diff --git a/.env b/.env index 1db4754f..0e8adff6 100644 --- a/.env +++ b/.env @@ -92,4 +92,11 @@ APP_SECRET=a03498528f5a5fc089273ec9ae5b2849 # Set the trusted IPs here, when using an reverse proxy #TRUSTED_PROXIES=127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 -#TRUSTED_HOSTS='^(localhost|example\.com)$' \ No newline at end of file +#TRUSTED_HOSTS='^(localhost|example\.com)$' + + +###> symfony/lock ### +# Choose one of the stores below +# postgresql+advisory://db_user:db_password@localhost/db_name +LOCK_DSN=flock +###< symfony/lock ### diff --git a/composer.json b/composer.json index b00bf23f..a41a9f72 100644 --- a/composer.json +++ b/composer.json @@ -56,6 +56,7 @@ "symfony/property-access": "5.4.*", "symfony/property-info": "5.4.*", "symfony/proxy-manager-bridge": "5.4.*", + "symfony/rate-limiter": "5.4.*", "symfony/runtime": "5.4.*", "symfony/security-bundle": "5.4.*", "symfony/serializer": "5.4.*", diff --git a/composer.lock b/composer.lock index 4f2ff4c7..3181a0dc 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "433a25b4df056e2a121ed5cbf442b172", + "content-hash": "e47c89f8ce9652159ba8f31ce86e53fd", "packages": [ { "name": "beberlei/assert", @@ -8170,6 +8170,85 @@ ], "time": "2023-01-11T13:51:47+00:00" }, + { + "name": "symfony/lock", + "version": "v5.4.19", + "source": { + "type": "git", + "url": "https://github.com/symfony/lock.git", + "reference": "14b8dfe4df7c3e59e2d3e6a0dd50bb2101eced08" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/lock/zipball/14b8dfe4df7c3e59e2d3e6a0dd50bb2101eced08", + "reference": "14b8dfe4df7c3e59e2d3e6a0dd50bb2101eced08", + "shasum": "" + }, + "require": { + "php": ">=7.2.5", + "psr/log": "^1|^2|^3", + "symfony/deprecation-contracts": "^2.1|^3", + "symfony/polyfill-php80": "^1.16" + }, + "conflict": { + "doctrine/dbal": "<2.13" + }, + "require-dev": { + "doctrine/dbal": "^2.13|^3.0", + "predis/predis": "~1.0" + }, + "type": "library", + "autoload": { + "psr-4": { + "Symfony\\Component\\Lock\\": "" + }, + "exclude-from-classmap": [ + "/Tests/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Jérémy Derussé", + "email": "jeremy@derusse.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Creates and manages locks, a mechanism to provide exclusive access to a shared resource", + "homepage": "https://symfony.com", + "keywords": [ + "cas", + "flock", + "locking", + "mutex", + "redlock", + "semaphore" + ], + "support": { + "source": "https://github.com/symfony/lock/tree/v5.4.19" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2023-01-01T08:32:19+00:00" + }, { "name": "symfony/mailer", "version": "v5.4.19", @@ -9847,6 +9926,76 @@ ], "time": "2022-11-28T22:46:34+00:00" }, + { + "name": "symfony/rate-limiter", + "version": "v5.4.19", + "source": { + "type": "git", + "url": "https://github.com/symfony/rate-limiter.git", + "reference": "0518d49441e74c89d30d1a40ab3af850533cd775" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/rate-limiter/zipball/0518d49441e74c89d30d1a40ab3af850533cd775", + "reference": "0518d49441e74c89d30d1a40ab3af850533cd775", + "shasum": "" + }, + "require": { + "php": ">=7.2.5", + "symfony/lock": "^5.2|^6.0", + "symfony/options-resolver": "^5.1|^6.0" + }, + "require-dev": { + "psr/cache": "^1.0|^2.0|^3.0" + }, + "type": "library", + "autoload": { + "psr-4": { + "Symfony\\Component\\RateLimiter\\": "" + }, + "exclude-from-classmap": [ + "/Tests/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Wouter de Jong", + "email": "wouter@wouterj.nl" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Provides a Token Bucket implementation to rate limit input and output in your application", + "homepage": "https://symfony.com", + "keywords": [ + "limiter", + "rate-limiter" + ], + "support": { + "source": "https://github.com/symfony/rate-limiter/tree/v5.4.19" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2023-01-01T08:32:19+00:00" + }, { "name": "symfony/routing", "version": "v5.4.19", diff --git a/config/packages/lock.yaml b/config/packages/lock.yaml new file mode 100644 index 00000000..574879f8 --- /dev/null +++ b/config/packages/lock.yaml @@ -0,0 +1,2 @@ +framework: + lock: '%env(LOCK_DSN)%' diff --git a/config/packages/security.yaml b/config/packages/security.yaml index 6dbc853e..e58ab1ec 100644 --- a/config/packages/security.yaml +++ b/config/packages/security.yaml @@ -26,7 +26,8 @@ security: check_path: 2fa_login_check enable_csrf: true - + login_throttling: + max_attempts: 5 # per minute # https://symfony.com/doc/current/security/form_login_setup.html form_login: diff --git a/symfony.lock b/symfony.lock index b1db040a..5734c5a6 100644 --- a/symfony.lock +++ b/symfony.lock @@ -533,6 +533,18 @@ "symfony/intl": { "version": "v4.2.3" }, + "symfony/lock": { + "version": "5.4", + "recipe": { + "repo": "github.com/symfony/recipes", + "branch": "main", + "version": "5.2", + "ref": "8e937ff2b4735d110af1770f242c1107fdab4c8e" + }, + "files": [ + "./config/packages/lock.yaml" + ] + }, "symfony/mailer": { "version": "5.4", "recipe": {