Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-30 02:25:55 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/develop'

Browse Source
This commit is contained in:
Julian Lam
2017-10-03 13:37:43 -04:00
parent e1f180ea3f dea372a5c5
commit 6852c92ed6
6 changed files with 93 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/middleware/index.js
View File

@@ -9,6 +9,7 @@ var nconf = require('nconf');
var ensureLoggedIn = require('connect-ensure-login');
var toobusy = require('toobusy-js');
var Benchpress = require('benchpressjs');
var LRU = require('lru-cache');
var plugins = require('../plugins');
var meta = require('../meta');
@@ -23,6 +24,10 @@ var controllers = {
helpers: require('../controllers/helpers'),
};
var delayCache = LRU({
maxAge: 1000 * 60,
});
var middleware = module.exports;
middleware.applyCSRF = csrf();
@@ -186,6 +191,14 @@ middleware.processTimeagoLocales = function (req, res, next) {
middleware.delayLoading = function (req, res, next) {
// Introduces an artificial delay during load so that brute force attacks are effectively mitigated
// Add IP to cache so if too many requests are made, subsequent requests are blocked for a minute
var timesSeen = delayCache.get(req.ip) || 0;
if (timesSeen > 10) {
return res.sendStatus(429);
}
delayCache.set(req.ip, timesSeen += 1);
setTimeout(next, 1000);
};