diff options
Diffstat (limited to 'src/app/RateLimiter.php')
| -rw-r--r-- | src/app/RateLimiter.php | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/src/app/RateLimiter.php b/src/app/RateLimiter.php new file mode 100644 index 0000000..07b46ba --- /dev/null +++ b/src/app/RateLimiter.php @@ -0,0 +1,60 @@ +<?php + +declare(strict_types=1); +// Rate limiter: prevents brute-force attacks by tracking how many times an IP +// performs a given action (e.g. login, password reset) within a sliding time window. + +namespace App; + +class RateLimiter +{ + private \PDO $pdo; + + public function __construct() + { + $this->pdo = Database::getInstance()->getPdo(); + } + + /** + * Check whether the given IP has exceeded the allowed number of attempts + * for an action within the time window. + */ + public function isLimited(string $ip, string $action, int $maxAttempts, int $windowSeconds): bool + { + // Clean up old entries first so the table doesn't grow forever + $this->purge($action, $windowSeconds); + + $stmt = $this->pdo->prepare( + 'SELECT COUNT(*) FROM rate_limits + WHERE ip = :ip AND action = :action + AND attempted_at > DATE_SUB(NOW(), INTERVAL :window SECOND)' + ); + $stmt->execute(['ip' => $ip, 'action' => $action, 'window' => $windowSeconds]); + + return (int) $stmt->fetchColumn() >= $maxAttempts; + } + + /** + * Record an attempt for the given IP and action. + */ + public function record(string $ip, string $action): void + { + $stmt = $this->pdo->prepare( + 'INSERT INTO rate_limits (ip, action) VALUES (:ip, :action)' + ); + $stmt->execute(['ip' => $ip, 'action' => $action]); + } + + /** + * Remove entries older than the window so the table stays small. + */ + private function purge(string $action, int $windowSeconds): void + { + $stmt = $this->pdo->prepare( + 'DELETE FROM rate_limits + WHERE action = :action + AND attempted_at <= DATE_SUB(NOW(), INTERVAL :window SECOND)' + ); + $stmt->execute(['action' => $action, 'window' => $windowSeconds]); + } +} |