mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-17 05:21:36 +03:00
68af2145a1
no issue - removes count from user checks model - uses brute express brute with brute-knex adaptor to store persisted data on spam prevention - implement brute force protection for password/token exchange, password resets and private blogging
51 lines
2.1 KiB
JavaScript
51 lines
2.1 KiB
JavaScript
var spamPrevention = require('./api/spam-prevention');
|
|
|
|
module.exports = {
|
|
globalBlock: spamPrevention.globalBlock.getMiddleware({
|
|
// We want to ignore req.ip and instead use req.connection.remoteAddress
|
|
ignoreIP: true,
|
|
key: function (req, res, next) {
|
|
req.authInfo = req.authInfo || {};
|
|
req.authInfo.ip = req.connection.remoteAddress;
|
|
req.body.connection = req.connection.remoteAddress;
|
|
next(req.authInfo.ip);
|
|
}
|
|
}),
|
|
globalReset: spamPrevention.globalReset.getMiddleware({
|
|
ignoreIP: true,
|
|
key: function (req, res, next) {
|
|
req.authInfo = req.authInfo || {};
|
|
req.authInfo.ip = req.connection.remoteAddress;
|
|
// prevent too many attempts for the same email address but keep separate to login brute force prevention
|
|
next(req.authInfo.ip);
|
|
}
|
|
}),
|
|
userLogin: spamPrevention.userLogin.getMiddleware({
|
|
ignoreIP: true,
|
|
key: function (req, res, next) {
|
|
req.authInfo = req.authInfo || {};
|
|
req.authInfo.ip = req.connection.remoteAddress;
|
|
// prevent too many attempts for the same username
|
|
next(req.authInfo.ip + req.body.username + 'login');
|
|
}
|
|
}),
|
|
userReset: spamPrevention.userReset.getMiddleware({
|
|
ignoreIP: true,
|
|
key: function (req, res, next) {
|
|
req.authInfo = req.authInfo || {};
|
|
req.authInfo.ip = req.connection.remoteAddress;
|
|
// prevent too many attempts for the same email address but keep separate to login brute force prevention
|
|
next(req.authInfo.ip + req.body.username + 'reset');
|
|
}
|
|
}),
|
|
privateBlog: spamPrevention.privateBlog.getMiddleware({
|
|
ignoreIP: true,
|
|
key: function (req, res, next) {
|
|
req.authInfo = req.authInfo || {};
|
|
req.authInfo.ip = req.connection.remoteAddress;
|
|
// prevent too many attempts for the same email address but keep separate to login brute force prevention
|
|
next(req.authInfo.ip + 'private');
|
|
}
|
|
})
|
|
};
|