added artificial delay on reset route so that the heat death of the universe will arrive before you manage to identify a valid reset code

src/middleware/index.js

@@ -181,3 +181,8 @@ middleware.processTimeagoLocales = function (req, res, next) {
 		},
 	], next);
 };
+
+middleware.delayLoading = function (req, res, next) {
+	// Introduces an artificial delay during load so that brute force attacks are effectively mitigated
+	setTimeout(next, 1000);
+};

src/routes/index.js

@@ -32,7 +32,7 @@ function mainRoutes(app, middleware, controllers) {
 	setupPageRoute(app, '/confirm/:code', middleware, [], controllers.confirmEmail);
 	setupPageRoute(app, '/outgoing', middleware, [], controllers.outgoing);
 	setupPageRoute(app, '/search', middleware, [], controllers.search.search);
-	setupPageRoute(app, '/reset/:code?', middleware, [], controllers.reset);
+	setupPageRoute(app, '/reset/:code?', middleware, [middleware.delayLoading], controllers.reset);
 	setupPageRoute(app, '/tos', middleware, [], controllers.termsOfUse);
 }