forked from Ayushh-Sharmaa/NexaSphere
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdiff.patch
More file actions
71 lines (69 loc) · 4.81 KB
/
Copy pathdiff.patch
File metadata and controls
71 lines (69 loc) · 4.81 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
diff --cc server/index.js
index 4d559f7,be1e63a..0000000
--- a/server/index.js
+++ b/server/index.js
@@@ -437,46 -437,27 +441,57 @@@ const failedPasskeyAttemptsByUsername
// Periodic sweep every 30 minutes: remove entries whose lockout period has
// expired and whose attempt count has already been reset to 0, so they do
// not accumulate for keys that are never visited again.
++<<<<<<< HEAD
+setInterval(() => {
+ const now = Date.now();
+ for (const [key, entry] of failedPasskeyAttemptsByIp) {
+ if (entry.count === 0 && now > entry.lockoutUntil) {
+ failedPasskeyAttemptsByIp.delete(key);
+ }
+ }
+ for (const [key, entry] of failedPasskeyAttemptsByUsername) {
+ if (now > entry.lockoutUntil) {
+ failedPasskeyAttemptsByUsername.delete(key);
++=======
+ setInterval(
+ () => {
+ const now = Date.now();
+ for (const [key, entry] of failedPasskeyAttempts) {
+ if (entry.count === 0 && now > entry.lockoutUntil) {
+ failedPasskeyAttempts.delete(key);
+ }
++>>>>>>> 8560bfa (feat: implement API request tracing and correlation IDs)
}
- }
- }, 30 * 60 * 1000).unref();
+ },
+ 30 * 60 * 1000
+ ).unref();
function checkPasskeyLockout(username, ip) {
- const key = `${String(username || '').toLowerCase()}:${ip}`;
- const entry = failedPasskeyAttempts.get(key);
- if (!entry) return null;
- if (Date.now() > entry.lockoutUntil) {
- failedPasskeyAttempts.delete(key);
- return null;
+ const ipKey = String(ip || 'unknown');
+ const userKey = String(username || '').toLowerCase();
+
+ const ipEntry = failedPasskeyAttemptsByIp.get(ipKey);
+ const userEntry = failedPasskeyAttemptsByUsername.get(userKey);
+
+ const now = Date.now();
+
+ if (ipEntry && ipEntry.lockoutUntil !== 0 && now <= ipEntry.lockoutUntil) {
+ return true;
+ }
+
+ if (userEntry && userEntry.lockoutUntil !== 0 && now <= userEntry.lockoutUntil) {
+ return true;
}
- return entry;
+
+ // Cleanup expired entries proactively
+ if (ipEntry && ipEntry.lockoutUntil !== 0 && now > ipEntry.lockoutUntil) {
+ failedPasskeyAttemptsByIp.delete(ipKey);
+ }
+ if (userEntry && userEntry.lockoutUntil !== 0 && now > userEntry.lockoutUntil) {
+ failedPasskeyAttemptsByUsername.delete(userKey);
+ }
+
+ return false;
}
function recordFailedPasskeyAttempt(username, ip) {