var express = require('express'); var router = express.Router(); var passport = require('passport'); var ExpressBrute = require('express-brute'); var ExpressBruteLokiStore = require('express-brute-loki'); var moment = require('moment'); /** * Setup Express-Brute */ var EBstore = new ExpressBruteLokiStore({ path: './data/brute.db' }); var bruteforce = new ExpressBrute(EBstore, { freeRetries: 5, minWait: 60 * 1000, maxWait: 5 * 60 * 1000, refreshTimeoutOnRequest: false, failCallback(req, res, next, nextValidRequestDate) { req.flash('alert', { class: 'error', title: 'Too many attempts!', message: "You've made too many failed attempts in a short period of time, please try again " + moment(nextValidRequestDate).fromNow() + '.', iconClass: 'fa-times' }); res.redirect('/login'); } }); /** * Login form */ router.get('/login', function(req, res, next) { res.render('auth/login', { usr: res.locals.usr }); }); router.post('/login', bruteforce.prevent, function(req, res, next) { passport.authenticate('local', function(err, user, info) { if (err) { return next(err); } if (!user) { req.flash('alert', { class: 'error', title: 'Invalid login', message: "The email or password is invalid.", iconClass: 'fa-times' }); return res.redirect('/login'); } req.logIn(user, function(err) { if (err) { return next(err); } req.brute.reset(function () { return res.redirect('/'); }); }); })(req, res, next); }); /** * Logout */ router.get('/logout', function(req, res) { req.logout(); res.redirect('/'); }); module.exports = router;