@igea/oac_backend 1.0.32 → 1.0.34
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +22 -7
- package/package.json +2 -1
- package/src/config.js +4 -1
- package/src/controllers/auth.js +9 -2
- package/src/models/users.js +0 -1
package/README.md
CHANGED
|
@@ -10,20 +10,35 @@ sudo apt install xsltproc
|
|
|
10
10
|
## ENV variables
|
|
11
11
|
Env variables overwrites parameters from the config file
|
|
12
12
|
|
|
13
|
-
###
|
|
13
|
+
### Database
|
|
14
|
+
|
|
15
|
+
#### OAC_DB_USER
|
|
14
16
|
Username for the OAC datbase
|
|
15
17
|
|
|
16
|
-
|
|
18
|
+
#### OAC_DB_PASSWORD
|
|
17
19
|
Password for the OAC datbase
|
|
18
20
|
|
|
19
|
-
###
|
|
21
|
+
### SMTP
|
|
22
|
+
|
|
23
|
+
#### OAC_SMTP_HOST
|
|
20
24
|
Host for the SMTP
|
|
21
25
|
|
|
22
|
-
|
|
26
|
+
#### OAC_SMTP_PORT
|
|
23
27
|
Port for the SMTP
|
|
24
28
|
|
|
25
|
-
|
|
29
|
+
#### OAC_SMTP_USER
|
|
26
30
|
Username for the SMTP
|
|
27
31
|
|
|
28
|
-
|
|
29
|
-
Password for the SMTP
|
|
32
|
+
#### OAC_SMTP_PASSWORD
|
|
33
|
+
Password for the SMTP
|
|
34
|
+
|
|
35
|
+
### EXPOSED
|
|
36
|
+
|
|
37
|
+
#### OAC_EXPOSED_PROTOCOL
|
|
38
|
+
Protocol exposed externally
|
|
39
|
+
|
|
40
|
+
#### OAC_EXPOSED_HOST
|
|
41
|
+
Host exposed externally
|
|
42
|
+
|
|
43
|
+
#### OAC_EXPOSED_PORT
|
|
44
|
+
Port exposed externally
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@igea/oac_backend",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.34",
|
|
4
4
|
"description": "Backend service for the OAC project",
|
|
5
5
|
"main": "src/index.js",
|
|
6
6
|
"bin": {
|
|
@@ -27,6 +27,7 @@
|
|
|
27
27
|
"cookie-parser": "1.4.7",
|
|
28
28
|
"crypto": "1.0.1",
|
|
29
29
|
"express": "5.1.0",
|
|
30
|
+
"express-rate-limit": "^8.1.0",
|
|
30
31
|
"get-port": "7.1.0",
|
|
31
32
|
"knex": "3.1.0",
|
|
32
33
|
"libxmljs2": "0.37.0",
|
package/src/config.js
CHANGED
|
@@ -14,7 +14,10 @@ function loadConfig() {
|
|
|
14
14
|
config.smtp.port = process.env.OAC_SMTP_PORT || config.smtp.port;
|
|
15
15
|
config.smtp.auth.user = process.env.OAC_SMTP_USER || config.smtp.auth.user;
|
|
16
16
|
config.smtp.auth.password = process.env.OAC_SMTP_PASSWORD || config.smtp.auth.password;
|
|
17
|
-
|
|
17
|
+
config.exposed.protocol = process.env.OAC_EXPOSED_PROTOCOL || config.exposed.protocol;
|
|
18
|
+
config.exposed.host = process.env.OAC_EXPOSED_HOST || config.exposed.host;
|
|
19
|
+
config.exposed.port = process.env.OAC_EXPOSED_PORT || config.exposed.port;
|
|
20
|
+
|
|
18
21
|
return config;
|
|
19
22
|
}
|
|
20
23
|
|
package/src/controllers/auth.js
CHANGED
|
@@ -5,8 +5,15 @@ const EmailSender = require('../models/EmailSender');
|
|
|
5
5
|
const config = require('../config');
|
|
6
6
|
const EXPOSED = config.exposed || {};
|
|
7
7
|
const { randomUUID } = require('crypto');
|
|
8
|
+
const rateLimit = require('express-rate-limit');
|
|
8
9
|
|
|
9
|
-
|
|
10
|
+
const authLimiter = rateLimit({
|
|
11
|
+
windowMs: 15 * 60 * 1000, // 15 minutes
|
|
12
|
+
max: 100, // limit each IP to 100 requests per windowMs
|
|
13
|
+
message: 'Too many requests from this IP, please try again later.',
|
|
14
|
+
standardHeaders: true,
|
|
15
|
+
legacyHeaders: false,
|
|
16
|
+
});
|
|
10
17
|
|
|
11
18
|
module.exports = function(jwtLib){
|
|
12
19
|
/**
|
|
@@ -30,7 +37,7 @@ module.exports = function(jwtLib){
|
|
|
30
37
|
});
|
|
31
38
|
}
|
|
32
39
|
|
|
33
|
-
router.post('/authenticate', (req, res) => {
|
|
40
|
+
router.post('/authenticate', authLimiter, (req, res) => {
|
|
34
41
|
console.log("here authenticate")
|
|
35
42
|
let body = req.body
|
|
36
43
|
let type = body.type
|