matthias.lotz
0dce5fddac
Rate-Limiting: - IP-based: 10 requests per hour per IP - Applies to all /api/manage/* routes - Returns 429 Too Many Requests when limit exceeded - Automatic cleanup of expired records (>1h old) Brute-Force Protection: - Tracks failed token validation attempts - After 20 failed attempts: IP banned for 24 hours - Returns 403 Forbidden for banned IPs - Integrated into GET /api/manage/:token route Technical Implementation: - Created backend/src/middlewares/rateLimiter.js - In-memory storage with Map() for rate limit tracking - Separate Map() for brute-force detection - Middleware applied to all management routes - Token validation failures increment brute-force counter Tested: ✅ Rate limit blocks after 10 requests ✅ 429 status code returned correctly ✅ Middleware integration working ✅ IP-based tracking functional |
||
|---|---|---|
| .. | ||
| src | ||
| .dockerignore | ||
| .env.example | ||
| .gitignore | ||
| package.json | ||