Node.js Best Practices — Improving Security

Photo by Jennifer Chen on Unsplash

Node.js is a popular runtime to write apps for. These apps are often production quality apps that are used by many people. To make maintaining them easier, we’ve to set some guidelines for people to follow.

In this article, we’ll look at how to improve the security of our Node.js apps.

Prevent Brute-Force Attacks Against Authorization

We should rate limit our login routes so that attackers can’t have too many failed login attempts in a period of time. To do this, we can check the IP address or the ID or name of the computer that’s trying to log in.

Otherwise, attackers may make enough guesses to make the correct guess to log in.

To add brute force protection to an Express app, we can use the express-brute package. We can use it as follows:

const express = require('express');
const bodyParser = require('body-parser');
const ExpressBrute = require('express-brute');
const store = new ExpressBrute.MemoryStore();
const bruteforce = new ExpressBrute(store);
const app = express();
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));
app.post('/auth',
  bruteforce.prevent,
  (req, res, next) => {…