46 lines
1.0 KiB
Ruby
46 lines
1.0 KiB
Ruby
module RateLimiter
|
|
extend ActiveSupport::Concern
|
|
|
|
included do
|
|
before_action :check_rate_limit, only: [:create]
|
|
end
|
|
|
|
private
|
|
|
|
def check_rate_limit
|
|
identifier = request.ip
|
|
cache_key = "rate_limit:#{controller_name}:#{identifier}"
|
|
|
|
# Get current attempt count
|
|
attempts = Rails.cache.read(cache_key) || 0
|
|
|
|
if attempts >= max_attempts
|
|
@rate_limited = true
|
|
render_rate_limit_error
|
|
return
|
|
end
|
|
|
|
# Increment attempt count with expiry
|
|
Rails.cache.write(cache_key, attempts + 1, expires_in: lockout_period)
|
|
end
|
|
|
|
def reset_rate_limit
|
|
identifier = request.ip
|
|
cache_key = "rate_limit:#{controller_name}:#{identifier}"
|
|
Rails.cache.delete(cache_key)
|
|
end
|
|
|
|
def render_rate_limit_error
|
|
flash.now[:alert] = "Too many failed attempts. Please try again in #{lockout_period / 60} minutes."
|
|
render action_name == "create" ? :new : action_name, status: :too_many_requests
|
|
end
|
|
|
|
def max_attempts
|
|
5
|
|
end
|
|
|
|
def lockout_period
|
|
15.minutes
|
|
end
|
|
end
|