diff --git a/backend/src/rate_limit.rs b/backend/src/rate_limit.rs index c3f0c00..56ae822 100644 --- a/backend/src/rate_limit.rs +++ b/backend/src/rate_limit.rs @@ -2,14 +2,16 @@ use governor::clock::QuantaInstant; use governor::middleware::NoOpMiddleware; use tower_governor::governor::GovernorConfig; use tower_governor::governor::GovernorConfigBuilder; -use tower_governor::key_extractor::GlobalKeyExtractor; +use tower_governor::key_extractor::SmartIpKeyExtractor; -pub fn get_login_rate_limit_config() -> GovernorConfig> { - // GLOBAL TEST: Kim olursa olsun 2 denemeden sonra 30 saniye bloklanır. +pub fn get_login_rate_limit_config() -> GovernorConfig> { + // Katı limitler: + // Başlangıçta 3 hak. 4. denemede bloklanır. + // Her yeni hak için 20 saniye bekleme süresi. GovernorConfigBuilder::default() - .key_extractor(GlobalKeyExtractor) - .per_second(30) - .burst_size(2) + .key_extractor(SmartIpKeyExtractor) + .per_second(20) + .burst_size(3) .finish() .unwrap() -} +} \ No newline at end of file diff --git a/frontend/src/components/auth/login.rs b/frontend/src/components/auth/login.rs index 604155b..45e2de0 100644 --- a/frontend/src/components/auth/login.rs +++ b/frontend/src/components/auth/login.rs @@ -41,6 +41,8 @@ pub fn Login() -> impl IntoView { logging::log!("Login successful, redirecting..."); // Force a full reload to re-run auth checks in App.rs let _ = window().location().set_href("/"); + } else if resp.status() == 429 { + set_error.set(Some("Çok fazla başarısız deneme yaptınız. Lütfen bir süre bekleyip tekrar deneyin.".to_string())); } else { let text = resp.text().await.unwrap_or_default(); logging::error!("Login failed: {}", text);