b34a62e114
* Fixed a bunch of style bugs for chrome browsers * Improved check box styles on desktop and mobile * Touch up tool tip styles. Only dark now. * Created a separate terms page * Added 2FA auth token options to login * Added tool tip displays to some buttons on editor * Added pinned and archived options to overflow menu * Changed shared note styles * Disabled Scroll into view * Made image display smaller when adding images to notes * Added a last used color option * Updated help page * Fixed spelling error on terms page * Added a big ass green label on the new note icon * Scratch pad now opens a note, which is the scratch pad * Added better 2fa guide * Added change password option * Added log out and log out all active sessions option * Added strict rate limiting on login and register actions * Added middleware to routes that force authentication to be accessed * Fixed bug that was causing shared notes to appear empty * Updated option now appears on shared notes after they are actually updated
61 lines
1.3 KiB
JavaScript
61 lines
1.3 KiB
JavaScript
var express = require('express')
|
|
var router = express.Router()
|
|
const rateLimit = require('express-rate-limit')
|
|
|
|
const Note = require('@models/Note')
|
|
const User = require('@models/User')
|
|
|
|
|
|
|
|
|
|
//
|
|
// Public Note action
|
|
//
|
|
const sharedNoteLimiter = rateLimit({
|
|
windowMs: 30 * 60 * 1000, //30 min window
|
|
max: 50, // start blocking after 50 requests
|
|
message:'Unable to open that many shared notes'
|
|
})
|
|
router.post('/opensharednote', sharedNoteLimiter, function (req, res) {
|
|
|
|
Note.getShared(req.body.noteId, req.body.sharedKey)
|
|
.then(results => res.send(results))
|
|
})
|
|
|
|
//
|
|
// Login User
|
|
//
|
|
const loginLimiter = rateLimit({
|
|
windowMs: 30 * 60 * 1000, // 30 min window
|
|
max: 25, // start blocking after 25 requests
|
|
message:'Please try to login again later'
|
|
})
|
|
router.post('/login', loginLimiter, function (req, res) {
|
|
|
|
User.login(req.body.username, req.body.password, req.body.authToken)
|
|
.then( returnData => {
|
|
|
|
res.send(returnData)
|
|
})
|
|
})
|
|
|
|
//
|
|
// Register User
|
|
//
|
|
const registerLimiter = rateLimit({
|
|
windowMs: 60 * 60 * 1000, // 1 hour window
|
|
max: 5, // start blocking after 5 requests
|
|
message:'Please try again to create an acount in an hour'
|
|
})
|
|
router.post('/register', registerLimiter, function (req, res) {
|
|
|
|
User.register(req.body.username, req.body.password)
|
|
.then( returnData => {
|
|
|
|
res.send(returnData)
|
|
})
|
|
})
|
|
|
|
|
|
|
|
module.exports = router |