Skip to content

Latest commit

 

History

History
87 lines (64 loc) · 3.27 KB

README_original.md

File metadata and controls

87 lines (64 loc) · 3.27 KB
Raw

Easy Security Build Status

This package wraps all defined Meteor.methods with a general rate limit of 500ms per connection. It also does spam checks on the sockets and more. The source code is well tested.

  • Possibility to add hooks for interecepting execution (e.g "login")
  • Adding throttle, debounce and rate-limit to any function you want
  • Detailed configuration possibilities
// On Server
EasySecurity.addHook('login', function () {
  // return a boolean
});
// On Server and Client
var doSomethingSecure = EasySecurity.rateLimit(myFunction, 500);

doSomethingSecure(); // Executes immediately
doSomethingSecure(); // Executes after 500ms

This does not prevent DDOS attacks! Have a look at iptables, LB techniques and more

How to install

cd /path/to/project
meteor add matteodem:easy-security

There doesn't have to be any code written for the general rate limit, but it's possible to change it.

Configuration

EasySecurity.config({
  general: { type: 'rateLimit', ms: 1000 },
  methods: {
    createMethod: { type: 'rateLimit', ms: 1000 * 10 },
    commentMethod: { type: 'throttle', ms: 500 }
  },
  ignoredMethods: ['someOtherMethod'],
  maxQueueLength: 200
});

There is only 'rateLimit' and 'throttle' available to apply onto Meteor Methods. You can call config by passing in an object with following optional parameters.

  • general Change the general handling of all Meteor.methods
  • methods Set specific ways to handle defined methods
  • ignoredMethods An array of ignored methods, that means not rateLimit or throttle applied
  • debug Boolean if in debug mode or not
  • maxQueueLength Resets the queue (per id) after the the length is exceeded

Hooks

Hooks allow you to make checks or execute any code before the method gets executed, useful when having to secure 3rd party defined methods. It's also possible to retrieve them and reset them if needed.

EasySecurity.addHook('thirdPartyMethod', function () {
  // Always return a truthy value if you want the method to be executed
  return this.profile.verified;
});

// Array of functions
var hooks = EasySecurity.getHooks('thirdPartyMethod');

// Remove defined hooks
EasySecurity.resetHooks('thirdPartyMethod');

General helpers

You can add debounce, rateLimit and throttle to any function you want. Pass in the function as the first argument and the length in ms as the second.

var debounced = EasySecurity.debounce(myScrollFunc, 1000),
  rateLimited = EasySecurity.rateLimit(transaction, 1000 * 10),
  throttled   = EasySecurity.throttle(doASpecialThing, 1000 * 5);


debounced(event);
//...