lindeas
/
jilo-web
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases 5 Wiki Activity

Compare commits

base: lindeas:f5499402492fce8f48c91d3922a0607ce24534de
Branches Tags
lindeas:main
lindeas:v0.3
lindeas:v0.2.1
lindeas:v0.2
lindeas:v0.1.1
lindeas:v0.1
...
compare: lindeas:08394be35ec1c63803652c5a1bb4ab881c293660
Branches Tags
lindeas:main
lindeas:v0.3
lindeas:v0.2.1
lindeas:v0.2
lindeas:v0.1.1
lindeas:v0.1

2 Commits
f549940249 ... 08394be35e

Author SHA1 Message Date
Yasen Pramatarov 08394be35e Ratelimit whitelist add/remove 2024-12-09 15:44:00 +02:00
Yasen Pramatarov c78951da60 Initial code for ratelimiter whitelist 2024-12-09 15:43:10 +02:00
1 changed files with 68 additions and 0 deletions
Show Stats Expand all files Collapse all files

68
app/classes/ratelimitrer.php
View File

@ -5,10 +5,13 @@ class RateLimiter {
private $maxAttempts = 5; // Maximum login attempts private $maxAttempts = 5; // Maximum login attempts
private $decayMinutes = 15; // Time window in minutes private $decayMinutes = 15; // Time window in minutes
private $tableName = 'login_attempts'; private $tableName = 'login_attempts';
private $whitelistedIps = []; // Whitelisted IPs
private $whitelistedNetworks = []; // Whitelisted CIDR ranges
public function __construct($database) { public function __construct($database) {
$this->db = $database->getConnection(); $this->db = $database->getConnection();
$this->createTableIfNotExists(); $this->createTableIfNotExists();
$this->loadWhitelist();
} }
private function createTableIfNotExists() { private function createTableIfNotExists() {
@ -23,6 +26,71 @@ class RateLimiter {
$this->db->exec($sql); $this->db->exec($sql);
} }
private function loadWhitelist() {
// Load from database or config
$this->whitelistedIps = [
'127.0.0.1', // localhost
'::1' // localhost IPv6
];
$this->whitelistedNetworks = [
'10.0.0.0/8', // Private network
'172.16.0.0/12', // Private network
'192.168.0.0/16' // Private network
];
}
private function isIpWhitelisted($ip) {
// Check exact IP match
if (in_array($ip, $this->whitelistedIps)) {
return true;
}
// Check CIDR ranges
foreach ($this->whitelistedNetworks as $network) {
if ($this->ipInRange($ip, $network)) {
return true;
}
}
return false;
}
private function ipInRange($ip, $cidr) {
list($subnet, $bits) = explode('/', $cidr);
$ip = ip2long($ip);
$subnet = ip2long($subnet);
$mask = -1 << (32 - $bits);
$subnet &= $mask;
return ($ip & $mask) == $subnet;
}
public function addToWhitelist($ip, $isNetwork = false) {
if ($isNetwork) {
if (!in_array($ip, $this->whitelistedNetworks)) {
$this->whitelistedNetworks[] = $ip;
}
} else {
if (!in_array($ip, $this->whitelistedIps)) {
$this->whitelistedIps[] = $ip;
}
}
}
public function removeFromWhitelist($ip) {
$indexIp = array_search($ip, $this->whitelistedIps);
if ($indexIp !== false) {
unset($this->whitelistedIps[$indexIp]);
}
$indexNetwork = array_search($ip, $this->whitelistedNetworks);
if ($indexNetwork !== false) {
unset($this->whitelistedNetworks[$indexNetwork]);
}
}
public function attempt($username, $ipAddress) { public function attempt($username, $ipAddress) {
// Clean old attempts // Clean old attempts
$this->clearOldAttempts(); $this->clearOldAttempts();