main

2026-06-08 15:51:52 +08:00
commit f51c0ee636
74 changed files with 1223619 additions and 0 deletions
@@ -0,0 +1,42 @@
+const { checkRateLimit } = require('./db');
+
+const LIMITS = {
+  ip:      { max: 20, window: 300  },   // 20 req / 5 min
+  user:    { max: 5,  window: 600  },   // 5 failures / 10 min lock
+  hwid:    { max: 10, window: 900  }    // 10 failures / 15 min lock
+};
+
+/**
+ * Check all three rate limit dimensions.
+ * Returns { allowed, retryAfter } — retryAfter is the longest among triggered limits.
+ */
+function checkLoginRateLimit(ip, username, hwidCombined) {
+  let maxRetryAfter = 0;
+
+  // IP-based
+  const ipLimit = checkRateLimit(`ip:${ip}`, 'login', LIMITS.ip.max, LIMITS.ip.window);
+  if (!ipLimit.allowed) {
+    maxRetryAfter = Math.max(maxRetryAfter, ipLimit.retryAfter);
+  }
+
+  // Username-based (only for failed attempts — counted in login handler)
+  const userLimit = checkRateLimit(`user:${username}`, 'login', LIMITS.user.max, LIMITS.user.window);
+  if (!userLimit.allowed) {
+    maxRetryAfter = Math.max(maxRetryAfter, userLimit.retryAfter);
+  }
+
+  // HWID-based
+  if (hwidCombined) {
+    const hwidLimit = checkRateLimit(`hwid:${hwidCombined}`, 'login', LIMITS.hwid.max, LIMITS.hwid.window);
+    if (!hwidLimit.allowed) {
+      maxRetryAfter = Math.max(maxRetryAfter, hwidLimit.retryAfter);
+    }
+  }
+
+  return {
+    allowed: maxRetryAfter === 0,
+    retryAfter: maxRetryAfter
+  };
+}
+
+module.exports = { checkLoginRateLimit };