rate limiting sesisons
This commit is contained in:
@@ -1,4 +1,6 @@
|
||||
class SessionsController < ApplicationController
|
||||
include RateLimiter
|
||||
|
||||
def new
|
||||
# Redirect to admin if already logged in
|
||||
if logged_in?
|
||||
@@ -7,6 +9,9 @@ class SessionsController < ApplicationController
|
||||
end
|
||||
|
||||
def create
|
||||
# Skip authentication if rate limited
|
||||
return if @rate_limited
|
||||
|
||||
user = User.find_by(email: params[:email]&.downcase&.strip)
|
||||
|
||||
if user&.authenticate(params[:password])
|
||||
@@ -17,7 +22,23 @@ class SessionsController < ApplicationController
|
||||
return
|
||||
end
|
||||
|
||||
# Reset rate limit on successful login
|
||||
reset_rate_limit
|
||||
|
||||
session[:user_id] = user.id
|
||||
session[:last_activity_at] = Time.current.to_s
|
||||
|
||||
# Handle remember me
|
||||
if params[:remember_me] == "1"
|
||||
token = user.remember_me
|
||||
cookies.signed[:remember_token] = {
|
||||
value: token,
|
||||
expires: User::REMEMBER_TOKEN_EXPIRY.from_now,
|
||||
httponly: true,
|
||||
secure: Rails.env.production?
|
||||
}
|
||||
end
|
||||
|
||||
redirect_to admin? ? admin_root_path : root_path, notice: "Welcome back, #{user.name}!"
|
||||
else
|
||||
flash.now[:alert] = "Invalid email or password."
|
||||
|
||||
Reference in New Issue
Block a user