express-brute
Advanced tools
Comparing version 1.0.0 to 1.0.1
@@ -126,3 +126,3 @@ var _ = require('underscore'); | ||
if (nextValidRequestTime <= this.now()) { | ||
if (nextValidRequestTime <= this.now() || count <= this.options.freeRetries) { | ||
this.store.set(key, { | ||
@@ -129,0 +129,0 @@ count: count+1, |
{ | ||
"name": "express-brute", | ||
"version": "1.0.0", | ||
"description": "A brute-force protection middleware for express routes that rate limits incoming requests", | ||
"keywords": [ | ||
"brute", | ||
"force", | ||
"bruteforce", | ||
"attack", | ||
"fibonacci", | ||
"rate", | ||
"limit", | ||
"security" | ||
], | ||
"license": "BSD", | ||
"private": false, | ||
"scripts": { | ||
"test": "./node_modules/.bin/istanbul cover ./node_modules/mocha/bin/_mocha spec" | ||
}, | ||
"repository": { | ||
"type": "git", | ||
"url": "git@github.com:AdamPflug/express-brute.git" | ||
}, | ||
"devDependencies": { | ||
"chai": "~3.5.0", | ||
"coveralls": "~2.11.9", | ||
"istanbul": "~0.4.3", | ||
"mocha": "~2.4.5", | ||
"mocha-lcov-reporter": "~1.2.0", | ||
"sinon": "~1.17.3", | ||
"sinon-chai": "~2.8.0" | ||
}, | ||
"dependencies": { | ||
"long-timeout": "~0.1.1", | ||
"underscore": "~1.8.3" | ||
}, | ||
"peerDependencies": { | ||
"express": "4.x" | ||
} | ||
"name": "express-brute", | ||
"version": "1.0.1", | ||
"description": "A brute-force protection middleware for express routes that rate limits incoming requests", | ||
"keywords": [ | ||
"brute", | ||
"force", | ||
"bruteforce", | ||
"attack", | ||
"fibonacci", | ||
"rate", | ||
"limit", | ||
"security" | ||
], | ||
"license": "BSD", | ||
"private": false, | ||
"scripts": { | ||
"test": "./node_modules/.bin/istanbul cover ./node_modules/mocha/bin/_mocha spec" | ||
}, | ||
"repository": { | ||
"type": "git", | ||
"url": "git@github.com:AdamPflug/express-brute.git" | ||
}, | ||
"devDependencies": { | ||
"chai": "~3.5.0", | ||
"coveralls": "~2.11.9", | ||
"istanbul": "~0.4.3", | ||
"mocha": "~2.4.5", | ||
"mocha-lcov-reporter": "~1.2.0", | ||
"sinon": "~1.17.3", | ||
"sinon-chai": "~2.8.0" | ||
}, | ||
"dependencies": { | ||
"long-timeout": "~0.1.1", | ||
"underscore": "~1.8.3" | ||
}, | ||
"peerDependencies": { | ||
"express": "4.x" | ||
} | ||
} |
@@ -80,5 +80,7 @@ express-brute | ||
- [MongoDB](https://github.com/auth0/express-brute-mongo) | ||
- [Mongoose](https://github.com/cbargren/express-brute-mongoose) | ||
- [Sequelize (SQL)](https://github.com/maddy2get/express-brute-sequelize) | ||
- [Knex.js (SQL)](https://github.com/llambda/brute-knex) | ||
- [RethinkDB](https://github.com/llambda/brute-rethinkdb) | ||
- [Loki.js](https://github.com/Requarks/express-brute-loki) | ||
@@ -163,6 +165,9 @@ If you write your own store and want me to add it to the list, just drop me an [email](mailto:adam.pflug@gmail.com) or [create an issue](https://github.com/AdamPflug/express-brute/issues/new). | ||
--------- | ||
### v1.0.1 | ||
* BUG: Fixed an edge case where freeretries weren't being respected if app servers had slightly different times | ||
### v1.0.0 | ||
* NEW: Updated to use `Express` 4.x as a peer dependency. | ||
* REMOVED: `proxyDepth` option on `ExpressBrute` has been removed. Use `app.set('trust proxy', x)` from Express 4 instead. [More Info](http://expressjs.com/en/guide/behind-proxies.html) | ||
* REMOVED: `getIPFromRequest(req)` has been removed from instances, use `req.ip` instead. | ||
* REMOVED: `getIPFromRequest(req)` has been removed from instances, use `req.ip` instead. | ||
@@ -169,0 +174,0 @@ ### v0.6.0 |
@@ -59,2 +59,16 @@ var chai = require('chai'), | ||
}); | ||
it('respects free retries even with clock skew', function() { | ||
brute = new ExpressBrute(store, { | ||
freeRetries: 1, | ||
minWait: 10, | ||
maxWait: 100, | ||
failCallback: errorSpy | ||
}); | ||
brute.prevent(req(), new ResponseMock(), nextSpy); | ||
clock.tick(-100); | ||
brute.prevent(req(), new ResponseMock(), nextSpy); | ||
errorSpy.should.not.have.been.called; | ||
brute.prevent(req(), new ResponseMock(), nextSpy); | ||
errorSpy.should.have.been.called; | ||
}); | ||
it('correctly calculates delays when min and max wait are the same', function () { | ||
@@ -61,0 +75,0 @@ brute = new ExpressBrute(store, { |
51865
868
220