make login lockout duration configurable (#11699)

1 year ago · e20161b3de
parent fc8fdbacb4
commit e20161b3de
3 changed files with 8 additions and 1 deletions
--- a/api/.env.example
+++ b/api/.env.example
@ -435,3 +435,5 @@ CREATE_TIDB_SERVICE_JOB_ENABLED=false

 # Maximum number of submitted thread count in a ThreadPool for parallel node execution
 MAX_SUBMIT_COUNT=100
+# Lockout duration in seconds
+LOGIN_LOCKOUT_DURATION=86400
--- a/api/configs/feature/init.py
+++ b/api/configs/feature/init.py
@ -485,6 +485,11 @@ class AuthConfig(BaseSettings):
        default=60,
    )

+    LOGIN_LOCKOUT_DURATION: PositiveInt = Field(
+        description="Time (in seconds) a user must wait before retrying login after exceeding the rate limit.",
+        default=86400,
+    )
+

 class ModerationConfig(BaseSettings):
    """
--- a/api/services/account_service.py
+++ b/api/services/account_service.py
@ -420,7 +420,7 @@ class AccountService:
        if count is None:
            count = 0
        count = int(count) + 1
-        redis_client.setex(key, 60 * 60 * 24, count)
+        redis_client.setex(key, dify_config.LOGIN_LOCKOUT_DURATION, count)

    @staticmethod
    def is_login_error_rate_limit(email: str) -> bool: