update api and add more features

This commit is contained in:
root
2026-06-04 02:24:41 -04:00
parent fa6c9519a0
commit 4e33882ac7
131 changed files with 34596 additions and 340 deletions
+22 -8
View File
@@ -6,6 +6,7 @@ use App\Models\IpAttempt;
use App\Models\LoginActivity;
use App\Models\Configuration;
use App\Models\User;
use Carbon\CarbonImmutable;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Log;
@@ -15,6 +16,10 @@ use Illuminate\Support\Facades\Log;
*/
class ApiLoginSecurityService
{
private const MAX_ATTEMPTS = 10;
private const BLOCK_HOURS = 24;
public function isIpBlocked(string $ip): bool
{
$row = IpAttempt::query()->where('ip_address', $ip)->first();
@@ -27,19 +32,28 @@ class ApiLoginSecurityService
public function logIpAttempt(string $ip): void
{
$now = utc_now();
$now = CarbonImmutable::now('UTC');
$nowStr = $now->toDateTimeString();
$attempt = IpAttempt::query()->where('ip_address', $ip)->first();
if ($attempt) {
$attempts = ((int) $attempt->attempts) + 1;
$blockedUntil = null;
if ($attempts >= 10) {
$blockedUntil = date('Y-m-d H:i:s', strtotime('+24 hours'));
}
$previouslyBlocked = $attempt->blocked_until
? CarbonImmutable::parse($attempt->blocked_until, 'UTC')->isFuture()
: false;
// If the previous block has already expired, start a fresh window
// so we don't perma-ban an IP after its first 10 lifetime failures.
$attempts = $previouslyBlocked
? ((int) $attempt->attempts) + 1
: 1;
$blockedUntil = $attempts >= self::MAX_ATTEMPTS
? $now->addHours(self::BLOCK_HOURS)->toDateTimeString()
: null;
$attempt->update([
'attempts' => $attempts,
'last_attempt_at' => $now,
'last_attempt_at' => $nowStr,
'blocked_until' => $blockedUntil,
]);
@@ -49,7 +63,7 @@ class ApiLoginSecurityService
IpAttempt::query()->create([
'ip_address' => $ip,
'attempts' => 1,
'last_attempt_at' => $now,
'last_attempt_at' => $nowStr,
]);
}