search

AdamPflug / express-brute

Brute-force protection middleware for express routes by rate limiting incoming requests
MIT License
564 stars 91 forks source link

Is it possible reset brute basen on response status code in express? #68

Closed devalexqt closed 6 years ago

devalexqt commented 6 years ago

Is it possible to reset brute based on response status code? Now I'm using next code to send data to client. res.status(200).json(data) or res.status(400).json(err) But how to automatize it?

AdamPflug commented 6 years ago

I think something like this would work (I haven't tested it):

var ExpressBrute = require('express-brute');

var store = new ExpressBrute.MemoryStore();
var bruteforce = new ExpressBrute(store);

app.use(function (req, res, next) {
    if (req.brute) {
        res.on('finish', function() {
            if (res.status == 200) { req.brute.reset(); }
        });
    }
    next();
});
app.post('/auth',
    bruteforce.prevent,
    function (req, res, next) {
        res.send(200, 'Success!');
    }
);

Unfortunately executing stuff after requests is a little more difficult in Express than in Koa (which is one of the reasons I've largely switched away from express, in addition to the fact that it's generally just much nicer to work with with promises).