Noah Petherbridge
777fd85085
* Add a rate limiter to the login page. * Fix the CSRF cookie expiring after 24 hours; it now will be a session cookie that expires on browser exit so you get a fresh one each visit. * Remove the dependency on go-bindata and use native Go file embed * Add documentation
18 lines
451 B
Go
18 lines
451 B
Go
package constants
|
|
|
|
import "time"
|
|
|
|
// Misc constants.
|
|
const (
|
|
// Password values
|
|
PasswordMinLength = 8
|
|
BcryptCost = 14
|
|
|
|
// Rate limits
|
|
RateLimitRedisKey = "rate-limit/%s/%s" // namespace, id
|
|
LoginRateLimitWindow = 1 * time.Hour
|
|
LoginRateLimit = 10 // 10 failed login attempts = locked for full hour
|
|
LoginRateLimitCooldownAt = 3 // 3 failed attempts = start throttling
|
|
LoginRateLimitCooldown = 30 * time.Second
|
|
)
|