Package io.fathom.cloud

Source Code of io.fathom.cloud.LoginLimits

package io.fathom.cloud;

import javax.inject.Inject;
import javax.inject.Singleton;
import javax.servlet.http.HttpServletRequest;

import com.fathomdb.TimeSpan;
import com.fathomdb.ratelimit.RateLimit;
import com.fathomdb.ratelimit.RateLimitSystem;

@Singleton
public class LoginLimits {
    final RateLimit[] FAILED_LOGINS_BY_USERNAME;
    final RateLimit[] FAILED_LOGINS_BY_IP;

    @Inject
    public LoginLimits(RateLimitSystem rateLimitSystem) {
        FAILED_LOGINS_BY_USERNAME = new RateLimit[3];

        FAILED_LOGINS_BY_USERNAME[0] = new RateLimit(rateLimitSystem, "loginfail/user/5m/", TimeSpan.FIVE_MINUTES, 10);
        FAILED_LOGINS_BY_USERNAME[1] = new RateLimit(rateLimitSystem, "loginfail/user/1h/", TimeSpan.ONE_HOUR, 20);
        FAILED_LOGINS_BY_USERNAME[2] = new RateLimit(rateLimitSystem, "loginfail/user/1d/", TimeSpan.ONE_DAY, 30);

        FAILED_LOGINS_BY_IP = new RateLimit[3];

        FAILED_LOGINS_BY_IP[0] = new RateLimit(rateLimitSystem, "loginfail/ip/5m/", TimeSpan.FIVE_MINUTES, 10);
        FAILED_LOGINS_BY_IP[1] = new RateLimit(rateLimitSystem, "loginfail/ip/1h/", TimeSpan.ONE_HOUR, 20);
        FAILED_LOGINS_BY_IP[2] = new RateLimit(rateLimitSystem, "loginfail/ip/1d/", TimeSpan.ONE_DAY, 30);
    }

    public boolean isOverLimit(HttpServletRequest httpRequest, String username) {
        if (username != null) {
            for (RateLimit rateLimit : FAILED_LOGINS_BY_USERNAME) {
                if (rateLimit.isOverLimit(username)) {
                    return true;
                }
            }
        }

        String ip = getIp(httpRequest);
        if (ip != null) {
            for (RateLimit rateLimit : FAILED_LOGINS_BY_IP) {
                if (rateLimit.isOverLimit(ip)) {
                    return true;
                }
            }
        }

        return false;
    }

    private String getIp(HttpServletRequest httpRequest) {
        if (httpRequest == null) {
            return null;
        }

        String ip = httpRequest.getRemoteAddr();
        return ip;
    }

    public void recordFail(HttpServletRequest httpRequest, String username) {
        if (username != null) {
            for (RateLimit rateLimit : FAILED_LOGINS_BY_USERNAME) {
                rateLimit.add(username, 1);
            }
        }

        String ip = getIp(httpRequest);
        if (ip != null) {
            for (RateLimit rateLimit : FAILED_LOGINS_BY_IP) {
                rateLimit.add(ip, 1);
            }
        }
    }
}
TOP

Related Classes of io.fathom.cloud.LoginLimits

TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.