feat: login rate limit için frontend uyarı mesajı ve IP bazlı limit aktif edildi

2026-02-08 15:54:54 +03:00
parent 35faa6bfda
commit 08df851970
2 changed files with 11 additions and 7 deletions
--- a/backend/src/rate_limit.rs
+++ b/backend/src/rate_limit.rs
@@ -2,14 +2,16 @@ use governor::clock::QuantaInstant;
 use governor::middleware::NoOpMiddleware;
 use tower_governor::governor::GovernorConfig;
 use tower_governor::governor::GovernorConfigBuilder;
-use tower_governor::key_extractor::GlobalKeyExtractor;
+use tower_governor::key_extractor::SmartIpKeyExtractor;

-pub fn get_login_rate_limit_config() -> GovernorConfig<GlobalKeyExtractor, NoOpMiddleware<QuantaInstant>> {
-    // GLOBAL TEST: Kim olursa olsun 2 denemeden sonra 30 saniye bloklanır.
+pub fn get_login_rate_limit_config() -> GovernorConfig<SmartIpKeyExtractor, NoOpMiddleware<QuantaInstant>> {
+    // Katı limitler:
+    // Başlangıçta 3 hak. 4. denemede bloklanır.
+    // Her yeni hak için 20 saniye bekleme süresi.
    GovernorConfigBuilder::default()
-        .key_extractor(GlobalKeyExtractor)
-        .per_second(30) 
-        .burst_size(2)
+        .key_extractor(SmartIpKeyExtractor)
+        .per_second(20) 
+        .burst_size(3)
        .finish()
        .unwrap()
 }
--- a/frontend/src/components/auth/login.rs
+++ b/frontend/src/components/auth/login.rs
@@ -41,6 +41,8 @@ pub fn Login() -> impl IntoView {
                        logging::log!("Login successful, redirecting...");
                        // Force a full reload to re-run auth checks in App.rs
                        let _ = window().location().set_href("/");
+                    } else if resp.status() == 429 {
+                        set_error.set(Some("Çok fazla başarısız deneme yaptınız. Lütfen bir süre bekleyip tekrar deneyin.".to_string()));
                    } else {
                        let text = resp.text().await.unwrap_or_default();
                        logging::error!("Login failed: {}", text);