From abb5a99c34c274d4fdfcecc3747da2a4f3ad4c57 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pedro=20Narciso=20Garc=C3=ADa=20Revington?=
Date: Sat, 20 Oct 2012 17:45:28 +0200
Subject: [PATCH] Example update
---
README.md | 55 +++++++++++++++++++++++--------------------------------
1 file changed, 23 insertions(+), 32 deletions(-)
diff --git a/README.md b/README.md
index 64f1021..9c1cae4 100644
--- a/README.md
+++ b/README.md
@@ -1,39 +1,30 @@
[![build status](https://secure.travis-ci.org/revington/connect-bruteforce.png)](http://travis-ci.org/revington/connect-bruteforce)
# connect-bruteforce
-> A connect middleware to prevent bruteforce.
+> A connect middleware to prevent brute force by delaying responses.
-## Example:
-
-```js
-// A simple application
-// we want to require a captcha validation after 3
-// failed login attemts.
-
-// We want to introduce a delay in server response.
-// Each failed login increments delay by 2 seconds.
-// With a maximun delay of 30 seconds.
-
-var bruteForce = new (require('connect-bruteforce'))({banFactor: 2000, banMax: 30000});
-
-/*...*/
-
-app.post('/login', bruteForce.prevent, function(req,res){
- var useCaptcha = res.delay && res.delay.counter > 3;
- if(req.body.login === 'user' && req.body.password === 'root' && (!useCaptcha || testCaptcha(req))){
- // just in case client was already banned
- bruteForce.unban(req);
- // set user in session and bla, bla, bla…
- res.render('members');
- }else{
- bruteForce.ban(req);
- }
- res.render('login', {badLogin: true, useCaptcha: useCaptcha});
-});
-
-/*...*/
-
-```
## Install
$ npm install connect-bruteforce
+## Usage (express)
+
+ // See examples/express-hello-world/index.js
+ var loginBruteforce = require('connect-bruteforce')();
+
+ app.get('/login', function (req, res) {
+ res.render('login');
+ });
+ app.post('/login', loginBruteForce.prevent, function (req, res, next) {
+ authenticate(req.body.username, req.body.password, function (err, user) {
+ if (user) {
+ req.session.user = user;
+ loginBruteForce.unban(req);
+ req.session.success = 'Authenticated as ' + user + ' click to logout. ' + ' You may now access /restricted.';
+ res.redirect('back');
+ } else {
+ loginBruteForce.ban(req);
+ req.session.error = 'Authentication failed. Hint u: root, p: root';
+ res.redirect('login');
+ }
+ });
+ });