turf_saas/portal_server.py at 4b4323f707d90cfddd45d084c6f61134c4edb475

Files

DevOps Engineer 7f5573f076 feat(security): add IP-based rate limiting on /api/v1/auth/login — fix brute force HRT-62

- saas_auth.py: in-memory sliding-window rate limiter (5 attempts/5min, 15min block)
  using collections.defaultdict + threading.Lock, stdlib only, no new deps
- portal_server.py: register rate_limit_middleware + access_log_middleware
  (was missing, leaving global 100req/min limit unApplied on portal routes)
- tests/security/test_security.py: add TestLoginRateLimit class with
  test_login_brute_force_blocked_after_5_attempts and test_login_429_has_retry_after_header

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-04-27 14:50:08 +02:00

30 KiB

Executable File

Raw Blame History

View Raw

30 KiB Executable File Raw Blame History

30 KiB

Executable File

Raw Blame History