overleaf/services/web/app/coffee/Features/Security/LoginRateLimiter.coffee

Settings = require('settings-sharelatex')
redis = require('redis')
rclient = redis.createClient(Settings.redis.web.port, Settings.redis.web.host)
rclient.auth(Settings.redis.web.password)

buildKey = (k)->
	return "LoginRateLimit:#{k}"

ONE_MIN = 60
ATTEMPT_LIMIT = 10

module.exports =
	processLoginRequest: (email, callback)->
		multi = rclient.multi()
		multi.incr(buildKey(email))
		multi.get(buildKey(email))
		multi.expire(buildKey(email), ONE_MIN * 2)
		multi.exec (err, results)->
			loginCount = results[1]
			allow = loginCount <= ATTEMPT_LIMIT
			callback err, allow

	recordSuccessfulLogin: (email, callback = ->)->
		rclient.del buildKey(email), callback
Intial open source comment 2014-02-12 05:23:40 -05:00			`Settings = require('settings-sharelatex')`
			`redis = require('redis')`
			`rclient = redis.createClient(Settings.redis.web.port, Settings.redis.web.host)`
			`rclient.auth(Settings.redis.web.password)`

			`buildKey = (k)->`
			`return "LoginRateLimit:#{k}"`

			`ONE_MIN = 60`
			`ATTEMPT_LIMIT = 10`

			`module.exports =`
			`processLoginRequest: (email, callback)->`
			`multi = rclient.multi()`
			`multi.incr(buildKey(email))`
			`multi.get(buildKey(email))`
			`multi.expire(buildKey(email), ONE_MIN * 2)`
			`multi.exec (err, results)->`
			`loginCount = results[1]`
			`allow = loginCount <= ATTEMPT_LIMIT`
			`callback err, allow`

			`recordSuccessfulLogin: (email, callback = ->)->`
			`rclient.del buildKey(email), callback`