Merge pull request #4 from speee/fix/lockout-duration

make login lockout duration configurable
speee · Dec 16, 2024 · 7098f95 · 7098f95
2 parents 1e67d35 + 00d6332
commit 7098f95
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 1 deletion.
diff --git a/api/.env.example b/api/.env.example
@@ -435,3 +435,5 @@ CREATE_TIDB_SERVICE_JOB_ENABLED=false
 
 # Maximum number of submitted thread count in a ThreadPool for parallel node execution
 MAX_SUBMIT_COUNT=100
+# Lockout duration in seconds
+LOGIN_LOCKOUT_DURATION=86400
diff --git a/api/configs/feature/__init__.py b/api/configs/feature/__init__.py
@@ -485,6 +485,11 @@ class AuthConfig(BaseSettings):
         default=60,
     )
 
+    LOGIN_LOCKOUT_DURATION: PositiveInt = Field(
+        description="Time (in seconds) a user must wait before retrying login after exceeding the rate limit.",
+        default=86400,
+    )
+
 
 class ModerationConfig(BaseSettings):
     """

diff --git a/api/services/account_service.py b/api/services/account_service.py
@@ -420,7 +420,7 @@ def add_login_error_rate_limit(email: str) -> None:
         if count is None:
             count = 0
         count = int(count) + 1
-        redis_client.setex(key, 60 * 60 * 24, count)
+        redis_client.setex(key, dify_config.LOGIN_LOCKOUT_DURATION, count)
 
     @staticmethod
     def is_login_error_rate_limit(email: str) -> bool: