"""Rate limiting for login brute-force protection.""" import time import threading from fastapi import HTTPException _login_attempts: dict = {} _login_attempts_lock = threading.Lock() _LOGIN_WINDOW = 300 # 5 minutes _LOGIN_MAX = 10 # max attempts per window def _check_rate_limit(ip: str): now = time.time() with _login_attempts_lock: attempts = _login_attempts.get(ip, []) attempts = [t for t in attempts if now - t < _LOGIN_WINDOW] if len(attempts) >= _LOGIN_MAX: raise HTTPException(429, "Muitas tentativas de login. Aguarde 5 minutos.") attempts.append(now) _login_attempts[ip] = attempts