Jakach/jakach-login
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adding ratelimiting with reddis db
Deploy / deploy (push) Failing after 3s
Details

Browse Source
This commit is contained in:
janis steiner
2026-05-06 09:27:02 +02:00
parent d82a08f77b
commit 5deb0e1056
16 changed files with 312 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app-code/api/auth/check_auth_key.php
+5 -2
View File
@@ -1,7 +1,9 @@
<?php
header('Content-Type: application/json');
include "../utils/security.php";
include "../../config/config.php";
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
check_rate_limit($conn, 'check_auth_key', 120, 60);
$now=time();
$sql="DELETE FROM auth_tokens WHERE valid_until < ?;";
$stmt = mysqli_prepare($conn, $sql);
@@ -10,9 +12,10 @@ mysqli_stmt_execute($stmt);
mysqli_stmt_close($stmt);
$auth_key=$_GET["auth_token"] ?? "";
$auth_key_hash=auth_token_hash($auth_key);
$sql="SELECT user_id FROM auth_tokens WHERE auth_token = ? AND valid_until > ?;";
$stmt = mysqli_prepare($conn, $sql);
mysqli_stmt_bind_param($stmt, 'si', $auth_key,$now);
mysqli_stmt_bind_param($stmt, 'si', $auth_key_hash,$now);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
//if auth key is valid
@@ -48,7 +51,7 @@ if(mysqli_stmt_num_rows($stmt) == 1){
//remove auth key
$sql="DELETE FROM auth_tokens WHERE auth_token = ?;";
$stmt = mysqli_prepare($conn, $sql);
mysqli_stmt_bind_param($stmt, 's', $auth_key);
mysqli_stmt_bind_param($stmt, 's', $auth_key_hash);
mysqli_stmt_execute($stmt);
echo(json_encode($data));
}else{