From 00d63327a51c5d85bf29be0ce13971f443283ff0 Mon Sep 17 00:00:00 2001 From: kazuhisa-wada Date: Mon, 16 Dec 2024 17:03:50 +0900 Subject: [PATCH] make login lockout duration configurable --- api/.env.example | 2 ++ api/configs/feature/__init__.py | 5 +++++ api/services/account_service.py | 2 +- 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/api/.env.example b/api/.env.example index 74f83aa06c8842..9602c6492d88ef 100644 --- a/api/.env.example +++ b/api/.env.example @@ -435,3 +435,5 @@ CREATE_TIDB_SERVICE_JOB_ENABLED=false # Maximum number of submitted thread count in a ThreadPool for parallel node execution MAX_SUBMIT_COUNT=100 +# Lockout duration in seconds +LOGIN_LOCKOUT_DURATION=86400 \ No newline at end of file diff --git a/api/configs/feature/__init__.py b/api/configs/feature/__init__.py index e79401bdfdabed..dfcfa635d43a2a 100644 --- a/api/configs/feature/__init__.py +++ b/api/configs/feature/__init__.py @@ -485,6 +485,11 @@ class AuthConfig(BaseSettings): default=60, ) + LOGIN_LOCKOUT_DURATION: PositiveInt = Field( + description="Time (in seconds) a user must wait before retrying login after exceeding the rate limit.", + default=86400, + ) + class ModerationConfig(BaseSettings): """ diff --git a/api/services/account_service.py b/api/services/account_service.py index f0c6ac7ebd622b..22b54a3ab87473 100644 --- a/api/services/account_service.py +++ b/api/services/account_service.py @@ -420,7 +420,7 @@ def add_login_error_rate_limit(email: str) -> None: if count is None: count = 0 count = int(count) + 1 - redis_client.setex(key, 60 * 60 * 24, count) + redis_client.setex(key, dify_config.LOGIN_LOCKOUT_DURATION, count) @staticmethod def is_login_error_rate_limit(email: str) -> bool: