Module to record failed attempts and prevent brute force credential guessing
- Description:
Module to record failed attempts and prevent brute force credential guessing
- Source:
Example
var username, pass;
preventBruteforce.isBlocked("login", username, function(isBlocked, fails, err) {
if (isBlocked) {
console.log("User is blocked");
return;
}
else {
if (login()) {
//user logged in, reset any fails user had
preventBruteforce.reset("login", username);
}
else {
//user failed to login, increase fails
preventBruteforce.fail("login", username);
}
}
});Members
(static) blockHooks
- Source:
Properties:
| Name | Type | Description |
|---|---|---|
blockHooks |
object | map path identifiers to functions that are executed when users are blocked e.g. send a mail |
(static) db
- Source:
Properties:
| Name | Type | Description |
|---|---|---|
db |
object | Data base connection. Needs to be set befoe callng any other function. |
(static) fails
- Source:
Properties:
| Name | Type | Description |
|---|---|---|
fails |
number | How many times user is allowed to fail |
(static) mail
- Source:
Properties:
| Name | Type | Description |
|---|---|---|
mail |
object | Mail service to add mailing capabilities |
(static) pathIdentifiers
- Source:
Properties:
| Name | Type | Description |
|---|---|---|
pathIdentifiers |
object | Scope or path of check |
(static) userIdentifiers
- Source:
Properties:
| Name | Type | Description |
|---|---|---|
userIdentifiers |
object | map paths to functions that extract identifiers from requests i.e. (req) => {ip: req.ip} |
(static) wait
- Source:
Properties:
| Name | Type | Description |
|---|---|---|
wait |
number | How long to wait in seconds until removing the block |
Methods
(static) fail(pid, uid, callback)
- Description:
Increase fails for provided namepsace and user
- Source:
Example
preventBruteforce.fail("login", username);Parameters:
| Name | Type | Description |
|---|---|---|
pid |
string | namespace of the block |
uid |
string | user identifier |
callback |
function | callback to call when done |
(static) isBlocked(pid, uid, callback)
- Description:
Check if user is blocked for provided namepsace and user idendtifier
- Source:
Example
var username, pass;
preventBruteforce.isBlocked("login", username, function(isBlocked, fails, err) {
if (isBlocked) {
console.log("User is blocked");
return;
}
else {
if (login()) {
//user logged in, reset any fails user had
preventBruteforce.reset("login", username);
}
else {
//user failed to login, increase fails
preventBruteforce.fail("login", username);
}
}
});Parameters:
| Name | Type | Description |
|---|---|---|
pid |
string | namespace of the block |
uid |
string | user identifier |
callback |
function | callback to call with result |
(static) middleware(req, res, next)
- Description:
Middleware to listen to specific paths and check if user is blocked
- Source:
Example
app.use(preventBruteforce.middleware);Parameters:
| Name | Type | Description |
|---|---|---|
req |
object | request object |
res |
object | response object |
next |
function | callback to call next middleware |
(static) reset(pid, uid, callback)
- Description:
Reset fails for provided namepsace and user
- Source:
Example
preventBruteforce.reset("login", username);Parameters:
| Name | Type | Description |
|---|---|---|
pid |
string | namespace of the block |
uid |
string | user identifier |
callback |
function | callback to call when done |
(inner) getTimestamp() → {number}
- Description:
Get current unix timestamp in seconds
- Source:
Returns:
current unix timestamp in seconds
- Type
- number