mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-05-12 05:45:27 +00:00
28f9d9db53
Security Features Added: - Secure-by-default configuration export/import with ALLOW_UNPROTECTED_EXPORT environment variable - Rate limiting (5 attempts/minute) to prevent brute force attacks on sensitive endpoints - Comprehensive audit logging for all export/import attempts with IP tracking - Frontend Security tab showing API protection status and configuration guidance - Frontend now shows when export is blocked and disables buttons appropriately - Strong passphrase requirement (minimum 12 characters) for exports Technical Implementation: - New RateLimiter component with automatic cleanup and middleware support - Security status API endpoint showing protection state - Enhanced error messaging with specific guidance for homelab vs production use - Proper authentication flow with API token validation - Updated documentation reflecting new security model Breaking Changes: - Export/import now requires API_TOKEN unless ALLOW_UNPROTECTED_EXPORT=true is set - Minimum passphrase length increased from none to 12 characters Additional Improvements: - Fixed architecture-specific updates for better cross-platform support - Removed RC label from UI header - Updated security documentation with clear setup instructions
104 lines
No EOL
2 KiB
Go
104 lines
No EOL
2 KiB
Go
package api
|
|
|
|
import (
|
|
"net/http"
|
|
"sync"
|
|
"time"
|
|
)
|
|
|
|
type RateLimiter struct {
|
|
attempts map[string][]time.Time
|
|
mu sync.RWMutex
|
|
limit int
|
|
window time.Duration
|
|
}
|
|
|
|
func NewRateLimiter(limit int, window time.Duration) *RateLimiter {
|
|
rl := &RateLimiter{
|
|
attempts: make(map[string][]time.Time),
|
|
limit: limit,
|
|
window: window,
|
|
}
|
|
|
|
// Clean up old entries periodically
|
|
go func() {
|
|
ticker := time.NewTicker(1 * time.Minute)
|
|
defer ticker.Stop()
|
|
|
|
for range ticker.C {
|
|
rl.cleanup()
|
|
}
|
|
}()
|
|
|
|
return rl
|
|
}
|
|
|
|
func (rl *RateLimiter) Allow(ip string) bool {
|
|
rl.mu.Lock()
|
|
defer rl.mu.Unlock()
|
|
|
|
now := time.Now()
|
|
cutoff := now.Add(-rl.window)
|
|
|
|
// Get attempts for this IP
|
|
attempts := rl.attempts[ip]
|
|
|
|
// Filter out old attempts
|
|
var validAttempts []time.Time
|
|
for _, attempt := range attempts {
|
|
if attempt.After(cutoff) {
|
|
validAttempts = append(validAttempts, attempt)
|
|
}
|
|
}
|
|
|
|
// Check if under limit
|
|
if len(validAttempts) >= rl.limit {
|
|
rl.attempts[ip] = validAttempts
|
|
return false
|
|
}
|
|
|
|
// Add new attempt
|
|
validAttempts = append(validAttempts, now)
|
|
rl.attempts[ip] = validAttempts
|
|
|
|
return true
|
|
}
|
|
|
|
func (rl *RateLimiter) cleanup() {
|
|
rl.mu.Lock()
|
|
defer rl.mu.Unlock()
|
|
|
|
cutoff := time.Now().Add(-rl.window)
|
|
|
|
for ip, attempts := range rl.attempts {
|
|
var validAttempts []time.Time
|
|
for _, attempt := range attempts {
|
|
if attempt.After(cutoff) {
|
|
validAttempts = append(validAttempts, attempt)
|
|
}
|
|
}
|
|
|
|
if len(validAttempts) == 0 {
|
|
delete(rl.attempts, ip)
|
|
} else {
|
|
rl.attempts[ip] = validAttempts
|
|
}
|
|
}
|
|
}
|
|
|
|
// Middleware for rate limiting
|
|
func (rl *RateLimiter) Middleware(next http.HandlerFunc) http.HandlerFunc {
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
ip := r.RemoteAddr
|
|
if forwarded := r.Header.Get("X-Forwarded-For"); forwarded != "" {
|
|
ip = forwarded
|
|
}
|
|
|
|
if !rl.Allow(ip) {
|
|
http.Error(w, "Rate limit exceeded. Please try again later.", http.StatusTooManyRequests)
|
|
return
|
|
}
|
|
|
|
next(w, r)
|
|
}
|
|
} |