I was looking at the code of bouncer and found it weird that the used middleware does not match the defined function [bouncer.blocked => bouncer.block]
```
bouncer.blocked = function (req, res, next, remaining) {
res.send(429, "Too many requests have been made. Please wait " + remaining/1000 + " seconds.");
};
// route to protect
app.post("/login", bouncer.block, function(req, res) {
if (LoginFailed){ }
else {
bouncer.reset( req );
}
});
```
So I went to check the library to understand why. The library hasn't been updated since 5 years!
Maybe you're right in your conclusion, but for the wrong reasons. `bouncer.block` and `bouncer.blocked` are two different things. The first is the middleware, which tracks whether the user should be blocked. The second is an optionally defined custom error function, informing the user that they have indeed been blocked.
Perhaps the library hasn't been updated simply because it's complete?
``` bouncer.blocked = function (req, res, next, remaining) { res.send(429, "Too many requests have been made. Please wait " + remaining/1000 + " seconds."); }; // route to protect app.post("/login", bouncer.block, function(req, res) { if (LoginFailed){ } else { bouncer.reset( req ); } }); ```
So I went to check the library to understand why. The library hasn't been updated since 5 years!
https://www.npmjs.com/package/express-bouncer
I'm not sure if these security measures are up to date.