| const rateLimit = require('express-rate-limit'); | |
| const { logViolation } = require('../../cache'); | |
| const { removePorts } = require('../utils'); | |
| const { LOGIN_WINDOW = 5, LOGIN_MAX = 7, LOGIN_VIOLATION_SCORE: score } = process.env; | |
| const windowMs = LOGIN_WINDOW * 60 * 1000; | |
| const max = LOGIN_MAX; | |
| const windowInMinutes = windowMs / 60000; | |
| const message = `Too many login attempts, please try again after ${windowInMinutes} minutes.`; | |
| const handler = async (req, res) => { | |
| const type = 'logins'; | |
| const errorMessage = { | |
| type, | |
| max, | |
| windowInMinutes, | |
| }; | |
| await logViolation(req, res, type, errorMessage, score); | |
| return res.status(429).json({ message }); | |
| }; | |
| const loginLimiter = rateLimit({ | |
| windowMs, | |
| max, | |
| handler, | |
| keyGenerator: removePorts, | |
| }); | |
| module.exports = loginLimiter; | |