From db77b027e5dfa09e27a163288992bc5d969c16f0 Mon Sep 17 00:00:00 2001 From: Achilles Kaloeridis Date: Mon, 29 Apr 2024 20:30:15 +0300 Subject: [PATCH] Add login rate limiter --- composer.json | 1 + composer.lock | 72 ++++++++++++++++++++++++++++++++++- config/packages/security.yaml | 4 ++ 3 files changed, 76 insertions(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 3800628..c640e73 100644 --- a/composer.json +++ b/composer.json @@ -42,6 +42,7 @@ "symfony/monolog-bundle": "^3.0", "symfony/property-access": "7.0.*", "symfony/property-info": "7.0.*", + "symfony/rate-limiter": "7.0.*", "symfony/runtime": "7.0.*", "symfony/security-bundle": "7.0.*", "symfony/security-csrf": "7.0.*", diff --git a/composer.lock b/composer.lock index 44f09f4..6e43b21 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "916b219ffebe744b1712ef95cf9fa513", + "content-hash": "436caee560a6b0caa29cf5d32282cd16", "packages": [ { "name": "api-platform/core", @@ -6985,6 +6985,76 @@ ], "time": "2024-01-23T15:02:46+00:00" }, + { + "name": "symfony/rate-limiter", + "version": "v7.0.7", + "source": { + "type": "git", + "url": "https://github.com/symfony/rate-limiter.git", + "reference": "7ba48d83a622ebcd0a804776c505c05898a6f0e9" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/rate-limiter/zipball/7ba48d83a622ebcd0a804776c505c05898a6f0e9", + "reference": "7ba48d83a622ebcd0a804776c505c05898a6f0e9", + "shasum": "" + }, + "require": { + "php": ">=8.2", + "symfony/options-resolver": "^6.4|^7.0" + }, + "require-dev": { + "psr/cache": "^1.0|^2.0|^3.0", + "symfony/lock": "^6.4|^7.0" + }, + "type": "library", + "autoload": { + "psr-4": { + "Symfony\\Component\\RateLimiter\\": "" + }, + "exclude-from-classmap": [ + "/Tests/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Wouter de Jong", + "email": "wouter@wouterj.nl" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Provides a Token Bucket implementation to rate limit input and output in your application", + "homepage": "https://symfony.com", + "keywords": [ + "limiter", + "rate-limiter" + ], + "support": { + "source": "https://github.com/symfony/rate-limiter/tree/v7.0.7" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2024-04-18T09:29:19+00:00" + }, { "name": "symfony/routing", "version": "v7.0.5", diff --git a/config/packages/security.yaml b/config/packages/security.yaml index 8b5b4ed..b99df41 100644 --- a/config/packages/security.yaml +++ b/config/packages/security.yaml @@ -27,6 +27,10 @@ security: remember_me: secret: '%kernel.secret%' # required lifetime: 604800 # 1 week in seconds + + login_throttling: + max_attempts: 5 + interval: '10 minutes' # activate different ways to authenticate # https://symfony.com/doc/current/security.html#the-firewall