feat(auth): apply LoginGuard to tenant and ops login endpoints
Wire LoginGuard into tenant-api and ops-api login flows: acquire a permit before checking credentials, record a failure on every invalid attempt to drive lockouts, and clear counters on success. Tenant-api now also forwards the request IP into the service so per-IP and IP+identifier limits actually fire under real traffic. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -24,6 +24,7 @@ func NewAuthHandler(a *bootstrap.App) *AuthHandler {
|
||||
a.KolProfiles,
|
||||
a.JWT,
|
||||
a.Sessions,
|
||||
a.LoginGuard,
|
||||
),
|
||||
}
|
||||
}
|
||||
@@ -34,6 +35,7 @@ func (h *AuthHandler) Login(c *gin.Context) {
|
||||
response.Error(c, response.ErrBadRequest(40001, "invalid_params", err.Error()))
|
||||
return
|
||||
}
|
||||
req.IP = c.ClientIP()
|
||||
resp, err := h.svc.Login(c.Request.Context(), req)
|
||||
if err != nil {
|
||||
response.Error(c, err)
|
||||
|
||||
Reference in New Issue
Block a user