Noah Petherbridge
898f82fb79
* Remove Negroni in favor of the standard net/http server. * Remove gorilla/mux in favor of the standard net/http NewServeMux. * Remove gorilla/sessions in favor of Redis session_id cookie. * Remove the hacky glue controllers setup in favor of regular defined routes in the router.go file directly. * Update all Go dependencies for Go 1.24 * Move and centralize all the HTTP middlewares. * Add middlewares for Logging and Recovery to replace Negroni's.
22 lines
572 B
Go
22 lines
572 B
Go
package constants
|
|
|
|
import "time"
|
|
|
|
// Misc constants.
|
|
const (
|
|
// Password values
|
|
PasswordMinLength = 8
|
|
BcryptCost = 14
|
|
|
|
SessionCookieName = "session_id"
|
|
SessionRedisKeyFormat = "sessions/%s"
|
|
SessionCookieMaxAge = 60 * 60 * 24 * 30
|
|
|
|
// Rate limits
|
|
RateLimitRedisKey = "rate-limit/%s/%s" // namespace, id
|
|
LoginRateLimitWindow = 1 * time.Hour
|
|
LoginRateLimit = 10 // 10 failed login attempts = locked for full hour
|
|
LoginRateLimitCooldownAt = 3 // 3 failed attempts = start throttling
|
|
LoginRateLimitCooldown = 30 * time.Second
|
|
)
|