Add rate limiting on login and password reset endpoints

Track attempts per IP in a rate_limits table with a sliding time window. Login allows 5 failed attempts per 15 min, password reset allows 3 requests per 15 min. Old entries are purged automatically.
author: Thomas Vanbesien <tvanbesi@proton.me> 2026-03-22 13:57:45 +0100
committer: Thomas Vanbesien <tvanbesi@proton.me> 2026-03-22 13:57:45 +0100
commit: 94dbb795cc3fe9799d34beb5d6bfa052eba81b0c (patch)
tree: 7b7d60a977dba7339431b2b1ff5d10121a016d08 /docker/mariadb
parent: 78e891f06ab94ef478de1c431157f7d634fe4ac8 (diff)
download: camagru-94dbb795cc3fe9799d34beb5d6bfa052eba81b0c.tar.gz
camagru-94dbb795cc3fe9799d34beb5d6bfa052eba81b0c.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/docker/mariadb/init.sql b/docker/mariadb/init.sql
index 2cc0d6f..29f0733 100644
--- a/docker/mariadb/init.sql
+++ b/docker/mariadb/init.sql
@@ -28,6 +28,16 @@ CREATE TABLE IF NOT EXISTS likes (
     FOREIGN KEY (post_id) REFERENCES posts(id) ON DELETE CASCADE
 );
 
+-- Tracks actions per IP for rate limiting (e.g. failed logins, password resets).
+-- Old rows are cleaned up on each check so the table doesn't grow unbounded.
+CREATE TABLE IF NOT EXISTS rate_limits (
+    id INT AUTO_INCREMENT PRIMARY KEY,
+    ip VARCHAR(45) NOT NULL,
+    action VARCHAR(30) NOT NULL,
+    attempted_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    INDEX idx_rate_limits_lookup (ip, action, attempted_at)
+);
+
 CREATE TABLE IF NOT EXISTS comments (
     id INT AUTO_INCREMENT PRIMARY KEY,
     user_id INT NOT NULL,
author	Thomas Vanbesien <tvanbesi@proton.me>	2026-03-22 13:57:45 +0100
committer	Thomas Vanbesien <tvanbesi@proton.me>	2026-03-22 13:57:45 +0100
commit	94dbb795cc3fe9799d34beb5d6bfa052eba81b0c (patch)
tree	7b7d60a977dba7339431b2b1ff5d10121a016d08 /docker/mariadb
parent	78e891f06ab94ef478de1c431157f7d634fe4ac8 (diff)
download	camagru-94dbb795cc3fe9799d34beb5d6bfa052eba81b0c.tar.gz camagru-94dbb795cc3fe9799d34beb5d6bfa052eba81b0c.zip