Prevents brute-force attacks against remember-me cookies. Uses Memcached (Cache::add + increment) to track failures per IP: 5 attempts in 15 min window, auto-expiring via TTL. Counter resets on successful auto-login. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
50 lines
1.0 KiB
PHP
50 lines
1.0 KiB
PHP
<?php
|
|
|
|
namespace MintyPHP\Service\Auth;
|
|
|
|
use MintyPHP\Cache;
|
|
|
|
class RememberMeRateLimiter
|
|
{
|
|
private const KEY_PREFIX = 'remember_rl:';
|
|
private const MAX_ATTEMPTS = 5;
|
|
private const WINDOW_SECONDS = 900; // 15 minutes
|
|
|
|
public function isBlocked(string $ip): bool
|
|
{
|
|
if ($ip === '') {
|
|
return false;
|
|
}
|
|
|
|
$count = Cache::get(self::KEY_PREFIX . $ip);
|
|
|
|
return is_int($count) && $count >= self::MAX_ATTEMPTS;
|
|
}
|
|
|
|
public function recordFailure(string $ip): void
|
|
{
|
|
if ($ip === '') {
|
|
return;
|
|
}
|
|
|
|
$key = self::KEY_PREFIX . $ip;
|
|
|
|
// add() only sets if key doesn't exist — creates the window.
|
|
// If key already exists, add() returns false and we just increment.
|
|
if (Cache::add($key, 1, self::WINDOW_SECONDS)) {
|
|
return;
|
|
}
|
|
|
|
Cache::increment($key);
|
|
}
|
|
|
|
public function reset(string $ip): void
|
|
{
|
|
if ($ip === '') {
|
|
return;
|
|
}
|
|
|
|
Cache::delete(self::KEY_PREFIX . $ip);
|
|
}
|
|
}
|