feat(server): make tenant login guard toggleable via config
Add auth.login_guard.enabled config (default on) so the tenant login brute-force / rate-limit guard can be disabled per environment. Surfaces an AUTH_LOGIN_GUARD_ENABLED env override and a startup warning when disabled. Wired through Diff() so hot reload picks up changes. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -113,7 +113,12 @@ func New(configPath string) (*App, error) {
|
||||
|
||||
jwtMgr := auth.NewManager(cfg.JWT.Secret, cfg.JWT.AccessTTL, cfg.JWT.RefreshTTL)
|
||||
sessions := auth.NewSessionStore(rdb)
|
||||
loginGuard := auth.NewLoginGuard(rdb, auth.DefaultLoginGuardConfig("tenant"))
|
||||
loginGuardCfg := auth.DefaultLoginGuardConfig("tenant")
|
||||
loginGuardCfg.Enabled = cfg.Auth.LoginGuard.Enabled
|
||||
if !loginGuardCfg.Enabled {
|
||||
logger.Warn("tenant login guard disabled by config; brute-force / rate-limit protection is off")
|
||||
}
|
||||
loginGuard := auth.NewLoginGuard(rdb, loginGuardCfg)
|
||||
llmClient := llm.NewReloadableClient(llm.New(cfg.LLM))
|
||||
retrievalProvider := retrieval.NewReloadableProvider(retrieval.NewProvider(cfg.Retrieval, logger))
|
||||
vectorStore := retrieval.NewReloadableVectorStore(retrieval.NewQdrantStore(cfg.Qdrant, logger))
|
||||
|
||||
Reference in New Issue
Block a user