mirror of
https://github.com/plexguide/Huntarr.io.git
synced 2026-01-06 04:48:01 -05:00
877816ab14
- Added recovery_key_rate_limit table to track failed attempts by IP address - Implemented 15-minute lockout after 3 failed recovery key attempts - Rate limiting applies to both /auth/recovery-key/verify and /auth/recovery-key/reset endpoints - Successful attempts clear the rate limiting for that IP - Added cleanup of expired rate limit entries in database maintenance - Enhanced logging with IP addresses for security monitoring - Prevents brute force attacks on recovery keys while maintaining usability