web-hosts/domains/coppertone.tech/audit-reports/security-audit/rate-limiting-20251123-092507.txt

# Rate Limiting Audit - 20251123-092507
== Rate Limiter Implementation ==
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:410:	limitStr := r.URL.Query().Get("limit")
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:413:	limit := 20
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:415:	if l, err := strconv.Atoi(limitStr); err == nil && l > 0 && l <= 100 {
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:416:		limit = l
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:451:	args = append(args, limit, offset)
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:50:	TaxRate     float64   `json:"taxRate"`
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:49:func TestGenerateJWT(t *testing.T) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:59:	token, err := generateJWT(user, roles)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:26:// Rate limiting configuration
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:28:	rateLimitWindow    = 15 * time.Minute // Window for counting attempts
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:34:// rateLimiter tracks login attempts per IP/email
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:35:type rateLimiter struct {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:47:var loginLimiter = &rateLimiter{attempts: make(map[string]*attemptInfo)}
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:48:var registerLimiter = &rateLimiter{attempts: make(map[string]*attemptInfo)}
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:50:// checkRateLimit returns true if the request should be blocked
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:51:func (rl *rateLimiter) checkRateLimit(key string, maxAttempts int, window time.Duration) bool {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:95:func (rl *rateLimiter) recordFailedAttempt(key string) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:108:	if now.Sub(info.firstTry) > rateLimitWindow {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:123:func (rl *rateLimiter) clearAttempts(key string) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:158:	maxEmailLength    = 254 // RFC 5321 limit
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:160:	maxPasswordLength = 72 // bcrypt limit
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:494:	// Rate limit registrations by IP
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:496:	if registerLimiter.checkRateLimit(clientIP, maxRegisterPerHour, time.Hour) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:497:		log.Printf("SECURITY: Registration rate limit exceeded for IP %s", clientIP)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:556:	passwordHash, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:624:	// Rate limit registrations by IP
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:626:	if registerLimiter.checkRateLimit(clientIP, maxRegisterPerHour, time.Hour) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:627:		log.Printf("SECURITY: Blockchain registration rate limit exceeded for IP %s", clientIP)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:757:	// Rate limit by IP and email combination
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:758:	rateLimitKey := clientIP + ":" + strings.ToLower(req.Email)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:759:	if loginLimiter.checkRateLimit(rateLimitKey, maxLoginAttempts, rateLimitWindow) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:760:		log.Printf("SECURITY: Rate limit exceeded for %s", rateLimitKey)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:775:		loginLimiter.recordFailedAttempt(rateLimitKey)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:786:		loginLimiter.recordFailedAttempt(rateLimitKey)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:792:	// Clear rate limit on successful login
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:793:	loginLimiter.clearAttempts(rateLimitKey)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:797:	token, err := generateToken(userID)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:799:		http.Error(w, "Failed to generate token", http.StatusInternalServerError)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:820:	// Rate limit by IP and address combination
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:821:	rateLimitKey := clientIP + ":" + strings.ToLower(req.Address)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:822:	if loginLimiter.checkRateLimit(rateLimitKey, maxLoginAttempts, rateLimitWindow) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:823:		log.Printf("SECURITY: Rate limit exceeded for blockchain login %s", rateLimitKey)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:830:		loginLimiter.recordFailedAttempt(rateLimitKey)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:845:		loginLimiter.recordFailedAttempt(rateLimitKey)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:854:	// Clear rate limit on successful login
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:855:	loginLimiter.clearAttempts(rateLimitKey)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:858:	// Generate token
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:859:	token, err := generateToken(userID)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:861:		http.Error(w, "Failed to generate token", http.StatusInternalServerError)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:906:		passwordHash, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1188:func generateToken(userID int) (string, error) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1281:func generateJWT(user User, roles []string) (string, error) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1296:	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
/home/administrator/projects/coppertone.tech/backend/functions/ipfs-service/main.go:97:	// Generate a new identity for this node
/home/administrator/projects/coppertone.tech/backend/functions/ipfs-service/main.go:98:	priv, _, err := crypto.GenerateKeyPairWithReader(crypto.Ed25519, -1, rand.Reader)
/home/administrator/projects/coppertone.tech/backend/functions/ipfs-service/main.go:100:		return fmt.Errorf("failed to generate key pair: %w", err)
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:32:	BlogTypeUser = "USER" // Community blogs (user authored, separate section)
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:204:		// Migrate old published boolean to new status
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:539:	// Admin panel only shows SITE blogs - user community blogs have separate endpoints
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:962:// These endpoints are completely separate from SITE blogs (admin/staff content)
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1623:	// ============ COMMUNITY BLOG ROUTES (Separate from Site Blogs) ============

== Login Attempt Limiting ==
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:28:	rateLimitWindow    = 15 * time.Minute // Window for counting attempts
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:29:	maxLoginAttempts   = 5                // Max failed login attempts per window
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:31:	lockoutDuration    = 30 * time.Minute // How long to lock out after max attempts
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:34:// rateLimiter tracks login attempts per IP/email
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:37:	attempts map[string]*attemptInfo
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:40:type attemptInfo struct {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:47:var loginLimiter = &rateLimiter{attempts: make(map[string]*attemptInfo)}
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:48:var registerLimiter = &rateLimiter{attempts: make(map[string]*attemptInfo)}
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:51:func (rl *rateLimiter) checkRateLimit(key string, maxAttempts int, window time.Duration) bool {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:56:	info, exists := rl.attempts[key]
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:59:		rl.attempts[key] = &attemptInfo{count: 1, firstTry: now}
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:85:	if info.count > maxAttempts {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:94:// recordFailedAttempt records a failed attempt (for login failures)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:95:func (rl *rateLimiter) recordFailedAttempt(key string) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:100:	info, exists := rl.attempts[key]
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:103:		rl.attempts[key] = &attemptInfo{count: 1, firstTry: now}
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:115:	if info.count >= maxLoginAttempts {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:118:		log.Printf("SECURITY: IP/email %s locked out after %d failed attempts", key, info.count)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:122:// clearAttempts clears attempts for a key (called on successful login)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:123:func (rl *rateLimiter) clearAttempts(key string) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:126:	delete(rl.attempts, key)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:498:		http.Error(w, "Too many registration attempts. Please try again later.", http.StatusTooManyRequests)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:628:		http.Error(w, "Too many registration attempts. Please try again later.", http.StatusTooManyRequests)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:759:	if loginLimiter.checkRateLimit(rateLimitKey, maxLoginAttempts, rateLimitWindow) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:761:		http.Error(w, "Too many login attempts. Please try again later.", http.StatusTooManyRequests)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:775:		loginLimiter.recordFailedAttempt(rateLimitKey)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:776:		log.Printf("SECURITY: Failed login attempt for email %s from IP %s (user not found)", req.Email, clientIP)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:786:		loginLimiter.recordFailedAttempt(rateLimitKey)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:787:		log.Printf("SECURITY: Failed login attempt for email %s from IP %s (wrong password)", req.Email, clientIP)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:793:	loginLimiter.clearAttempts(rateLimitKey)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:822:	if loginLimiter.checkRateLimit(rateLimitKey, maxLoginAttempts, rateLimitWindow) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:824:		http.Error(w, "Too many login attempts. Please try again later.", http.StatusTooManyRequests)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:830:		loginLimiter.recordFailedAttempt(rateLimitKey)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:845:		loginLimiter.recordFailedAttempt(rateLimitKey)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:855:	loginLimiter.clearAttempts(rateLimitKey)