Rename getKeyFromRequest, change windowMs time ♻️

ikovac · ikovac · commit 2abd57743d15 · 2021-05-05T09:31:12.000+02:00
diff --git a/server/user/index.js b/server/user/index.js
@@ -1,7 +1,7 @@
 'use strict';
 
 const { authenticate, logout } = require('../shared/auth');
-const { getKeyFromRequest, loginRequestLimiter, resetLoginAttempts } = require('./mw');
+const { loginRequestLimiter, resetLoginAttempts, setLoginLimitId } = require('./mw');
 const { ACCEPTED } = require('http-status-codes');
 const { authorize } = require('../shared/auth/mw');
 const ctrl = require('./user.controller');
@@ -14,7 +14,7 @@ const { User } = require('../shared/database');
 router
   .post(
     '/login',
-    getKeyFromRequest,
+    setLoginLimitId,
     loginRequestLimiter,
     authenticate('local', { setCookie: true }),
     resetLoginAttempts,
diff --git a/server/user/mw.js b/server/user/mw.js
@@ -3,9 +3,14 @@
 const crypto = require('crypto');
 const { requestLimiter } = require('../shared/request/mw');
 
-const loginRequestLimiter = requestLimiter({ keyGenerator: req => req.userKey });
+const ONE_HOUR_IN_MS = 60 * 60 * 1000;
 
-function getKeyFromRequest(req, res, next) {
+const loginRequestLimiter = requestLimiter({
+  windowMs: ONE_HOUR_IN_MS,
+  keyGenerator: req => req.userKey
+});
+
+function setLoginLimitId(req, res, next) {
   const key = [req.ip, req.body.email].join(':');
   req.userKey = crypto.createHash('sha256').update(key).digest('base64');
   return next();
@@ -16,4 +21,4 @@ function resetLoginAttempts(req, res, next) {
     .then(() => next());
 }
 
-module.exports = { loginRequestLimiter, getKeyFromRequest, resetLoginAttempts };
+module.exports = { loginRequestLimiter, setLoginLimitId, resetLoginAttempts };
