upaas

sneak/upaas

Fork 0

Commit Graph

Author	SHA1	Message	Date
user	a1b06219e7	fix: add eviction for stale IP rate limiter entries and Retry-After header - Store lastSeen timestamp per IP limiter entry - Lazy sweep removes entries older than 10 minutes on each request - Add Retry-After header to 429 responses - Add test for stale entry eviction Fixes memory leak under sustained attack from many IPs.	2026-02-15 21:01:11 -08:00
clawbot	66661d1b1d	Add rate limiting to login endpoint to prevent brute force Apply per-IP rate limiting (5 attempts/minute) to POST /login using golang.org/x/time/rate. Returns 429 Too Many Requests when exceeded. Closes #12	2026-02-15 21:01:11 -08:00

Author

SHA1

Message

Date

user

a1b06219e7

fix: add eviction for stale IP rate limiter entries and Retry-After header

- Store lastSeen timestamp per IP limiter entry
- Lazy sweep removes entries older than 10 minutes on each request
- Add Retry-After header to 429 responses
- Add test for stale entry eviction

Fixes memory leak under sustained attack from many IPs.

2026-02-15 21:01:11 -08:00

clawbot

66661d1b1d

Add rate limiting to login endpoint to prevent brute force

Apply per-IP rate limiting (5 attempts/minute) to POST /login using
golang.org/x/time/rate. Returns 429 Too Many Requests when exceeded.

Closes #12

2026-02-15 21:01:11 -08:00

2 Commits