Add rate limiting to login endpoint
Security: - Add slowapi dependency for rate limiting - Create rate_limit.py module with configurable limits - Apply 5 requests/minute limit to login endpoint - Make rate limit configurable via ORCHARD_LOGIN_RATE_LIMIT env var Testing: - Set high rate limit (1000/min) in docker-compose.local.yml for tests - All 265 tests pass
This commit is contained in:
Mondo Diaz
16
backend/app/rate_limit.py
Normal file
16
backend/app/rate_limit.py
Normal file
@@ -0,0 +1,16 @@
|
||||
"""Rate limiting configuration for Orchard API.
|
||||
|
||||
Uses slowapi for rate limiting with IP-based keys.
|
||||
"""
|
||||
|
||||
import os
|
||||
from slowapi import Limiter
|
||||
from slowapi.util import get_remote_address
|
||||
|
||||
# Rate limiter - uses IP address as key
|
||||
limiter = Limiter(key_func=get_remote_address)
|
||||
|
||||
# Rate limit strings - configurable via environment for testing
|
||||
# Default: 5 login attempts per minute per IP
|
||||
# In tests: set ORCHARD_LOGIN_RATE_LIMIT to a high value like "1000/minute"
|
||||
LOGIN_RATE_LIMIT = os.environ.get("ORCHARD_LOGIN_RATE_LIMIT", "5/minute")
|
||||
Reference in New Issue
Block a user