copper-tone-tech/web-hosts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
web-hosts/domains/coppertone.tech/audit-reports/security-audit/rate-limiting-20251123-124317.txt
Derek Williams c7d6786039 Add full web-hosts state
2025-12-26 13:38:04 +01:00

283 lines
40 KiB
Plaintext
Raw Permalink Blame History

# Rate Limiting Audit - 20251123-124317
== Rate Limiter Implementation ==
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:24:// Rate limiting configuration
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:26: rateLimitWindow = 1 * time.Minute
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:32:// Input validation limits for forum content
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:41:type rateLimiter struct {
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:51:var writeLimiter = &rateLimiter{requests: make(map[string]*requestInfo)}
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:52:var readLimiter = &rateLimiter{requests: make(map[string]*requestInfo)}
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:54:func (rl *rateLimiter) checkRateLimit(key string, maxRequests int, window time.Duration) bool {
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:199: // Configure connection pool limits
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:500: limitStr := r.URL.Query().Get("limit")
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:503: limit := 20
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:505: if l, err := strconv.Atoi(limitStr); err == nil && l > 0 && l <= 100 {
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:506: limit = l
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:541: args = append(args, limit, offset)
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1246: // Wrap all routes with rate limiting and body size limit
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1247: rateLimitedHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1248: // Limit request body size to prevent DoS
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1256: if readLimiter.checkRateLimit(clientIP, maxReadRequests, rateLimitWindow) {
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1257: log.Printf("SECURITY: Read rate limit exceeded for IP %s on %s", clientIP, r.URL.Path)
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1262: if writeLimiter.checkRateLimit(clientIP, maxWriteRequests, rateLimitWindow) {
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1263: log.Printf("SECURITY: Write rate limit exceeded for IP %s on %s", clientIP, r.URL.Path)
/home/administrator/projects/coppertone.tech/backend/functions/forum-service/main.go:1274: Handler: rateLimitedHandler,
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:27:// Request size limit
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:56: TaxRate float64 `json:"taxRate"`
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:146: DailyLimit *float64 `json:"dailyLimit"`
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:147: MonthlyLimit *float64 `json:"monthlyLimit"`
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:168: ExchangeRate float64 `json:"exchangeRate"`
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:255: ExchangeRate *float64 `json:"exchangeRate,omitempty"` // For crypto
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:461: // Limit request body size to prevent DoS
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1587: // Determine payment method and get exchange rate
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1590: var exchangeRate float64
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1620: // Get exchange rate (use cached price or fetch from API)
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1622: exchangeRate = *token.PriceUSD
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1624: // Fallback: use stored exchange rate
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1626: SELECT rate FROM exchange_rates
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1629: `, token.TokenSymbol).Scan(&exchangeRate)
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1631: http.Error(w, "Exchange rate not available for this token", http.StatusServiceUnavailable)
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1650: // Get exchange rate for native currency
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1652: SELECT rate FROM exchange_rates
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1655: `, network.NativeCurrency).Scan(&exchangeRate)
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1657: // Use fallback rates for common currencies
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1660: exchangeRate = 3000 // Fallback
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1662: exchangeRate = 50000 // Fallback
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1664: exchangeRate = 1 // Fallback
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1666: http.Error(w, "Exchange rate not available", http.StatusServiceUnavailable)
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1669: log.Printf("Warning: Using fallback exchange rate for %s", network.NativeCurrency)
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1678: amountCrypto = big.NewFloat(amountUSD / exchangeRate)
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1699: amount_crypto, amount_usd_at_time, exchange_rate,
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1703: amountCryptoStr, amountUSD, exchangeRate, network.MinConfirmations)
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1728: ExchangeRate: exchangeRate,
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2156: pw.is_active, pw.is_primary, pw.requires_approval_above, pw.daily_limit,
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2157: pw.monthly_limit, pw.created_at, pw.updated_at, pn.network_code
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2177: &wn.IsActive, &wn.IsPrimary, &wn.RequiresApprovalAbove, &wn.DailyLimit,
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2178: &wn.MonthlyLimit, &wn.CreatedAt, &wn.UpdatedAt, &wn.NetworkCode)
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2198: DailyLimit *float64 `json:"dailyLimit"`
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2199: MonthlyLimit *float64 `json:"monthlyLimit"`
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2231: requires_approval_above, daily_limit, monthly_limit)
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2235: req.RequiresApprovalAbove, req.DailyLimit, req.MonthlyLimit).Scan(&walletID)
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2283: DailyLimit *float64 `json:"dailyLimit"`
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2284: MonthlyLimit *float64 `json:"monthlyLimit"`
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2334: if updates.DailyLimit != nil {
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2335: setClauses = append(setClauses, fmt.Sprintf("daily_limit = $%d", argIndex))
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2336: args = append(args, *updates.DailyLimit)
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2339: if updates.MonthlyLimit != nil {
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2340: setClauses = append(setClauses, fmt.Sprintf("monthly_limit = $%d", argIndex))
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2341: args = append(args, *updates.MonthlyLimit)
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2700: // Get exchange rate
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2701: var exchangeRate float64 = 1.0
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2706: exchangeRate = priceUSD.Float64
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2709: // Get native currency rate
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2713: SELECT rate FROM exchange_rates
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2716: `, nativeCurrency).Scan(&exchangeRate)
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2719: amountCrypto := req.Amount / exchangeRate
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2724: resp.ExchangeRate = &exchangeRate
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2823:// generatePaymentReference generates a unique payment reference.
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2824:func generatePaymentReference() string {
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:24:// Rate limiting configuration
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:26: rateLimitWindow = 1 * time.Minute
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:32:type rateLimiter struct {
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:42:var writeLimiter = &rateLimiter{requests: make(map[string]*requestInfo)}
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:43:var readLimiter = &rateLimiter{requests: make(map[string]*requestInfo)}
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:45:func (rl *rateLimiter) checkRateLimit(key string, maxRequests int, window time.Duration) bool {
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:280: // Configure connection pool limits
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:302: // Limit request body size to prevent DoS
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:307: // Rate limiting
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:310: if readLimiter.checkRateLimit(clientIP, maxReadRequests, rateLimitWindow) {
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:311: log.Printf("SECURITY: Read rate limit exceeded for IP %s on %s", clientIP, r.URL.Path)
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:316: if writeLimiter.checkRateLimit(clientIP, maxWriteRequests, rateLimitWindow) {
/home/administrator/projects/coppertone.tech/backend/functions/work-management-service/main.go:317: log.Printf("SECURITY: Write rate limit exceeded for IP %s on %s", clientIP, r.URL.Path)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:19:// TestRateLimiter tests the rate limiting functionality
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:20:func TestRateLimiter(t *testing.T) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:21: rl := &rateLimiter{attempts: make(map[string]*attemptInfo)}
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:23: // Test that first request is not rate limited
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:24: if rl.checkRateLimit("test-ip", 5, time.Minute) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:25: t.Error("First request should not be rate limited")
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:28: // Fill up the limit
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:30: rl.checkRateLimit("test-ip", 5, time.Minute)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:33: // 6th request should be rate limited
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:34: if !rl.checkRateLimit("test-ip", 5, time.Minute) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:35: t.Error("6th request should be rate limited")
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:38: // Different IP should not be rate limited
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:39: if rl.checkRateLimit("other-ip", 5, time.Minute) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:40: t.Error("Different IP should not be rate limited")
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:44:func TestRateLimiterClearAttempts(t *testing.T) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:45: rl := &rateLimiter{attempts: make(map[string]*attemptInfo)}
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:49: rl.checkRateLimit("test-ip", 5, time.Minute)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:55: // Should not be rate limited after clearing
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:56: if rl.checkRateLimit("test-ip", 5, time.Minute) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:57: t.Error("Should not be rate limited after clearing attempts")
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:391:func TestGenerateJWT(t *testing.T) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:401: token, err := generateJWT(user, roles)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:29:// Rate limiting configuration
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:31: rateLimitWindow = 15 * time.Minute // Window for counting attempts
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:45:// rateLimiter tracks login attempts per IP/email
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:46:type rateLimiter struct {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:58:var loginLimiter = &rateLimiter{attempts: make(map[string]*attemptInfo)}
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:59:var registerLimiter = &rateLimiter{attempts: make(map[string]*attemptInfo)}
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:61:// checkRateLimit returns true if the request should be blocked
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:62:func (rl *rateLimiter) checkRateLimit(key string, maxAttempts int, window time.Duration) bool {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:106:func (rl *rateLimiter) recordFailedAttempt(key string) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:119: if now.Sub(info.firstTry) > rateLimitWindow {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:134:func (rl *rateLimiter) clearAttempts(key string) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:169: maxEmailLength = 254 // RFC 5321 limit
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:171: maxPasswordLength = 72 // bcrypt limit
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:380: Handler: limitBodySize(corsMiddleware(http.DefaultServeMux)),
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:492: // Configure connection pool limits
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:510:// limitBodySize middleware limits the request body size to prevent DoS attacks
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:511:func limitBodySize(next http.Handler) http.Handler {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:570: // Rate limit registrations by IP
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:572: if registerLimiter.checkRateLimit(clientIP, maxRegisterPerHour, time.Hour) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:573: log.Printf("SECURITY: Registration rate limit exceeded for IP %s", clientIP)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:632: passwordHash, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:700: // Rate limit registrations by IP
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:702: if registerLimiter.checkRateLimit(clientIP, maxRegisterPerHour, time.Hour) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:703: log.Printf("SECURITY: Blockchain registration rate limit exceeded for IP %s", clientIP)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:833: // Rate limit by IP and email combination
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:834: rateLimitKey := clientIP + ":" + strings.ToLower(req.Email)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:835: if loginLimiter.checkRateLimit(rateLimitKey, maxLoginAttempts, rateLimitWindow) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:836: log.Printf("SECURITY: Rate limit exceeded for %s", rateLimitKey)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:851: loginLimiter.recordFailedAttempt(rateLimitKey)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:862: loginLimiter.recordFailedAttempt(rateLimitKey)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:868: // Clear rate limit on successful login
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:869: loginLimiter.clearAttempts(rateLimitKey)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:872: // Generate token pair (access + refresh)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:873: tokenResponse, err := generateTokenPair(userID, clientIP)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:876: http.Error(w, "Failed to generate tokens", http.StatusInternalServerError)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:898: // Rate limit by IP and address combination
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:899: rateLimitKey := clientIP + ":" + strings.ToLower(req.Address)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:900: if loginLimiter.checkRateLimit(rateLimitKey, maxLoginAttempts, rateLimitWindow) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:901: log.Printf("SECURITY: Rate limit exceeded for blockchain login %s", rateLimitKey)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:908: loginLimiter.recordFailedAttempt(rateLimitKey)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:923: loginLimiter.recordFailedAttempt(rateLimitKey)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:932: // Clear rate limit on successful login
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:933: loginLimiter.clearAttempts(rateLimitKey)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:936: // Generate token pair (access + refresh)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:937: tokenResponse, err := generateTokenPair(userID, clientIP)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:940: http.Error(w, "Failed to generate tokens", http.StatusInternalServerError)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:983: // Generate new token pair
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:984: tokenResponse, err := generateTokenPair(userID, clientIP)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1101: passwordHash, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1433:// generateAccessToken creates a short-lived JWT access token
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1434:func generateAccessToken(userID int) (string, error) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1470:// generateRefreshToken creates a secure random refresh token and stores it in the database
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1471:func generateRefreshToken(userID int, clientIP string) (string, error) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1472: // Generate cryptographically secure random token
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1475: return "", fmt.Errorf("failed to generate random token: %w", err)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1480: tokenHash, err := bcrypt.GenerateFromPassword([]byte(token), bcrypt.DefaultCost)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1559:// generateCSRFToken creates a cryptographically secure CSRF token
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1560:func generateCSRFToken() (string, error) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1563: return "", fmt.Errorf("failed to generate CSRF token: %w", err)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1571: tokenHash, err := bcrypt.GenerateFromPassword([]byte(csrfToken), bcrypt.DefaultCost)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1642:// generateTokenPair creates access, refresh, and CSRF tokens
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1643:func generateTokenPair(userID int, clientIP string) (*AuthTokenResponse, error) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1644: accessToken, err := generateAccessToken(userID)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1646: return nil, fmt.Errorf("failed to generate access token: %w", err)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1649: refreshToken, err := generateRefreshToken(userID, clientIP)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1651: return nil, fmt.Errorf("failed to generate refresh token: %w", err)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1654: // Generate CSRF token
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1655: csrfToken, err := generateCSRFToken()
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1657: return nil, fmt.Errorf("failed to generate CSRF token: %w", err)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1676:func generateToken(userID int) (string, error) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1677: return generateAccessToken(userID)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1738:func generateJWT(user User, roles []string) (string, error) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1753: hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
/home/administrator/projects/coppertone.tech/backend/functions/ipfs-service/main.go:97: // Generate a new identity for this node
/home/administrator/projects/coppertone.tech/backend/functions/ipfs-service/main.go:98: priv, _, err := crypto.GenerateKeyPairWithReader(crypto.Ed25519, -1, rand.Reader)
/home/administrator/projects/coppertone.tech/backend/functions/ipfs-service/main.go:100: return fmt.Errorf("failed to generate key pair: %w", err)
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:23:// Rate limiting configuration
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:25: rateLimitWindow = 1 * time.Minute
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:31:// Input validation limits
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:43:// rateLimiter tracks requests per IP
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:44:type rateLimiter struct {
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:54:var writeLimiter = &rateLimiter{requests: make(map[string]*requestInfo)}
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:55:var readLimiter = &rateLimiter{requests: make(map[string]*requestInfo)}
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:57:func (rl *rateLimiter) checkRateLimit(key string, maxRequests int, window time.Duration) bool {
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:113: BlogTypeUser = "USER" // Community blogs (user authored, separate section)
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:222: // Configure connection pool limits
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:291: // Migrate old published boolean to new status
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:334:// rateLimitMiddleware applies rate limiting based on request method
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:335:func rateLimitMiddleware(next http.HandlerFunc) http.HandlerFunc {
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:339: // Apply different limits for read vs write operations
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:341: if readLimiter.checkRateLimit(clientIP, maxReadRequests, rateLimitWindow) {
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:342: log.Printf("SECURITY: Read rate limit exceeded for IP %s", clientIP)
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:347: if writeLimiter.checkRateLimit(clientIP, maxWriteRequests, rateLimitWindow) {
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:348: log.Printf("SECURITY: Write rate limit exceeded for IP %s", clientIP)
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:657: // Admin panel only shows SITE blogs - user community blogs have separate endpoints
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1140:// These endpoints are completely separate from SITE blogs (admin/staff content)
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1829: // ============ COMMUNITY BLOG ROUTES (Separate from Site Blogs) ============
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1953: // Wrap all routes with rate limiting and body size limit
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1954: rateLimitedHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1955: // Limit request body size to prevent DoS
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1962: // Apply different limits for read vs write operations
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1964: if readLimiter.checkRateLimit(clientIP, maxReadRequests, rateLimitWindow) {
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1965: log.Printf("SECURITY: Read rate limit exceeded for IP %s on %s", clientIP, r.URL.Path)
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1970: if writeLimiter.checkRateLimit(clientIP, maxWriteRequests, rateLimitWindow) {
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1971: log.Printf("SECURITY: Write rate limit exceeded for IP %s on %s", clientIP, r.URL.Path)
/home/administrator/projects/coppertone.tech/backend/functions/blog-service/main.go:1982: Handler: rateLimitedHandler,
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:23:// Rate limiting configuration
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:25: rateLimitWindow = 1 * time.Minute
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:31:type rateLimiter struct {
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:41:var submitLimiter = &rateLimiter{requests: make(map[string]*requestInfo)}
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:42:var readLimiter = &rateLimiter{requests: make(map[string]*requestInfo)}
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:44:func (rl *rateLimiter) checkRateLimit(key string, maxRequests int, window time.Duration) bool {
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:134: mux.HandleFunc("/submit", corsMiddleware(rateLimitSubmit(submitHandler)))
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:141: // Wrap with rate limiting and body size limit for all requests
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:142: rateLimitedMux := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:143: // Limit request body size to prevent DoS
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:150: // Read requests (GET) have higher limits
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:152: if readLimiter.checkRateLimit(clientIP, maxReadRequests, rateLimitWindow) {
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:153: log.Printf("SECURITY: Read rate limit exceeded for IP %s on %s", clientIP, r.URL.Path)
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:164: Handler: rateLimitedMux,
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:199:// rateLimitSubmit applies strict rate limiting for contact form submissions
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:200:func rateLimitSubmit(next http.HandlerFunc) http.HandlerFunc {
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:204: if submitLimiter.checkRateLimit(clientIP, maxSubmitRequests, rateLimitWindow) {
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:205: log.Printf("SECURITY: Contact form rate limit exceeded for IP %s", clientIP)
/home/administrator/projects/coppertone.tech/backend/functions/contact-service/main.go:248: // Configure connection pool limits
== Login Attempt Limiting ==
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:21: rl := &rateLimiter{attempts: make(map[string]*attemptInfo)}
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:44:func TestRateLimiterClearAttempts(t *testing.T) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:45: rl := &rateLimiter{attempts: make(map[string]*attemptInfo)}
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:47: // Add some attempts
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:52: // Clear attempts
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:53: rl.clearAttempts("test-ip")
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:57: t.Error("Should not be rate limited after clearing attempts")
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:31: rateLimitWindow = 15 * time.Minute // Window for counting attempts
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:32: maxLoginAttempts = 5 // Max failed login attempts per window
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:34: lockoutDuration = 30 * time.Minute // How long to lock out after max attempts
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:45:// rateLimiter tracks login attempts per IP/email
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:48: attempts map[string]*attemptInfo
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:51:type attemptInfo struct {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:58:var loginLimiter = &rateLimiter{attempts: make(map[string]*attemptInfo)}
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:59:var registerLimiter = &rateLimiter{attempts: make(map[string]*attemptInfo)}
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:62:func (rl *rateLimiter) checkRateLimit(key string, maxAttempts int, window time.Duration) bool {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:67: info, exists := rl.attempts[key]
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:70: rl.attempts[key] = &attemptInfo{count: 1, firstTry: now}
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:96: if info.count > maxAttempts {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:105:// recordFailedAttempt records a failed attempt (for login failures)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:106:func (rl *rateLimiter) recordFailedAttempt(key string) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:111: info, exists := rl.attempts[key]
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:114: rl.attempts[key] = &attemptInfo{count: 1, firstTry: now}
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:126: if info.count >= maxLoginAttempts {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:129: log.Printf("SECURITY: IP/email %s locked out after %d failed attempts", key, info.count)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:133:// clearAttempts clears attempts for a key (called on successful login)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:134:func (rl *rateLimiter) clearAttempts(key string) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:137: delete(rl.attempts, key)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:574: http.Error(w, "Too many registration attempts. Please try again later.", http.StatusTooManyRequests)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:704: http.Error(w, "Too many registration attempts. Please try again later.", http.StatusTooManyRequests)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:835: if loginLimiter.checkRateLimit(rateLimitKey, maxLoginAttempts, rateLimitWindow) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:837: http.Error(w, "Too many login attempts. Please try again later.", http.StatusTooManyRequests)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:851: loginLimiter.recordFailedAttempt(rateLimitKey)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:852: log.Printf("SECURITY: Failed login attempt for email %s from IP %s (user not found)", req.Email, clientIP)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:862: loginLimiter.recordFailedAttempt(rateLimitKey)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:863: log.Printf("SECURITY: Failed login attempt for email %s from IP %s (wrong password)", req.Email, clientIP)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:869: loginLimiter.clearAttempts(rateLimitKey)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:900: if loginLimiter.checkRateLimit(rateLimitKey, maxLoginAttempts, rateLimitWindow) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:902: http.Error(w, "Too many login attempts. Please try again later.", http.StatusTooManyRequests)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:908: loginLimiter.recordFailedAttempt(rateLimitKey)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:923: loginLimiter.recordFailedAttempt(rateLimitKey)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:933: loginLimiter.clearAttempts(rateLimitKey)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:973: log.Printf("SECURITY: Invalid refresh token attempt from IP %s: %v", clientIP, err)
Reference in New Issue View Git Blame Copy Permalink