43 lines
1.3 KiB
JavaScript
43 lines
1.3 KiB
JavaScript
const { checkRateLimit } = require('./db');
|
|
|
|
const LIMITS = {
|
|
ip: { max: 20, window: 300 }, // 20 req / 5 min
|
|
user: { max: 5, window: 600 }, // 5 failures / 10 min lock
|
|
hwid: { max: 10, window: 900 } // 10 failures / 15 min lock
|
|
};
|
|
|
|
/**
|
|
* Check all three rate limit dimensions.
|
|
* Returns { allowed, retryAfter } — retryAfter is the longest among triggered limits.
|
|
*/
|
|
function checkLoginRateLimit(ip, username, hwidCombined) {
|
|
let maxRetryAfter = 0;
|
|
|
|
// IP-based
|
|
const ipLimit = checkRateLimit(`ip:${ip}`, 'login', LIMITS.ip.max, LIMITS.ip.window);
|
|
if (!ipLimit.allowed) {
|
|
maxRetryAfter = Math.max(maxRetryAfter, ipLimit.retryAfter);
|
|
}
|
|
|
|
// Username-based (only for failed attempts — counted in login handler)
|
|
const userLimit = checkRateLimit(`user:${username}`, 'login', LIMITS.user.max, LIMITS.user.window);
|
|
if (!userLimit.allowed) {
|
|
maxRetryAfter = Math.max(maxRetryAfter, userLimit.retryAfter);
|
|
}
|
|
|
|
// HWID-based
|
|
if (hwidCombined) {
|
|
const hwidLimit = checkRateLimit(`hwid:${hwidCombined}`, 'login', LIMITS.hwid.max, LIMITS.hwid.window);
|
|
if (!hwidLimit.allowed) {
|
|
maxRetryAfter = Math.max(maxRetryAfter, hwidLimit.retryAfter);
|
|
}
|
|
}
|
|
|
|
return {
|
|
allowed: maxRetryAfter === 0,
|
|
retryAfter: maxRetryAfter
|
|
};
|
|
}
|
|
|
|
module.exports = { checkLoginRateLimit };
|