From 91410b1a153a570b3f8c67ecf22af921de4728f9 Mon Sep 17 00:00:00 2001 From: Alice Gaudon Date: Tue, 27 Apr 2021 14:43:27 +0200 Subject: [PATCH 1/2] App startup: add http:// before listen address for conveniance --- src/components/ExpressAppComponent.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/components/ExpressAppComponent.ts b/src/components/ExpressAppComponent.ts index 5ab489a..d4d41d2 100644 --- a/src/components/ExpressAppComponent.ts +++ b/src/components/ExpressAppComponent.ts @@ -20,7 +20,7 @@ export default class ExpressAppComponent extends ApplicationComponent { public async start(app: Express): Promise { this.server = app.listen(this.port, this.addr, () => { - logger.info(`Web server running on ${this.addr}:${this.port}.`); + logger.info(`Web server running on http://${this.addr}:${this.port}.`); }); // Proxy From 533cef5ab8d671f8f722d36dfb69c38a70fc116b Mon Sep 17 00:00:00 2001 From: Alice Gaudon Date: Wed, 2 Jun 2021 16:48:58 +0200 Subject: [PATCH 2/2] Use user id to throttle failed login attempts instead of name This allows UserNameComponent to be optional --- src/auth/password/PasswordAuthMethod.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/auth/password/PasswordAuthMethod.ts b/src/auth/password/PasswordAuthMethod.ts index 6372c2e..41077d5 100644 --- a/src/auth/password/PasswordAuthMethod.ts +++ b/src/auth/password/PasswordAuthMethod.ts @@ -66,7 +66,7 @@ export default class PasswordAuthMethod implements AuthMethod } catch (e) { if (e instanceof AuthError) { Throttler.throttle('login_failed_attempts_user', 3, 3 * 60 * 1000, // 3min - user.getOrFail('name'), 1000, 60 * 1000); // 1min + user.getOrFail('id').toString(), 1000, 60 * 1000); // 1min Throttler.throttle('login_failed_attempts_ip', 50, 60 * 1000, // 1min req.ip, 1000, 3600 * 1000); // 1h