@compyai/securetoken
Version:
A modular, encrypted, DB-agnostic token system with optional refresh support, honeypot protection, and revocation. A secure alternative to JWT.
41 lines (36 loc) • 935 B
JavaScript
// Tracks failed validation attempts per IP + User-Agent combo
const failMap = new Map();
/**
* Record a failed attempt.
* @param {string} ip
* @param {string} ua
* @returns {object} updated fail data
*/
function trackFail(ip, ua) {
const key = `${ip}|${ua}`;
const entry = failMap.get(key) || { count: 0, lastFail: Date.now() };
entry.count += 1;
entry.lastFail = Date.now();
failMap.set(key, entry);
return { ...entry };
}
/**
* Check if honeypot should trigger.
* @param {string} ip
* @param {string} ua
* @param {number} threshold
* @returns {boolean}
*/
function shouldHoneypot(ip, ua, threshold) {
const entry = failMap.get(`${ip}|${ua}`);
return !!entry && entry.count >= threshold;
}
/**
* Reset fail tracking for a source.
* @param {string} ip
* @param {string} ua
*/
function resetFail(ip, ua) {
failMap.delete(`${ip}|${ua}`);
}
module.exports = { trackFail, shouldHoneypot, resetFail };