Kauress