overleaf/services/web/app/coffee/Features/Security/LoginRateLimiter.coffee

Settings = require('settings-sharelatex')
redis = require("redis-sharelatex")
rclient = redis.createClient(Settings.redis.web)

buildKey = (k)->
	return "LoginRateLimit:#{k}"

ONE_MIN = 60
ATTEMPT_LIMIT = 10

module.exports =
	processLoginRequest: (email, callback)->
		multi = rclient.multi()
		multi.incr(buildKey(email))
		multi.get(buildKey(email))
		multi.expire(buildKey(email), ONE_MIN * 2)
		multi.exec (err, results)->
			loginCount = results[1]
			allow = loginCount <= ATTEMPT_LIMIT
			callback err, allow

	recordSuccessfulLogin: (email, callback = ->)->
		rclient.del buildKey(email), callback