From 6ec1bfd660aca5884678afb6a44b75959cb34ad9 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Wed, 16 Aug 2017 12:51:02 -0400
Subject: [PATCH] added artificial delay on reset route so that the heat death
 of the universe will arrive before you manage to identify a valid reset code

---
 src/middleware/index.js | 5 +++++
 src/routes/index.js     | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/middleware/index.js b/src/middleware/index.js
index 720fa50771..9072b0441d 100644
--- a/src/middleware/index.js
+++ b/src/middleware/index.js
@@ -181,3 +181,8 @@ middleware.processTimeagoLocales = function (req, res, next) {
 		},
 	], next);
 };
+
+middleware.delayLoading = function (req, res, next) {
+	// Introduces an artificial delay during load so that brute force attacks are effectively mitigated
+	setTimeout(next, 1000);
+};
diff --git a/src/routes/index.js b/src/routes/index.js
index 14d8f8cee4..f12a97b660 100644
--- a/src/routes/index.js
+++ b/src/routes/index.js
@@ -32,7 +32,7 @@ function mainRoutes(app, middleware, controllers) {
 	setupPageRoute(app, '/confirm/:code', middleware, [], controllers.confirmEmail);
 	setupPageRoute(app, '/outgoing', middleware, [], controllers.outgoing);
 	setupPageRoute(app, '/search', middleware, [], controllers.search.search);
-	setupPageRoute(app, '/reset/:code?', middleware, [], controllers.reset);
+	setupPageRoute(app, '/reset/:code?', middleware, [middleware.delayLoading], controllers.reset);
 	setupPageRoute(app, '/tos', middleware, [], controllers.termsOfUse);
 }