Soverein/sanasto-wiki
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rate limiting sesisons

Browse Source
This commit is contained in:
Runar Ingebrigtsen
2026-01-30 10:08:57 +01:00
parent 20ce18ca74
commit 32a4ffa70e
1 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/controllers/sessions_controller.rb
+21
View File
@@ -1,4 +1,6 @@
class SessionsController < ApplicationController class SessionsController < ApplicationController
include RateLimiter
def new def new
# Redirect to admin if already logged in # Redirect to admin if already logged in
if logged_in? if logged_in?
@@ -7,6 +9,9 @@ class SessionsController < ApplicationController
end end
def create def create
# Skip authentication if rate limited
return if @rate_limited
user = User.find_by(email: params[:email]&.downcase&.strip) user = User.find_by(email: params[:email]&.downcase&.strip)
if user&.authenticate(params[:password]) if user&.authenticate(params[:password])
@@ -17,7 +22,23 @@ class SessionsController < ApplicationController
return return
end end
# Reset rate limit on successful login
reset_rate_limit
session[:user_id] = user.id session[:user_id] = user.id
session[:last_activity_at] = Time.current.to_s
# Handle remember me
if params[:remember_me] == "1"
token = user.remember_me
cookies.signed[:remember_token] = {
value: token,
expires: User::REMEMBER_TOKEN_EXPIRY.from_now,
httponly: true,
secure: Rails.env.production?
}
end
redirect_to admin? ? admin_root_path : root_path, notice: "Welcome back, #{user.name}!" redirect_to admin? ? admin_root_path : root_path, notice: "Welcome back, #{user.name}!"
else else
flash.now[:alert] = "Invalid email or password." flash.now[:alert] = "Invalid email or password."