Javascript 快车野蛮人不在我的路线上工作
我对模块express brute有一个问题,我无法实现一个简单的实现() 我实际上在我的路线的一部分设置了保护,但它似乎不起作用。我在不到一分钟的时间内提出了20多次请求,但它没有阻止任何东西或阻止ip。你知道这是怎么回事吗 security.jsJavascript 快车野蛮人不在我的路线上工作,javascript,node.js,get,Javascript,Node.js,Get,我对模块express brute有一个问题,我无法实现一个简单的实现() 我实际上在我的路线的一部分设置了保护,但它似乎不起作用。我在不到一分钟的时间内提出了20多次请求,但它没有阻止任何东西或阻止ip。你知道这是怎么回事吗 security.js require('connect-flash'); module.exports = function(req, res, next) { var ExpressBrute = require('e
require('connect-flash');
module.exports = function(req, res, next) {
var ExpressBrute = require('express-brute'),
moment = require('moment'),
store;
store = new ExpressBrute.MemoryStore();
var failCallback = function(req, res, next, nextValidRequestDate) {
req.flash('error', "You've made too many failed attempts in a short period of time, please try again " + moment(nextValidRequestDate).fromNow());
// res.redirect('/login'); // brute force protection triggered, send them back to the login page
};
var handleStoreError = function(error) {
log.error(error); // log this error so we can figure out what went wrong
// cause node to exit, hopefully restarting the process fixes the problem
throw {
message: error.message,
parent: error.parent
};
}
// No more than 1000 login attempts per day per IP
var globalBruteforce = new ExpressBrute(store, {
freeRetries: 20,
attachResetToRequest: false,
refreshTimeoutOnRequest: false,
minWait: 25 * 60 * 60 * 1000, // 1 day 1 hour (should never reach this wait time)
maxWait: 25 * 60 * 60 * 1000, // 1 day 1 hour (should never reach this wait time)
lifetime: 24 * 60 * 60, // 1 day (seconds not milliseconds)
failCallback: failCallback,
handleStoreError: handleStoreError
});
return globalBruteforce;
}
var secure = require('./middleware/security');
var app = express();
var globalBruteforce = new secure();
app.use('/api', auth, globalBruteforce.prevent);
//more routes
app.js
require('connect-flash');
module.exports = function(req, res, next) {
var ExpressBrute = require('express-brute'),
moment = require('moment'),
store;
store = new ExpressBrute.MemoryStore();
var failCallback = function(req, res, next, nextValidRequestDate) {
req.flash('error', "You've made too many failed attempts in a short period of time, please try again " + moment(nextValidRequestDate).fromNow());
// res.redirect('/login'); // brute force protection triggered, send them back to the login page
};
var handleStoreError = function(error) {
log.error(error); // log this error so we can figure out what went wrong
// cause node to exit, hopefully restarting the process fixes the problem
throw {
message: error.message,
parent: error.parent
};
}
// No more than 1000 login attempts per day per IP
var globalBruteforce = new ExpressBrute(store, {
freeRetries: 20,
attachResetToRequest: false,
refreshTimeoutOnRequest: false,
minWait: 25 * 60 * 60 * 1000, // 1 day 1 hour (should never reach this wait time)
maxWait: 25 * 60 * 60 * 1000, // 1 day 1 hour (should never reach this wait time)
lifetime: 24 * 60 * 60, // 1 day (seconds not milliseconds)
failCallback: failCallback,
handleStoreError: handleStoreError
});
return globalBruteforce;
}
var secure = require('./middleware/security');
var app = express();
var globalBruteforce = new secure();
app.use('/api', auth, globalBruteforce.prevent);
//more routes
打了20次电话:
http://localhost:3000/api/user/systems
实际上,我将代码放在系统路径中,但似乎不起作用,任何在本地成功的express brute完整代码?它只在直接托管的站点上有效,而不是在本地主机上,正如我所看到的那样