diff options
| author | nsfisis <nsfisis@gmail.com> | 2026-02-13 23:31:19 +0900 |
|---|---|---|
| committer | nsfisis <nsfisis@gmail.com> | 2026-02-13 23:31:19 +0900 |
| commit | 7757f26295cbf19c4d6fa068e2cb6bdc2589d01a (patch) | |
| tree | 48d1145bacad99018378f20aa9826b04e7fa2832 /backend/main.go | |
| parent | 470b7235b80d082009ad350e2b33ef6637209e02 (diff) | |
| download | phperkaigi-2026-albatross-7757f26295cbf19c4d6fa068e2cb6bdc2589d01a.tar.gz phperkaigi-2026-albatross-7757f26295cbf19c4d6fa068e2cb6bdc2589d01a.tar.zst phperkaigi-2026-albatross-7757f26295cbf19c4d6fa068e2cb6bdc2589d01a.zip | |
feat(auth): add login rate limiting per IP
Prevent brute-force attacks by limiting POST /login to 5 requests per
minute per IP address using golang.org/x/time/rate. Unused entries are
cleaned up after 10 minutes of inactivity.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Diffstat (limited to 'backend/main.go')
| -rw-r--r-- | backend/main.go | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/backend/main.go b/backend/main.go index 1f48af0..40fb8f0 100644 --- a/backend/main.go +++ b/backend/main.go @@ -5,17 +5,20 @@ import ( "fmt" "log" "net/http" + "time" "github.com/jackc/pgx/v5/pgxpool" "github.com/labstack/echo/v4" "github.com/labstack/echo/v4/middleware" oapimiddleware "github.com/oapi-codegen/echo-middleware" + "golang.org/x/time/rate" "albatross-2026-backend/admin" "albatross-2026-backend/api" "albatross-2026-backend/config" "albatross-2026-backend/db" "albatross-2026-backend/game" + "albatross-2026-backend/ratelimit" "albatross-2026-backend/taskqueue" ) @@ -66,7 +69,10 @@ func main() { gameHub := game.NewGameHub(queries, taskQueue, workerServer) + loginRL := ratelimit.NewIPRateLimiter(rate.Every(time.Minute/5), 5) + apiGroup := e.Group(conf.BasePath + "api") + apiGroup.Use(ratelimit.LoginRateLimitMiddleware(loginRL)) apiGroup.Use(oapimiddleware.OapiRequestValidator(openAPISpec)) apiHandler := api.NewHandler(queries, gameHub) api.RegisterHandlers(apiGroup, api.NewStrictHandler(apiHandler, nil)) |