A login page, with some client-side bot detection tricks.
- Clone the project, and run
npm install
- Run the project using
npm start
- Navigate to http://localhost:3000/user/login
Email: eliran013@gmail.com
Password: Aa123456
- Vanilla JavaScript
- Bulma, just for fun
- JavaScript
- ExpressJS
- ElasticSearch
- Two bot traps - A semi-invisible anchor and an invisible password input. Using these elements will fire the
onBotDetected
event - Required mouse movement
- Fast input prevention - Type too fast and you're considered a bot
- Fast submit - Submit the form too fast and you're considered a bot
- Login attempts spam - Spam the form submittion while changing the input fields will fire the
onBotDetected
event
The event itself isn't implemented, but you can think about it as if it bans the IP address or present a CAPTCHA (Same as Google CAPTCHA)
- I implemented access tokens middleware (Could have used JWT, but I thought it will be more fun)
- All of the passwords are hashed using a NPM package called
credential
(https://www.npmjs.com/package/credential). It uses pbkdf2.
The ElasticSearch is hosted on AWS. It's a trial, so it'll be available until 29.07.2017
- HTTPS
- Serverside generation of bot traps - Generation of random bot traps in random places in the HTML, will make them less predictable
- JWT
- Detect bots by clicks
- RDP detections using mouse tracking
- Much more... :)