forked from revington/connect-bruteforce
/
index.js
48 lines (48 loc) · 1.47 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
module.exports = function (options) {
var self = this,
settings = options || {};
settings.banMax = settings.banMax || 30 * 1000;
settings.banFactor = settings.banFactor || 2 * 1000;
self.db = {};
self.clientID = function (req) {
return req.connection.remoteAddress;
};
self.delay = function (responseAt, next) {
if (responseAt < new Date().getTime()) {
next();
} else {
process.nextTick(function () {
self.delay(responseAt, next);
});
}
};
self.responseAt = function (delay) {
var factor = Math.min(delay.counter * settings.banFactor, settings.banMax);
return new Date().getTime() + factor;
};
self.prevent =
self.ban = function (req) {
var clientID = self.clientID(req),
delay = self.db[clientID] || (self.db[clientID] = {
at: new Date(),
counter: 0
});
delay.counter++;
delay.lastTimeBanned = new Date();
};
self.unban = function (req) {
delete self.db[self.clientID(req)];
delete req.delayed;
};
return function (req, res, next) {
req.delayed = self.db[self.clientID(req)];
if (req.delayed) {
var responseAt = self.responseAt(req.delayed);
process.nextTick(function () {
self.delay(responseAt, next);
});
} else {
next();
}
};
};