堆栈内存溢出
  简体   繁体   English

如何在现有的 node.js express 设置中集成 rate-limiter-flexible?

[英]How to integrate rate-limiter-flexible in existing node.js express setup?

 原文  2019-12-12 21:34:11       javascript/ node.js/ express/ rate-limiting

问题描述

I use node.js, passport and jwt bearer token to protect my routes.我使用 node.js、passport 和 jwt 不记名令牌来保护我的路线。 What I don't have yet is rate limiting and blocking of ip/user if too many false attempts.如果错误尝试过多,我还没有进行速率限制和阻止 ip/user。 What's the best way to implement it for my setup?为我的设置实现它的最佳方法是什么?

I want to give it a try with rate-limiter-flexible.我想尝试使用 rate-limiter-flexible。 But how can I integrate eg the Login Example from here: https://github.com/animir/node-rate-limiter-flexible/wiki/Overall-example#login-endpoint-protection in my setup below?但是我如何在下面的设置中集成例如登录示例: https : //github.com/animir/node-rate-limiter-flexible/wiki/Overall-example#login-endpoint-protection

helpers/rateLimiter.js助手/rateLimiter.js

const express = require('express');
const redis = require('redis');
const { RateLimiterRedis } = require('rate-limiter-flexible');

/* What goes here? Example https://github.com/animir/node-rate-limiter-flexible/wiki/Overall-example#login-endpoint-protection doesn't seem to apply */

Those are my routes:这些是我的路线:

routes/index.js路线/ index.js

const express = require('express');
const router = require('express-promise-router')();
const passport = require('passport');
const passLogin = passport.authenticate('local-login', { session: false, failWithError: true });
const { rateLimiter } = require('../helpers/rateLimiter');
...

router.route('/v1/login')
    .post( rateLimiter, passLogin, function(err, req, res, next) {
        return res.status(401).send({ status: 401, success: false })
}, controller.login );

router.route('/v1/abc/search')
    .post( passJWT_ABC, function(err, req, res, next) {
        return res.status(401).send({ status: 401, success: false })
}, controller.search );

1 个解决方案

解决方案1
 2 已采纳  2019-12-13 04:19:40

You should export middleware in this case.在这种情况下,您应该导出中间件。

const express = require('express');
const redis = require('redis');
const { RateLimiterRedis } = require('rate-limiter-flexible');

async function loginRoute(req, res) {
   // code from example https://github.com/animir/node-rate-limiter-flexible/wiki/Overall-example#login-endpoint-protection
}

export default async (req, res, next) => {
  try {
    await loginRoute(req, res);
    next();
  } catch (err) {
    res.status(500).end();
  }
}

And then you should take care of how authorise() , user.isLoggedIn and user.exists checks work with your application login approach.然后您应该注意authorise()user.isLoggedInuser.exists检查如何与您的应用程序登录方法一起工作。

There is an example with passport-local, should be useful for you as well https://github.com/passport/express-4.x-local-example/blob/67e0f735fc6d2088d7aa9b8c4eb25bc0052653ec/server-secure.js有一个护照本地的例子,应该对你有用https://github.com/passport/express-4.x-local-example/blob/67e0f735fc6d2088d7aa9b8c4eb25bc0052653ec/server-secure.js

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在node.js中将derby.js与express.js集成? - How to integrate derby.js with express.js in node.js? 将JSON响应集成到Node.js / Express.js响应中 - Integrate JSON response into Node.js/Express.js response 如何将Stripe Connect与Node.js集成? - How to integrate Stripe Connect with Node.js? 如何使用node.js和express.js设置SSL? - How Do I Setup SSL with node.js and express.js? 如何将Ajax集成到Node.js中? - How to integrate ajax in Node.js? 如何将 kotlin 与 node.js 集成 - how to integrate kotlin with node.js Node.JS 和 express - Node.JS and express 如何处理Node.js / express中的错误 - How to handle errors in Node.js/express 如何设置Node.js错误处理? - How setup Node.js error handling? 如何在 node.js 和 express 中导出路由? - How to export routes in node.js and express?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM