Open nicolasburtey opened 3 years ago
mostly done. still need a fibonacci backoff when an account has been temporarily suspend after too many attempts
this could be a good security improvement on the login() api.
more documentation: https://github.com/animir/node-rate-limiter-flexible/wiki/Overall-example#dynamic-block-duration
at least there should be a temporary lock with a backoff. after 3 attempts. wait 1 min to login after 5 attemps, wait 10 min after 10, wait 1hour, etc
we way want to refactor the current lock/active to have also a temporary lock status with a deadline to have the account re-active.