pierre/GeneIT
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8086c1b4c9
GeneIT/geneit_backend/src/services/rate_limiter_service.rs

88 lines
2.7 KiB
Rust
Raw Normal View History

Add rate limiting
2023-05-26 15:55:19 +00:00
use crate::connections::redis_connection;
use crate::utils::time_utils::time;
use std::net::IpAddr;
use std::time::Duration;
#[derive(Debug, Copy, Clone)]
pub enum RatedAction {
CreateAccount,
Can check the validity of a password reset token
2023-05-31 09:36:14 +00:00
CheckResetPasswordTokenFailed,
Can request password reset
2023-05-31 11:56:18 +00:00
RequestNewPasswordResetLink,
Implement password authentication
2023-05-31 13:17:00 +00:00
FailedPasswordLogin,
Add rate limiting
2023-06-02 09:52:10 +00:00
StartOpenIDLogin,
Can replace password
2023-06-05 17:02:51 +00:00
RequestReplacePasswordSignedIn,
Can request account deletion
2023-06-06 07:47:52 +00:00
RequestDeleteAccount,
Can join a family
2023-06-17 16:55:07 +00:00
JoinFamily,
Add rate limiting
2023-05-26 15:55:19 +00:00
}
impl RatedAction {
fn id(&self) -> &'static str {
match self {
RatedAction::CreateAccount => "create-account",
Can check the validity of a password reset token
2023-05-31 09:36:14 +00:00
RatedAction::CheckResetPasswordTokenFailed => "check-reset-password-token",
Can request password reset
2023-05-31 11:56:18 +00:00
RatedAction::RequestNewPasswordResetLink => "req-pwd-reset-lnk",
Implement password authentication
2023-05-31 13:17:00 +00:00
RatedAction::FailedPasswordLogin => "failed-login",
Add rate limiting
2023-06-02 09:52:10 +00:00
RatedAction::StartOpenIDLogin => "start-oidc-login",
Can request account deletion
2023-06-06 07:47:52 +00:00
RatedAction::RequestReplacePasswordSignedIn => "req-pwd-signed-in",
RatedAction::RequestDeleteAccount => "req-del-acct",
Can join a family
2023-06-17 16:55:07 +00:00
RatedAction::JoinFamily => "join-family",
Add rate limiting
2023-05-26 15:55:19 +00:00
}
}
fn limit(&self) -> usize {
match self {
RatedAction::CreateAccount => 5,
Can check the validity of a password reset token
2023-05-31 09:36:14 +00:00
RatedAction::CheckResetPasswordTokenFailed => 100,
Can request password reset
2023-05-31 11:56:18 +00:00
RatedAction::RequestNewPasswordResetLink => 5,
Implement password authentication
2023-05-31 13:17:00 +00:00
RatedAction::FailedPasswordLogin => 15,
Add rate limiting
2023-06-02 09:52:10 +00:00
RatedAction::StartOpenIDLogin => 30,
Can replace password
2023-06-05 17:02:51 +00:00
RatedAction::RequestReplacePasswordSignedIn => 5,
Can request account deletion
2023-06-06 07:47:52 +00:00
RatedAction::RequestDeleteAccount => 5,
Can join a family
2023-06-17 16:55:07 +00:00
RatedAction::JoinFamily => 10,
Add rate limiting
2023-05-26 15:55:19 +00:00
}
}
fn keep_seconds(&self) -> u64 {
Can request password reset
2023-05-31 11:56:18 +00:00
3600
Add rate limiting
2023-05-26 15:55:19 +00:00
}
fn key(&self, ip: IpAddr) -> String {
format!("rate-{}-{}", self.id(), ip)
}
}
/// Keep track of the time the action was executed by the user
#[derive(Debug, Clone, Default, serde::Serialize, serde::Deserialize)]
struct ActionRecord(Vec<u64>);
impl ActionRecord {
pub fn clean(&mut self, action: RatedAction) {
self.0.retain(|e| e + action.keep_seconds() > time());
}
}
/// Record a new action of the user
pub async fn record_action(ip: IpAddr, action: RatedAction) -> anyhow::Result<()> {
let key = action.key(ip);
let mut record = redis_connection::get_value::<ActionRecord>(&key)
.await?
.unwrap_or_default();
record.clean(action);
record.0.push(time());
redis_connection::set_value(&key, &record, Duration::from_secs(action.keep_seconds())).await?;
Ok(())
}
/// Check whether an action should be blocked, due to too much attempts from the user
pub async fn should_block_action(ip: IpAddr, action: RatedAction) -> anyhow::Result<bool> {
let mut record = redis_connection::get_value::<ActionRecord>(&action.key(ip))
.await?
.unwrap_or_default();
record.clean(action);
Ok(record.0.len() >= action.limit())
}
Reference in New Issue Copy Permalink