Fatal编程技术网
  • javascript/
  • Javascript 快车野蛮人不在我的路线上工作

Javascript 快车野蛮人不在我的路线上工作

javascript node.js

Javascript 快车野蛮人不在我的路线上工作,javascript,node.js,get,Javascript,Node.js,Get,我对模块express brute有一个问题,我无法实现一个简单的实现() 我实际上在我的路线的一部分设置了保护,但它似乎不起作用。我在不到一分钟的时间内提出了20多次请求,但它没有阻止任何东西或阻止ip。你知道这是怎么回事吗 security.js require('connect-flash'); module.exports = function(req, res, next) { var ExpressBrute = require('e

我对模块express brute有一个问题,我无法实现一个简单的实现()

我实际上在我的路线的一部分设置了保护,但它似乎不起作用。我在不到一分钟的时间内提出了20多次请求,但它没有阻止任何东西或阻止ip。你知道这是怎么回事吗

security.js

     require('connect-flash');


        module.exports = function(req, res, next) {
          var ExpressBrute = require('express-brute'),
        moment = require('moment'),
        store;

      store = new ExpressBrute.MemoryStore();
      var failCallback = function(req, res, next, nextValidRequestDate) {
        req.flash('error', "You've made too many failed attempts in a short period of time, please try again " + moment(nextValidRequestDate).fromNow());
      // res.redirect('/login'); // brute force protection triggered, send them back to the login page 
      };
      var handleStoreError = function(error) {
        log.error(error); // log this error so we can figure out what went wrong 
        // cause node to exit, hopefully restarting the process fixes the problem 
        throw {
          message: error.message,
          parent: error.parent
        };
      }
      // No more than 1000 login attempts per day per IP 
      var globalBruteforce = new ExpressBrute(store, {
        freeRetries: 20,
        attachResetToRequest: false,
        refreshTimeoutOnRequest: false,
        minWait: 25 * 60 * 60 * 1000, // 1 day 1 hour (should never reach this wait time) 
        maxWait: 25 * 60 * 60 * 1000, // 1 day 1 hour (should never reach this wait time) 
        lifetime: 24 * 60 * 60, // 1 day (seconds not milliseconds) 
        failCallback: failCallback,
        handleStoreError: handleStoreError
      });

      return globalBruteforce;

    }

var secure = require('./middleware/security');
var app = express();
var globalBruteforce = new secure();

app.use('/api', auth, globalBruteforce.prevent);
//more routes
app.js

     require('connect-flash');


        module.exports = function(req, res, next) {
          var ExpressBrute = require('express-brute'),
        moment = require('moment'),
        store;

      store = new ExpressBrute.MemoryStore();
      var failCallback = function(req, res, next, nextValidRequestDate) {
        req.flash('error', "You've made too many failed attempts in a short period of time, please try again " + moment(nextValidRequestDate).fromNow());
      // res.redirect('/login'); // brute force protection triggered, send them back to the login page 
      };
      var handleStoreError = function(error) {
        log.error(error); // log this error so we can figure out what went wrong 
        // cause node to exit, hopefully restarting the process fixes the problem 
        throw {
          message: error.message,
          parent: error.parent
        };
      }
      // No more than 1000 login attempts per day per IP 
      var globalBruteforce = new ExpressBrute(store, {
        freeRetries: 20,
        attachResetToRequest: false,
        refreshTimeoutOnRequest: false,
        minWait: 25 * 60 * 60 * 1000, // 1 day 1 hour (should never reach this wait time) 
        maxWait: 25 * 60 * 60 * 1000, // 1 day 1 hour (should never reach this wait time) 
        lifetime: 24 * 60 * 60, // 1 day (seconds not milliseconds) 
        failCallback: failCallback,
        handleStoreError: handleStoreError
      });

      return globalBruteforce;

    }

var secure = require('./middleware/security');
var app = express();
var globalBruteforce = new secure();

app.use('/api', auth, globalBruteforce.prevent);
//more routes
打了20次电话:

http://localhost:3000/api/user/systems
实际上,我将代码放在系统路径中,但似乎不起作用,任何在本地成功的express brute完整代码?

它只在直接托管的站点上有效,而不是在本地主机上,正如我所看到的那样