2FAS/2fas-server
1
0
Fork 0
mirror of https://github.com/twofas/2fas-server.git synced 2024-12-12 20:20:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
f3706182cc
2fas-server/internal/api/mobile/app/security/middleware.go
Tobiasz Heller f3706182cc
feat: rate limit using redis (#20)
2024-01-02 09:48:34 +01:00

52 lines
1.3 KiB
Go
Raw Blame History

package security
import (
"fmt"
"net/http"
"strings"
"time"
"github.com/gin-gonic/gin"
"github.com/twofas/2fas-server/internal/common/logging"
"github.com/twofas/2fas-server/internal/common/rate_limit"
)
const defaultMobileApiBandwidthAbuseThreshold = 100
func MobileIpAbuseAuditMiddleware(rateLimiter rate_limit.RateLimiter, rateLimitValue int) gin.HandlerFunc {
return func(c *gin.Context) {
deviceId := c.Param("device_id")
extensionId := c.Param("extension_id")
if deviceId == "" && extensionId == "" {
return
}
key := strings.TrimSuffix(
fmt.Sprintf("security.api.mobile.bandwidth.%s.%s", deviceId, extensionId),
".",
)
limitValue := rateLimitValue
if limitValue == 0 {
limitValue = defaultMobileApiBandwidthAbuseThreshold
}
rate := rate_limit.Rate{
TimeUnit: time.Minute,
Limit: limitValue,
}
limitReached := rateLimiter.Test(c, key, rate)
if limitReached {
logging.WithFields(logging.Fields{
"type": "security",
"uri": c.Request.URL.String(),
"device_id": deviceId,
"browser_extension_id": extensionId,
"ip": c.ClientIP(),
}).Warning("API potentially abused at mobile scope, blocking")
c.AbortWithStatus(http.StatusTooManyRequests)
}
}
}
Reference in New Issue View Git Blame Copy Permalink