mirror of
https://github.com/kjanat/livedash-node.git
synced 2026-01-16 11:12:11 +01:00
Kaj Kowalski
7cc5cad14f
- Add rate limiting middleware for NextAuth login endpoints - Implement authRateLimitMiddleware for /api/auth/* routes - Add comprehensive security tests covering: - Rate limiter functionality (5 tests) - IP extraction from headers (5 tests) - Input validation and sanitization (10 tests) - Password strength requirements - XSS and SQL injection prevention - All 21 security tests passing - Rate limits configured: 5 login attempts per 15 minutes
41 lines
1.2 KiB
TypeScript
41 lines
1.2 KiB
TypeScript
import type { NextRequest } from "next/server";
|
|
import { NextResponse } from "next/server";
|
|
import { extractClientIP, InMemoryRateLimiter } from "../lib/rateLimiter";
|
|
|
|
// Rate limiting for login attempts
|
|
const loginRateLimiter = new InMemoryRateLimiter({
|
|
maxAttempts: 5, // 5 login attempts
|
|
windowMs: 15 * 60 * 1000, // 15 minutes
|
|
maxEntries: 10000,
|
|
cleanupIntervalMs: 5 * 60 * 1000, // 5 minutes
|
|
});
|
|
|
|
/**
|
|
* Apply rate limiting to authentication endpoints
|
|
*/
|
|
export function authRateLimitMiddleware(request: NextRequest) {
|
|
const { pathname } = request.nextUrl;
|
|
|
|
// Only apply to NextAuth signin endpoint
|
|
if (pathname.startsWith("/api/auth/signin") || pathname.startsWith("/api/auth/callback/credentials")) {
|
|
const ip = extractClientIP(request);
|
|
const rateLimitResult = loginRateLimiter.checkRateLimit(ip);
|
|
|
|
if (!rateLimitResult.allowed) {
|
|
return NextResponse.json(
|
|
{
|
|
success: false,
|
|
error: "Too many login attempts. Please try again later.",
|
|
},
|
|
{
|
|
status: 429,
|
|
headers: {
|
|
"Retry-After": String(Math.ceil((rateLimitResult.resetTime! - Date.now()) / 1000)),
|
|
},
|
|
}
|
|
);
|
|
}
|
|
}
|
|
|
|
return NextResponse.next();
|
|
} |