Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- app.post("/login", function (req, res, next) {
- res.type = "application/json";
- if (loginAttempts[req.ip] && loginAttempts[req.ip].length > loginAttemptLimit) {
- var hour = 3600000;
- if (Date.now() - loginAttempts[req.ip][0] > hour)
- loginAttempts[req.ip] = [];
- else
- {
- res.locals.json.success = false;
- res.locals.json.message = "You have failed to login too many times in the last hour. Please wait 60 minutes and try again.";
- next();
- }
- }
- if (req.body.email && req.body.password) {
- //Check email and password
- var query = User.findOne({ "email": req.body.email }, "", function (err, user) {
- if (error.Handle(err)) {
- res.locals.json.success = false;
- res.locals.json.message = "There was an internal error while processing your login request. Please try again.";
- next()
- }
- if (user && bcrypt.compareSync(req.body.password, user.password)) {
- loginAttempts[req.ip] = [];
- //log session info
- var nopassUser = user;
- nopassUser.password = undefined;
- res.locals.mySession.user = user._id;
- res.locals.mySession.createdAt = Date.now();
- if (!res.locals.mySession.cache)
- res.locals.mySession.cache = {};
- res.locals.mySession.cache.authenticated = true;
- res.locals.mySession.markModified("user");
- res.locals.mySession.markModified("cache");
- res.locals.mySession.save(HandleSessionSave);
- res.locals.json.success = true;
- res.locals.json.user = nopassUser;
- }
- else
- {
- if (!loginAttempts[req.ip])
- loginAttempts[req.ip] = [];
- else
- loginAttempts[req.ip].push(Date.now());
- if (user) {
- user.alerts.push({
- time: Date.now(),
- message: "There was a failed login attempt from: " + req.ip + ". There have been " + loginAttempts[req.ip] + " attempts to enter your account in the last hour (current time: " + new Date() + "). If the failed attempts continue the address " + req.ip + " will be blocked to protect your account.",
- viewed: false,
- from: "BITS",
- from_id: user._id,
- to_id: user._id,
- to: user.email
- });
- user.markModified("additional_information");
- user.markModified("alerts");
- user.save(function (err) {
- if (error.Handle(err)) {
- console.log("There was an error while attempting to handle a failed login.")
- }
- });
- if (user.preferences.send_alert_emails && user.preferences.send_alert_emails.enable && user.preferences.send_alert_emails.email) {
- transporter.sendMail({
- from: 'bits@alltechnologysolutions.com',
- to: user.preferences.send_alert_emails.email,
- subject: 'BITS Alert: Failed Login Attempt',
- html: "There was a failed login attempt from: " + req.ip + ". There have been " + loginAttempts[req.ip] + " attempts to enter your account in the last hour (current time: " + new Date() + "). If the failed attempts continue the address " + req.ip + " will be blocked to protect your account."
- }, function (err) {
- if (error.Handle(err))
- console.log("error sending mail: " + JSON.stringify(err));
- });
- }
- }
- res.locals.json.success = false;
- }
- next();
- });
- }
- else
- {
- res.locals.json.success = false;
- next();
- }
- });
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement