o Fý¤h¡$ã@sêdZddlmZddlZddlZddlmZddlmZd5d d „Z d6dd„Z d7dd„Z e ddƒZ e ddƒZ e ddƒZe dd¡dkZdd„Zd8dd„Zd9d d!„Zd:d%d&„Zd;d'd(„Zdd/d0„Zd?d1d2„Zd?d3d4„ZdS)@a‰ rate_limit.py Purpose: Implements robust, database-backed login rate limiting and lockout to mitigate credential stuffing and brute-force attacks. Tracks failed login attempts per (username, ip) pair with a sliding window and enforces a temporary lock after too many failures. How it works: - On each login POST, `is_login_allowed(username, ip)` is called. - If an active lock exists (locked_until > now), it returns (False, retry_s). - On password failure, `record_login_failure(username, ip)`: - Resets the window if last_failed_at is outside the window. - Increments fail_count and, when threshold is reached, sets locked_until. - On success, `record_login_success(username, ip)` resets counters. Defense-in-depth: - Also enforces an IP-level limiter (`is_ip_allowed(ip)`) to avoid trivial bypass by switching usernames. Both username+ip and ip-only checks must pass. Configuration (env vars): - LOGIN_MAX_FAILS: max failures in the window before lock (default: 5) - LOGIN_WINDOW_SECONDS: sliding window duration in seconds (default: 900) - LOGIN_LOCK_SECONDS: lock duration after threshold exceeded (default: 900) é)Ú annotationsN)ÚTupleé)Úget_dbÚreturnÚintcCs tt ¡ƒS©N)rÚtime©r r ú'/var/www/html/app_modules/rate_limit.pyÚ_now_ts%s r ÚipÚstrÚboolcCs.|sdShd£}||vrdS| d¡rdSdS)zMCheck if the IP address is localhost and should be exempt from rate limiting.F>ú::1ú0.0.0.0ú 127.0.0.1Ú localhostTz127.)Ú startswith)r Ú localhost_ipsr r r Ú_is_localhost_ip)s rÚnameÚdefaultcCs.z tt |t|ƒ¡ƒWSty|YSwr)rÚosÚgetenvrÚ Exception)rrr r r Ú_cfg_int@s  ÿrÚLOGIN_MAX_FAILSé ÚLOGIN_WINDOW_SECONDSi,ÚLOGIN_LOCK_SECONDSÚLOGIN_LOCK_IP_ON_ACCOUNT_LOCKÚ1cCs.tƒ}| d¡| ¡| d¡| ¡dS)Na{ CREATE TABLE IF NOT EXISTS login_attempts ( id INTEGER PRIMARY KEY AUTOINCREMENT, username TEXT NOT NULL, ip TEXT NOT NULL, fail_count INTEGER NOT NULL DEFAULT 0, last_failed_at INTEGER NOT NULL DEFAULT 0, locked_until INTEGER NOT NULL DEFAULT 0, UNIQUE(username, ip) ) a  CREATE TABLE IF NOT EXISTS login_ip_attempts ( ip TEXT PRIMARY KEY, fail_count INTEGER NOT NULL DEFAULT 0, last_failed_at INTEGER NOT NULL DEFAULT 0, locked_until INTEGER NOT NULL DEFAULT 0 ) ©rÚexecuteÚcommit)Údbr r r Ú_ensure_schemaMsÿ ÿ r'ÚusernamecCstƒ}| d||f¡}| ¡S)NzaSELECT fail_count, last_failed_at, locked_until FROM login_attempts WHERE username = ? AND ip = ?©rr$Úfetchone)r(r r&Úcurr r r Ú_get_rowls þr,cCstƒ}| d|f¡}| ¡S)NzSSELECT fail_count, last_failed_at, locked_until FROM login_ip_attempts WHERE ip = ?r))r r&r+r r r Ú _get_ip_rowus þr-Ú fail_countÚlast_failed_atÚ locked_untilcCs(tƒ}| d|||||f¡| ¡dS)NaC INSERT INTO login_attempts (username, ip, fail_count, last_failed_at, locked_until) VALUES (?, ?, ?, ?, ?) ON CONFLICT(username, ip) DO UPDATE SET fail_count=excluded.fail_count, last_failed_at=excluded.last_failed_at, locked_until=excluded.locked_until r#)r(r r.r/r0r&r r r Ú _upsert_row~s  ÷ r1cCs&tƒ}| d||||f¡| ¡dS)Na/ INSERT INTO login_ip_attempts (ip, fail_count, last_failed_at, locked_until) VALUES (?, ?, ?, ?) ON CONFLICT(ip) DO UPDATE SET fail_count=excluded.fail_count, last_failed_at=excluded.last_failed_at, locked_until=excluded.locked_until r#)r r.r/r0r&r r r Ú_upsert_ip_rowŽs  ÷ r2úTuple[bool, int]cCst|ƒrdStƒt||ƒ}tƒ}|r~t|dpdƒ}||kr%d||fSt|dp+dƒtkr~t|dp5dƒt|kr~|t}t||t|dpHdƒt|dpOdƒ|ƒt rzt |ƒ}t|r`|dndpcdƒ}||krzt |t|rr|dndpudƒ||ƒdtfSdS)z&Return (allowed, retry_after_seconds).©Trr0rFr.r/) rr'r,r rrrr r1ÚLOCK_IP_ON_ACCOUNT_LOCKr-r2)r(r ÚrowÚnowr0Ú lock_untilÚip_rowÚexistingr r r Úis_login_allowedžs&  ,("r;cCsªt|ƒrdStƒt|ƒ}tƒ}|rSt|dpdƒ}||kr$d||fSt|dp*dƒtkrSt|dp4dƒt|krSt|t|dpBdƒt|dpIdƒ|tƒdtfSdS)Nr4r0rFr.r/) rr'r-r rrrr2r )r r6r7r0r r r Ú is_ip_allowedºs ,*r<ÚNonecCs¤t|ƒrdStƒtƒ}t|ƒ}|st|d|dƒdSt|dp!dƒ}t|dp)dƒ}t|dp1dƒ}|t|kr;d}|d7}|}|tkrI|t}t||||ƒdS)z‹Increment only the IP-level counters. Used for attempts blocked before credential verification to escalate to IP lock across usernames.Nrrr.r/r0) rr'r r-r2rrrr )r r7r6ÚfailÚlastÚlockr r r Úrecord_ip_failureÌs$ rAc Cs0t|ƒrdStƒtƒ}t||ƒ}|st||d|dƒn6t|dp"dƒ}t|dp*dƒ}t|dp2dƒ}|t|kr   rEcCs(tƒtƒ}| d||f¡| ¡dS)Nz8DELETE FROM login_attempts WHERE username = ? AND ip = ?)r'rr$r%)r(r r&r r r Úrecord_login_successs rF)rr)r rrr)rrrrrr)r(rr r)r r) r(rr rr.rr/rr0r)r rr.rr/rr0r)r(rr rrr3)r rrr3)r rrr=)r(rr rrr=)Ú__doc__Ú __future__rrr Útypingrr&rr rrrrr rr5r'r,r-r1r2r;r<rArErFr r r r Ús.               -