feat: added support for limiting the number of attempts (#59)(@sviat9440)

sviat9440 · web-flow · commit 5797162226f7 · 2022-02-28T08:55:39.000+01:00
* feat: added support for limiting the number of attempts

* fixes
diff --git a/examples/auth.ts b/examples/auth.ts
@@ -1,11 +1,11 @@
-import AdminJS from "adminjs";
-import express from "express";
-import mongoose from "mongoose";
-import MongooseAdapter from "@adminjs/mongoose";
-import AdminJSExpress from "../src";
+import MongooseAdapter from '@adminjs/mongoose';
+import AdminJS from 'adminjs';
+import express from 'express';
+import mongoose from 'mongoose';
+import AdminJSExpress from '../src';
+import './mongoose/admin-model';
 
-import "./mongoose/article-model";
-import "./mongoose/admin-model";
+import './mongoose/article-model';
 
 AdminJS.registerAdapter(MongooseAdapter);
 
@@ -33,6 +33,10 @@ const start = async () => {
       return null;
     },
     cookiePassword: "somasd1nda0asssjsdhb21uy3g",
+    maxRetries: {
+      count: 3,
+      duration: 120,
+    },
   });
 
   app.use(adminJs.options.rootPath, router);
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@adminjs/express",
-  "version": "4.0.3",
+  "version": "4.1.0",
   "description": "This is an official AdminJS plugin which integrates it with Express.js framework",
   "main": "lib/index.js",
   "scripts": {
diff --git a/src/authentication/login.handler.ts b/src/authentication/login.handler.ts
@@ -1,6 +1,9 @@
-import AdminJS from "adminjs";
-import { Router } from "express";
-import { AuthenticationOptions } from "../types";
+import AdminJS from 'adminjs';
+import { Router } from 'express';
+import {
+  AuthenticationMaxRetriesOptions,
+  AuthenticationOptions,
+} from '../types';
 
 const getLoginPath = (admin: AdminJS): string => {
   const { loginPath, rootPath } = admin.options;
@@ -15,6 +18,48 @@ const getLoginPath = (admin: AdminJS): string => {
     : `/${normalizedLoginPath}`;
 };
 
+class Retry {
+  private static retriesContainer: Map<string, Retry> = new Map();
+  private lastRetry: Date | undefined;
+  private retriesCount = 0;
+
+  constructor(ip: string) {
+    const existing = Retry.retriesContainer.get(ip);
+    if (existing) {
+      return existing;
+    }
+    Retry.retriesContainer.set(ip, this);
+  }
+
+  public canLogin(
+    maxRetries: number | AuthenticationMaxRetriesOptions | undefined
+  ): boolean {
+    if (maxRetries === undefined) {
+      return true;
+    } else if (typeof maxRetries === "number") {
+      maxRetries = {
+        count: maxRetries,
+        duration: 60,
+      };
+    } else if (maxRetries.count <= 0) {
+      return true;
+    }
+    if (
+      !this.lastRetry ||
+      new Date().getTime() - this.lastRetry.getTime() >
+        maxRetries.duration * 1000
+    ) {
+      this.lastRetry = new Date();
+      this.retriesCount = 1;
+      return true;
+    } else {
+      this.lastRetry = new Date();
+      this.retriesCount++;
+      return this.retriesCount <= maxRetries.count;
+    }
+  }
+}
+
 export const withLogin = (
   router: Router,
   admin: AdminJS,
@@ -32,6 +77,14 @@ export const withLogin = (
   });
 
   router.post(loginPath, async (req, res, next) => {
+    if (!new Retry(req.ip).canLogin(auth.maxRetries)) {
+      const login = await admin.renderLogin({
+        action: admin.options.loginPath,
+        errorMessage: "tooManyRequests",
+      });
+      res.send(login);
+      return;
+    }
     const { email, password } = req.fields as {
       email: string;
       password: string;
diff --git a/src/buildAuthenticatedRouter.ts b/src/buildAuthenticatedRouter.ts
@@ -1,13 +1,16 @@
-import AdminJS from "adminjs";
-import express, { Router } from "express";
-import session from "express-session";
-import { withLogout } from "./authentication/logout.handler";
-import { buildRouter } from "./buildRouter";
-import { OldBodyParserUsedError } from "./errors";
-import { AuthenticationOptions, FormidableOptions } from "./types";
-import { withLogin } from "./authentication/login.handler";
-import { withProtectedRoutesHandler } from "./authentication/protected-routes.handler";
-import formidableMiddleware from "express-formidable";
+import AdminJS from 'adminjs';
+import express, { Router } from 'express';
+import formidableMiddleware from 'express-formidable';
+import session from 'express-session';
+import { withLogin } from './authentication/login.handler';
+import { withLogout } from './authentication/logout.handler';
+import { withProtectedRoutesHandler } from './authentication/protected-routes.handler';
+import { buildRouter } from './buildRouter';
+import { OldBodyParserUsedError } from './errors';
+import {
+  AuthenticationOptions,
+  FormidableOptions,
+} from './types';
 
 /**
  * @typedef {Function} Authenticate
diff --git a/src/types.ts b/src/types.ts
@@ -10,8 +10,23 @@ export type FormidableOptions = {
   multiples?: boolean;
 };
 
+export type AuthenticationMaxRetriesOptions = {
+  /**
+   * @description Count of retries
+   */
+  count: number;
+  /**
+   * @description Time to reset (in seconds)
+   */
+  duration: number;
+};
+
 export type AuthenticationOptions = {
   cookiePassword: string;
   cookieName?: string;
   authenticate: (email: string, password: string) => unknown | null;
+  /**
+   * @description Maximum number of authorization attempts (if number - per minute)
+   */
+  maxRetries?: number | AuthenticationMaxRetriesOptions;
 };

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@adminjs/express",`
`3`		`- "version": "4.0.3",`
	`3`	`+ "version": "4.1.0",`
`4`	`4`	`"description": "This is an official AdminJS plugin which integrates it with Express.js framework",`
`5`	`5`	`"main": "lib/index.js",`
`6`	`6`	`"scripts": {`