Skip to main content
Node NewbsStuff

Simply Auth now on heroku!

By July 27, 2019No Comments

Past week I’ve been fixing issues with the simply auth project now on heroku! https://simplyauth.herokuapp.com/

I will add a rate limiting feature to limit login attempts to 3 and call it a day with this project. Rate limiting helps with brute force attacks so that a request from the same I.P address cannot have an unlimited amount of login attempts.

It also makes an ‘app’ more legit since you limit  requests as a security precaution for genuine users.

In this project the idea is to rate limit login POST requests from a specific I.P address to 5 attempts per 15 minutes. So I used express-rate-limit package.

This package is a rate-limiting middleware found at: https://www.npmjs.com/package/express-rate-limit

I was too bogged down building other features of the API so I wanted to keep this simple and effective:

Console code:

// in the console
npm install --save express-rate-limit
In app.js
const RateLimit = require('express-rate-limit');
/*rate limiter
5 login requests per 15 minutes
limit each IP to 5 requests per windowMs
*/
var limiter = new RateLimit({
windowMs: 15 * 60 * 1000,
max: 5,
message: "Too many login attempts from this IP, please try again after sometime"
});

/*rate limiter 
5 registration requests per 15 minutes 
limit each IP to 5 requests per windowMs 
*/

var createAccountLimiter = new RateLimit({
windowMs: 15 * 60 * 1000,
max: 5,
message: "Too many registration attempts from this IP, please try again after sometime"
});

// apply rate limiter to all requests //app.use(limiter); //rate limiting for login route app.use('/users/login',limiter); //rate limiting for post route app.use('/users/register',createAccountLimiter);

  • To use with proxies (example if your app is deployed on Heroku) in app.js use:

app.enable(‘trust-proxy’);

NOTE:  According to a stackoverflow  post you can  also apply a per-account rate limit. For instance, 100 requests per minute per user.

express_rate_limiter.jpg

Leave a Reply