add time for blocking user in abuseDetected system

Author: iraniamir

config.js

@@ -28,7 +28,8 @@ const config = {
  },
  authAttempts: {
  forIp: 50,
- forIpAndUser: 7
+ forIpAndUser: 7,
+ durationOfBlocking: 24
  },
  jwt: {
  secret: {

server/modules/login/auth-attempt.js

@@ -20,11 +20,14 @@ class AuthAttempt extends MongoModels {
  Assert.ok(ip, 'Missing ip argument.');
  Assert.ok(username, 'Missing username argument.');
 
+ const config = Config.get('/authAttempts');
+ const duration = new Date(Date.now() - config.durationOfBlocking * 60 * 60 * 1000);
+
  const [countByIp, countByIpAndUser] = await Promise.all([
- this.count({ ip }),
- this.count({ ip, username })
+ this.count({ ip, timeCreated: { $gt: duration } }),
+ this.count({ ip, username, timeCreated: { $gt: duration } })
  ]);
- const config = Config.get('/authAttempts');
+
  const ipLimitReached = countByIp >= config.forIp;
  const ipUserLimitReached = countByIpAndUser >= config.forIpAndUser;