Add rate limiting to login endpoint

Introduced Flask-Limiter to restrict login attempts to 5 per minute per IP, enhancing security against brute-force attacks. Updated error handling to display a user-friendly message when the rate limit is exceeded. Minor improvements to the login page, including clearer error messages and display of the user's IP address.
This commit is contained in:
Jon Ander Oribe
2026-01-19 07:20:29 +01:00
parent c29926bf7f
commit 363147ee37
3 changed files with 58 additions and 40 deletions
+18
View File
@@ -39,6 +39,8 @@ from utils.constants import (
QUEUE_MAX_SIZE,
)
import logging
from flask_limiter import Limiter
from flask_limiter.util import get_remote_address
# Track application start time for uptime calculation
import time as _time
_app_start_time = _time.time()
@@ -48,9 +50,24 @@ logger = logging.getLogger('intercept.database')
app = Flask(__name__)
app.secret_key = "signals_intelligence_secret" # Required for flash messages
# Set up rate limiting
limiter = Limiter(
key_func=get_remote_address, # Identifies the user by their IP
app=app,
storage_uri="memory://", # Use RAM memory (change to redis:// etc. for distributed setups)
)
# Disable Werkzeug debugger PIN (not needed for local development tool)
os.environ['WERKZEUG_DEBUG_PIN'] = 'off'
# ============================================
# ERROR HANDLERS
# ============================================
@app.errorhandler(429)
def ratelimit_handler(e):
logger.warning(f"Rate limit exceeded for IP: {request.remote_addr}")
flash("Too many login attempts. Please wait one minute before trying again.", "error")
return render_template('login.html', version=VERSION), 429
# ============================================
# SECURITY HEADERS
@@ -174,6 +191,7 @@ def logout():
return redirect(url_for('login'))
@app.route('/login', methods=['GET', 'POST'])
@limiter.limit("5 per minute") # Limit to 5 login attempts per minute per IP
def login():
if request.method == 'POST':
username = request.form.get('username')