Documentation
¶
Index ¶
- type Config
- type LoginRateLimiter
- type LoginRateLimiterConfig
- type RateLimiter
- func NewRateLimiter(client *redis.Client, config Config, logger *zap.Logger) RateLimiter
- func ProvideGenericRateLimiter(redisClient *redis.Client, cfg *config.Config, logger *zap.Logger) RateLimiter
- func ProvidePluginAPIRateLimiter(redisClient *redis.Client, cfg *config.Config, logger *zap.Logger) RateLimiter
- func ProvideRateLimiter(redisClient *redis.Client, cfg *config.Config, logger *zap.Logger) RateLimiter
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// MaxRequests is the maximum number of requests allowed
MaxRequests int
// Window is the time window for rate limiting
Window time.Duration
// KeyPrefix is the prefix for Redis keys
KeyPrefix string
}
Config holds rate limiter configuration
type LoginRateLimiter ¶
type LoginRateLimiter interface {
// CheckAndRecordAttempt checks if login attempt is allowed and records it
// Returns: allowed (bool), isLocked (bool), remainingAttempts (int), error
CheckAndRecordAttempt(ctx context.Context, email string, clientIP string) (bool, bool, int, error)
// RecordFailedAttempt records a failed login attempt
RecordFailedAttempt(ctx context.Context, email string, clientIP string) error
// RecordSuccessfulLogin records a successful login and resets counters
RecordSuccessfulLogin(ctx context.Context, email string, clientIP string) error
// IsAccountLocked checks if an account is locked due to too many failed attempts
IsAccountLocked(ctx context.Context, email string) (bool, time.Duration, error)
// UnlockAccount manually unlocks an account (admin function)
UnlockAccount(ctx context.Context, email string) error
// GetFailedAttempts returns the number of failed attempts for an email
GetFailedAttempts(ctx context.Context, email string) (int, error)
}
LoginRateLimiter provides specialized rate limiting for login attempts with account lockout functionality
func NewLoginRateLimiter ¶
func NewLoginRateLimiter(client *redis.Client, config LoginRateLimiterConfig, logger *zap.Logger) LoginRateLimiter
NewLoginRateLimiter creates a new login rate limiter
func ProvideLoginRateLimiter ¶
func ProvideLoginRateLimiter(client *redis.Client, cfg *config.Config, logger *zap.Logger) LoginRateLimiter
ProvideLoginRateLimiter creates a LoginRateLimiter for dependency injection CWE-307: Implements rate limiting and account lockout protection against brute force attacks
type LoginRateLimiterConfig ¶
type LoginRateLimiterConfig struct {
// MaxAttemptsPerIP is the maximum login attempts per IP in the window
MaxAttemptsPerIP int
// IPWindow is the time window for IP-based rate limiting
IPWindow time.Duration
// MaxFailedAttemptsPerAccount is the maximum failed attempts before account lockout
MaxFailedAttemptsPerAccount int
// AccountLockoutDuration is how long to lock an account after too many failures
AccountLockoutDuration time.Duration
// KeyPrefix is the prefix for Redis keys
KeyPrefix string
}
LoginRateLimiterConfig holds configuration for login rate limiting
func DefaultLoginRateLimiterConfig ¶
func DefaultLoginRateLimiterConfig() LoginRateLimiterConfig
DefaultLoginRateLimiterConfig returns recommended configuration
type RateLimiter ¶
type RateLimiter interface {
// Allow checks if a request should be allowed based on the key
// Returns true if allowed, false if rate limit exceeded
Allow(ctx context.Context, key string) (bool, error)
// AllowN checks if N requests should be allowed
AllowN(ctx context.Context, key string, n int) (bool, error)
// Reset resets the rate limit for a key
Reset(ctx context.Context, key string) error
// GetRemaining returns the number of remaining requests
GetRemaining(ctx context.Context, key string) (int, error)
}
RateLimiter provides rate limiting functionality using Redis
func NewRateLimiter ¶
NewRateLimiter creates a new rate limiter
func ProvideGenericRateLimiter ¶
func ProvideGenericRateLimiter(redisClient *redis.Client, cfg *config.Config, logger *zap.Logger) RateLimiter
ProvideGenericRateLimiter provides a rate limiter for generic CRUD endpoints (CWE-770) This is used for authenticated endpoints like tenant/user/site management, admin endpoints Strategy: User-based limiting (authenticated user ID from JWT)
func ProvidePluginAPIRateLimiter ¶
func ProvidePluginAPIRateLimiter(redisClient *redis.Client, cfg *config.Config, logger *zap.Logger) RateLimiter
ProvidePluginAPIRateLimiter provides a rate limiter for WordPress plugin API endpoints (CWE-770) This is used for plugin endpoints that are core business/revenue endpoints Strategy: Site-based limiting (API key → site_id)
func ProvideRateLimiter ¶
func ProvideRateLimiter(redisClient *redis.Client, cfg *config.Config, logger *zap.Logger) RateLimiter
ProvideRateLimiter provides a rate limiter for dependency injection (registration endpoints)
Source Files