The answer.js
file contains the following:
'use strict'
const {
PORT, HASH
} = process.env
function login (user, passwd) {
return user === 'node' && passwd === 'developer'
}
Using the Node-core API's or any framework or libraries of your choice, build a web-server listening for requests on PORT
.
This server should have a single endpoint /login
which should only accept a POST method with 2 mandatory parameters:
username and
Password
Said parameters should be provided to the login-function in order to validate a user. If the login returns ‘true’ return status code ‘200’. If not, then return 401. There is no need to send any other info, just the status code.
- Modify the login function to check the password hashed provided in the variable
HASH
. This hash was created using 10 rounds of salt generation, compare the hash against the user submission. - Track the failing login attempts per IP and ban an IP when 3 failing attempts occurred. Any subsequent call from this IP should not be allowed and should return a 500 status code.