|
|
|
|
@ -0,0 +1,46 @@
|
|
|
|
|
// 引入所需的模块
|
|
|
|
|
const express = require('express');
|
|
|
|
|
const bcrypt = require('bcrypt');
|
|
|
|
|
const cors = require('cors');
|
|
|
|
|
const rateLimit = require('express-rate-limit');
|
|
|
|
|
const morgan = require('morgan');
|
|
|
|
|
|
|
|
|
|
// 创建 Express 应用实例
|
|
|
|
|
const app = express();
|
|
|
|
|
const PORT = 3000; // 可以根据需要修改端口
|
|
|
|
|
|
|
|
|
|
// 使用中间件
|
|
|
|
|
app.use(cors()); // 允许跨域请求
|
|
|
|
|
app.use(express.json()); // 解析 JSON 请求体
|
|
|
|
|
app.use(express.urlencoded({ extended: true })); // 解析 URL 编码请求体
|
|
|
|
|
app.use(morgan('combined')); // 记录请求日志
|
|
|
|
|
|
|
|
|
|
// 模拟的用户数据(在实际应用中,这通常来自数据库)
|
|
|
|
|
const users = [
|
|
|
|
|
{ username: 'user1', password: bcrypt.hashSync('password1', 10) },
|
|
|
|
|
{ username: 'user2', password: bcrypt.hashSync('password2', 10) }
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
// 请求速率限制
|
|
|
|
|
const loginLimiter = rateLimit({
|
|
|
|
|
windowMs: 15 * 60 * 1000, // 15 分钟
|
|
|
|
|
max: 100, // 每个 IP 最多允许 100 次请求
|
|
|
|
|
message: 'Too many login attempts from this IP, please try again later.'
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// 登录接口
|
|
|
|
|
app.post('/login', loginLimiter, async (req, res) => {
|
|
|
|
|
const { username, password } = req.body;
|
|
|
|
|
|
|
|
|
|
const user = users.find(u => u.username === username);
|
|
|
|
|
if (user && await bcrypt.compare(password, user.password)) {
|
|
|
|
|
return res.status(200).json({ message: 'Login successful!' });
|
|
|
|
|
} else {
|
|
|
|
|
return res.status(401).json({ message: 'Invalid username or password.' });
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// 启动服务器
|
|
|
|
|
app.listen(PORT, () => {
|
|
|
|
|
console.log(`Server is running on http://localhost:${PORT}`);
|
|
|
|
|
});
|
