README.md
# Meteor - Accounts - Lockout
[![Build Status](https://travis-ci.org/LucasAntoniassi/meteor-accounts-lockout.svg?branch=master)](https://travis-ci.org/LucasAntoniassi/meteor-accounts-lockout)
[![Codacy Badge](https://api.codacy.com/project/badge/Grade/8ce60fa7e2c24891b9bdfc3b65433d23)](https://www.codacy.com/app/lucasantoniassi/meteor-accounts-lockout?utm_source=github.com&utm_medium=referral&utm_content=LucasAntoniassi/meteor-accounts-lockout&utm_campaign=Badge_Grade)
[![Code Climate](https://codeclimate.com/github/LucasAntoniassi/meteor-accounts-lockout/badges/gpa.svg)](https://codeclimate.com/github/LucasAntoniassi/meteor-accounts-lockout)
## What it is
Seamless Meteor apps accounts protection from password brute-force attacks.
Users won't notice it. Hackers shall not pass.
![you-shall-not-pass](https://cloud.githubusercontent.com/assets/3399956/9023729/007dd2a2-38b1-11e5-807a-b81c6ce00c80.jpg)
## Installation
```
meteor add lucasantoniassi:accounts-lockout
```
## Usage via ES6 import
```javascript
// server
import { AccountsLockout } from 'meteor/lucasantoniassi:accounts-lockout';
```
## How to use
Default settings:
```javascript
"knownUsers": {
"failuresBeforeLockout": 3, // positive integer greater than 0
"lockoutPeriod": 60, // in seconds
"failureWindow": 10 // in seconds
},
"unknownUsers": {
"failuresBeforeLockout": 3, // positive integer greater than 0
"lockoutPeriod": 60, // in seconds
"failureWindow": 10 // in seconds
}
```
`knownUsers` are users where already belongs to your `Meteor.users` collections,
these rules are applied if they attempt to login with an incorrect password but a know email.
`unknownUsers` are users where **not** belongs to your `Meteor.users` collections,
these rules are applied if they attempt to login with a unknown email.
`failuresBeforeLockout` should be a positive integer greater than 0.
`lockoutPeriod` should be in seconds.
`failureWindow` should be in seconds.
If the `default` is nice to you, you can do that.
```javascript
(new AccountsLockout()).startup();
```
You can overwrite passing an `object` as argument.
```javascript
(new AccountsLockout({
knownUsers: {
failuresBeforeLockout: 3,
lockoutPeriod: 60,
failureWindow: 15,
},
unknownUsers: {
failuresBeforeLockout: 3,
lockoutPeriod: 60,
failureWindow: 15,
},
})).startup();
```
If you prefer, you can pass a `function` as argument.
```javascript
const knownUsersRules = (user) => {
// apply some logic with this user
return {
failuresBeforeLockout,
lockoutPeriod,
failureWindow,
};
};
const unknownUsersRules = (connection) => {
// apply some logic with this connection
return {
failuresBeforeLockout,
lockoutPeriod,
failureWindow,
};
};
(new AccountsLockout({
knownUsers: knownUsersRules,
unknownUsers: unknownUsersRules,
})).startup();
```
If you prefer, you can use `Meteor.settings`. It will overwrite any previous case.
```javascript
"accounts-lockout": {
"knownUsers": {
"failuresBeforeLockout": 3,
"lockoutPeriod": 60,
"failureWindow": 10
},
"unknownUsers": {
"failuresBeforeLockout": 3,
"lockoutPeriod": 60,
"failureWindow": 10
}
}
```
## License
This package is open-sourced software licensed under the [MIT license](http://opensource.org/licenses/MIT).