Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
sftp-server
Advanced tools
sftp-server - npm Package Compare versions
Comparing version 1.0.4 to 1.0.5
@@ -34,3 +34,4 @@ 'use strict'; | ||
| } | ||
| }, | ||
| 'rateLimitTTL': 10 | ||
| }, | ||
@@ -37,0 +38,0 @@ 'api': { |
@@ -9,3 +9,3 @@ 'use strict'; | ||
| exports = module.exports = function(fs, config, StreamManager, log) { | ||
| exports = module.exports = function(fs, config, StreamManager, log, rateLimiter) { | ||
@@ -86,2 +86,7 @@ class ClientManager { | ||
| } | ||
| if (rateLimiter.isLimited(client.info.ip)) { | ||
| log.info(`Rejecting authentication attempt from rate-limited IP`, { 'ip': client.info.ip }); | ||
| rateLimiter.limit(client.info.ip); | ||
| return authContext.reject(); | ||
| } | ||
| return config.get('sftp:auth')(authContext.username, authContext.password) | ||
@@ -107,2 +112,3 @@ .then((authRes) => { | ||
| .catch(() => { | ||
| rateLimiter.limit(client.info.ip); | ||
| return authContext.reject(); | ||
@@ -173,2 +179,2 @@ }); | ||
| exports['@singleton'] = true; | ||
| exports['@require'] = ['fs', 'config', 'stream-manager', 'log']; | ||
| exports['@require'] = ['fs', 'config', 'stream-manager', 'log', 'rate-limiter']; |
@@ -36,3 +36,7 @@ 'use strict'; | ||
| 'algorithms': config.get('sftp:algorithms') | ||
| }, (client) => { | ||
| }); | ||
| this.server.on('connection', (client, info) => { | ||
| log.info('Incoming connection', info); | ||
| client.info = info; | ||
| this.clientManager.track(client); | ||
@@ -39,0 +43,0 @@ }); |
| { | ||
| "name": "sftp-server", | ||
| "version": "1.0.4", | ||
| "version": "1.0.5", | ||
| "description": "", | ||
@@ -5,0 +5,0 @@ "main": "lib/factory.js", |
@@ -31,3 +31,8 @@ # sftp-server | ||
| }); | ||
| } | ||
| }, | ||
| /** | ||
| * Block repeated authentication attempts from the same IP address within the specified | ||
| * window (in seconds). | ||
| */ | ||
| 'rateLimitTTL': 10 | ||
| }, | ||
@@ -90,2 +95,4 @@ 'api': { | ||
| Once authenticated, a user is only allowed to interact with files that belong to them. User `A` cannot see user `B`'s files, and vice-versa. | ||
| Optionally, you may choose to resolve the returned promise with an object describing the various SFTP commands that the connecting client should be allowed to perform. By default, _all_ commands are enabled. Select commands can be individually disabled as shown below. | ||
@@ -92,0 +99,0 @@ |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by3.4%
66027
- Number of package files
- increased by3.45%
30
- Lines of code
- increased by3.85%
1457
- Number of lines in readme file
- increased by2.35%
305
No dependency changes