search

AdamPflug / express-brute

Brute-force protection middleware for express routes by rate limiting incoming requests
MIT License
564 stars 91 forks source link

Feature Request - ability (or documentation) to add express-brute to app.route method #61

Closed alilland closed 7 years ago

alilland commented 7 years ago

My node API uses app.route('/auth') syntax instead of app.post('/auth', [some callback]) like the documentation lists, is there a way to leverage express-brute with the route method since it doesn't accept a callback like app.post('/auth') does?

https://expressjs.com/en/4x/api.html#app.route

if so, documentation for it would be excellent :)

AdamPflug commented 7 years ago

It gets used the same as any other middleware with app.route - so I think the documentation probably belongs on the express side. For what it's worth, I think you have a couple different options (based on my reading the express documentation and code for app.route):

var ExpressBrute = require('express-brute');

var store = new ExpressBrute.MemoryStore(); // stores state locally, don't use this in production
var bruteforce = new ExpressBrute(store);

// combined into one .post call
app.route('/auth')
    .post(
        bruteforce.prevent,
        function (req, res, next) {
            res.send('Success!');
        }
    );

// separate .post calls
app.route('/auth2')
    .post(bruteforce.prevent)
    .post(function (req, res, next) {
        res.send('Success!');
    });

// use the bruteforce protection for all verbs (not just post) to avoid repetition
app.route('/auth3')
    .all(bruteforce.prevent)
    .post(function (req, res, next) {
        res.send('Success!');
    });

I hadn't seen the .route syntax before (I've switched to koa mostly), but I like it better than the older syntax for sure