Home

Awesome

Express Bouncer

NPM version

<p align="justify">A simple and standalone middleware for <a href="https://github.com/visionmedia/express">express</a> routes which attempts to mitigate brute-force attacks. It works by increasing the delay with each failed request using a Fibonacci formula. Requests are tracking via IP address and can be white-listed or reset on demand. All logged addresses are stored locally in an object and dormant addresses are removed automatically. Error messages are also completely customizable. This project is based on <a href="https://github.com/AdamPflug/express-brute">express-brute</a> created by <a href="https://github.com/AdamPflug">Adam Pflug</a>.</p>

Installation

$ npm install express-bouncer

Quick Start

// Creates a new instance of our bouncer (args optional)
var bouncer = require ("express-bouncer")(500, 900000);

// Add white-listed addresses (optional)
bouncer.whitelist.push ("127.0.0.1");

// In case we want to supply our own error (optional)
bouncer.blocked = function (req, res, next, remaining)
{
	res.send (429, "Too many requests have been made, " +
		"please wait " + remaining / 1000 + " seconds");
};

// Route we wish to protect with bouncer middleware
app.post ("/login", bouncer.block, function (req, res)
{
	if (LoginFailed)
	{
		// Login failed
	}

	else
	{
		bouncer.reset (req);
		// Login succeeded
	}
});

// Clear all logged addresses
// (Usually never really used)
bouncer.addresses = { };

Documentation

Constructor

express-bouncer ([min], [max], [free])

Functions

Properties

Author