Create `limit' package, remove need of login_attempts.go

2016-09-06 17:04:22 +02:00
parent 7e5d35d79a
commit 1826246125
4 changed files with 128 additions and 133 deletions
--- a/app/v1/login_attempts.go
+++ b/app/v1/login_attempts.go
@@ -1,61 +0,0 @@
-package v1
-
-import (
-	"sync"
-	"time"
-)
-
-type failedAttempt struct {
-	attempt time.Time
-	ID      int
-}
-
-var failedAttempts []failedAttempt
-var failedAttemptsMutex = new(sync.RWMutex)
-
-// removeUseless removes the expired attempts in failedAttempts
-func removeUseless() {
-	for {
-		failedAttemptsMutex.RLock()
-		var localCopy = make([]failedAttempt, len(failedAttempts))
-		copy(localCopy, failedAttempts)
-		failedAttemptsMutex.RUnlock()
-		var newStartFrom int
-		for k, v := range localCopy {
-			if time.Since(v.attempt) > time.Minute*10 {
-				newStartFrom = k + 1
-			} else {
-				break
-			}
-		}
-		copySl := localCopy[newStartFrom:]
-		failedAttemptsMutex.Lock()
-		failedAttempts = make([]failedAttempt, len(copySl))
-		for i, v := range copySl {
-			failedAttempts[i] = v
-		}
-		failedAttemptsMutex.Unlock()
-		time.Sleep(time.Minute * 10)
-	}
-}
-
-func addFailedAttempt(uid int) {
-	failedAttemptsMutex.Lock()
-	failedAttempts = append(failedAttempts, failedAttempt{
-		attempt: time.Now(),
-		ID:      uid,
-	})
-	failedAttemptsMutex.Unlock()
-}
-
-func nFailedAttempts(uid int) int {
-	var count int
-	failedAttemptsMutex.RLock()
-	for _, i := range failedAttempts {
-		if i.ID == uid && time.Since(i.attempt) < time.Minute*10 {
-			count++
-		}
-	}
-	failedAttemptsMutex.RUnlock()
-	return count
-}
--- a/app/v1/token.go
+++ b/app/v1/token.go
@@ -8,6 +8,7 @@ import (
 	"github.com/jmoiron/sqlx"

 	"git.zxq.co/ripple/rippleapi/common"
+	"git.zxq.co/ripple/rippleapi/limit"
 	"git.zxq.co/ripple/schiavolib"
 	"golang.org/x/crypto/bcrypt"
 )
@@ -76,7 +77,7 @@ func TokenNewPOST(md common.MethodData) common.CodeMessager {
 	}
 	privileges := common.UserPrivileges(privilegesRaw)

-	if nFailedAttempts(r.ID) > 20 {
+	if !limit.NonBlockingRequest(fmt.Sprintf("loginattempt:%d:%s", r.ID, md.C.ClientIP()), 5) {
 		return common.SimpleResponse(429, "You've made too many login attempts. Try again later.")
 	}

@@ -85,7 +86,6 @@ func TokenNewPOST(md common.MethodData) common.CodeMessager {
 	}
 	if err := bcrypt.CompareHashAndPassword([]byte(pw), []byte(fmt.Sprintf("%x", md5.Sum([]byte(data.Password))))); err != nil {
 		if err == bcrypt.ErrMismatchedHashAndPassword {
-			go addFailedAttempt(r.ID)
 			return common.SimpleResponse(403, "That password doesn't match!")
 		}
 		md.Err(err)