npm
Sign UpSign In

mongoose-lock

1.0.3 • Public • Published

mongoose-lock

Dependency Status Dev Dependency Status Code Climate Build Status Coverage Status

A mongoose plugin to track usage attempts (could be login attempts) and add a virtual 'isLocked' property that you can use to prevent access to certain functionality.

Usage

'use strict';

var mongoose = require('mongoose');
var Schema   = mongoose.Schema;

// Obviously, you'd want more robust way of handling user authentication.
// Still need password hashing, and all that fun stuff.
var UserSchema = new Schema({
  email: String,
  password: String
});

UserSchema.plugin(require('mongoose-lock'));

UserSchema.static('authenticate', function (email, password) {
  this.findOne({email: email}).exec().then(function (user) {
    if (!user) { return false; }
    // Account is locked, increment the attempts again, and return false
    if (user.isLocked) { return user.incAttempts(false); }
    // Again, please use password hashing
    if (user.password === password) {
      // password matched, return the user
      return user;
    } else {
      // password didn't match, increment the attempts, and return false
      return user.incAttempts(false);
    }
  });
});

So the things that this plugin adds:

attempts property. This is used to keep track of failed attempts.

lockUntil property. This is used to keep track of how long the model should be locked for.

isLocked virtual property. This is a helper to help you know if the model is locked.

incAttempts([returnVal] [, cb]) instance method. This increments (or resets) the attempts. If a returnVal is passed, the callback (or promise) will pass this returnValue straight through. Otherwise, the updated model is passed. The callback is optional if you would rather use promises.

To pass in options:

UserSchema.plugin(require('mongoose-lock'), {
  attemptsPath  : 'attempts',
  lockUntilPath : 'lockUntil',
  isLockedPath  : 'isLocked',
  incMethod     : 'incAttempts',
  maxAttempts   : 3,
  lockTime      : 1 * 60 * 60 * 1000 // 1 hour
});

Options

  • attemptsPath (String) - The property path for the attempts property. Default: 'attempts'
  • lockUntilPath (String) - The property path for the lockUntil property. Default: 'lockUntil'
  • isLockedPath (String) - The virtual property path for the isLocked property. Default: 'isLocked'
  • incMethod (String) - The name of the instance method that increments (or resets the attempts property). Default: 'incAttempts'
  • maxAttempts (Number) - The maximum number of failed attempts before the isLocked property is set.
  • lockTime (Number) - The amount of time (in milliseconds) the model is 'locked' for. Default: 1 * 60 * 60 * 1000 or 1 hour

Readme

Keywords

Package Sidebar

Install

npm i mongoose-lock

Repository

github.com/ksmithut/mongoose-lock

Homepage

github.com/ksmithut/mongoose-lock

Weekly Downloads

2

Version

1.0.3

License

MIT

Last publish

Collaborators

  • ksmithut
Try on RunKit
Report malware