File size: 1,735 Bytes
5c5b371 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
import { Request, Response, RequestHandler } from "express";
import { config } from "../config";
const ADMIN_KEY = config.adminKey;
const failedAttempts = new Map<string, number>();
type AuthorizeParams = { via: "cookie" | "header" };
export const authorize: ({ via }: AuthorizeParams) => RequestHandler =
({ via }) =>
(req, res, next) => {
const bearerToken = req.headers.authorization?.slice("Bearer ".length);
const cookieToken = req.session.adminToken;
const token = via === "cookie" ? cookieToken : bearerToken;
const attempts = failedAttempts.get(req.ip) ?? 0;
if (!ADMIN_KEY) {
req.log.warn(
{ ip: req.ip },
`Blocked admin request because no admin key is configured`
);
return res.status(401).json({ error: "Unauthorized" });
}
if (attempts > 5) {
req.log.warn(
{ ip: req.ip, token: bearerToken },
`Blocked admin request due to too many failed attempts`
);
return res.status(401).json({ error: "Too many attempts" });
}
if (token && token === ADMIN_KEY) {
return next();
}
req.log.warn(
{ ip: req.ip, attempts, invalidToken: String(token) },
`Attempted admin request with invalid token`
);
return handleFailedLogin(req, res);
};
function handleFailedLogin(req: Request, res: Response) {
const attempts = failedAttempts.get(req.ip) ?? 0;
const newAttempts = attempts + 1;
failedAttempts.set(req.ip, newAttempts);
if (req.accepts("json", "html") === "json") {
return res.status(401).json({ error: "Unauthorized" });
}
delete req.session.adminToken;
req.session.flash = { type: "error", message: `Invalid admin key.` };
return res.redirect("/admin/login");
}
|