first commit

This commit is contained in:
Beyhan Oğur
2026-04-26 21:35:24 +03:00
commit bbbf76b184
592 changed files with 246870 additions and 0 deletions

View File

@@ -0,0 +1,200 @@
package middlewares
import (
"fmt"
"net/http"
"strings"
"time"
"gauth-central/internal/services"
"gauth-central/pkg/utils"
"github.com/gin-gonic/gin"
)
// RateLimitMiddleware creates a rate limiting middleware
func RateLimitMiddleware(maxRequests int64, duration time.Duration) gin.HandlerFunc {
cacheService := services.NewCacheService()
settingsService := services.NewSettingsService()
return func(c *gin.Context) {
// Get client IP
clientIP := c.ClientIP()
path := c.Request.URL.Path
method := c.Request.Method
// Skip checks for localhost (hardcoded safety)
if clientIP == "::1" || clientIP == "127.0.0.1" || clientIP == "localhost" {
fmt.Printf("%s[LOCALHOST BYPASS]%s IP: %s accessed %s %s\n", utils.ColorCyan, utils.ColorReset, clientIP, method, path)
c.Next()
return
}
// 1. Check Blacklist from DB
blacklist, err := settingsService.GetActiveBlacklistOrigins()
if err == nil {
for _, blocked := range blacklist {
if blocked == clientIP || strings.Contains(blocked, clientIP) {
fmt.Printf("%s[BLACKLIST BLOCKED]%s IP: %s tried to access %s %s\n", utils.ColorRed, utils.ColorReset, clientIP, method, path)
c.JSON(http.StatusForbidden, gin.H{
"error": "Access denied. Your IP is blacklisted.",
})
c.Abort()
return
}
}
}
// 2. Check Whitelist from DB (Skip Rate Limit)
whitelist, err := settingsService.GetActiveWhitelistOrigins()
if err == nil {
for _, allowed := range whitelist {
if allowed == clientIP || strings.Contains(allowed, clientIP) {
fmt.Printf("%s[WHITELIST ALLOWED]%s IP: %s accessed %s %s (Rate Limit Skipped)\n", utils.ColorGreen, utils.ColorReset, clientIP, method, path)
c.Next()
return
}
}
}
key := clientIP
// Increment counter
count, err := cacheService.IncrementRateLimit(key, duration)
if err != nil {
// If Redis is down, allow the request but log error
fmt.Printf("%s[REDIS ERROR]%s Could not increment rate limit for %s: %v\n", utils.ColorRed, utils.ColorReset, clientIP, err)
c.Next()
return
}
remaining := maxRequests - count
if remaining < 0 {
remaining = 0
}
// Check if limit exceeded
if count > maxRequests {
fmt.Printf("%s[RATE LIMIT EXCEEDED]%s IP: %s - %s %s - Limit: %d\n", utils.ColorYellow, utils.ColorReset, clientIP, method, path, maxRequests)
c.JSON(http.StatusTooManyRequests, gin.H{
"error": "Too many requests. Please try again later.",
})
c.Abort()
return
}
// Log normal access with remaining limit
fmt.Printf("[Rate Limit] IP: %s - %s %s - Used: %d/%d - Remaining: %d\n", clientIP, method, path, count, maxRequests, remaining)
c.Next()
}
}
// DynamicRateLimitMiddleware - Database'den ayarları okuyan rate limit middleware
func DynamicRateLimitMiddleware(settingName string, settingsService *services.SettingsService) gin.HandlerFunc {
cacheService := services.NewCacheService()
return func(c *gin.Context) {
// Get client IP
clientIP := c.ClientIP()
path := c.Request.URL.Path
method := c.Request.Method
// Skip checks for localhost
if clientIP == "::1" || clientIP == "127.0.0.1" || clientIP == "localhost" {
fmt.Printf("%s[LOCALHOST BYPASS]%s IP: %s accessed %s %s\n", utils.ColorCyan, utils.ColorReset, clientIP, method, path)
c.Next()
return
}
// 1. Check Blacklist from DB
blacklist, err := settingsService.GetActiveBlacklistOrigins()
if err == nil {
for _, blocked := range blacklist {
if blocked == clientIP || strings.Contains(blocked, clientIP) {
fmt.Printf("%s[BLACKLIST BLOCKED]%s IP: %s tried to access %s %s\n", utils.ColorRed, utils.ColorReset, clientIP, method, path)
c.JSON(http.StatusForbidden, gin.H{
"error": "Access denied. Your IP is blacklisted.",
})
c.Abort()
return
}
}
}
// 2. Check Whitelist from DB (Skip Rate Limit)
whitelist, err := settingsService.GetActiveWhitelistOrigins()
if err == nil {
for _, allowed := range whitelist {
if allowed == clientIP || strings.Contains(allowed, clientIP) {
fmt.Printf("%s[WHITELIST ALLOWED]%s IP: %s accessed %s %s (Rate Limit Skipped)\n", utils.ColorGreen, utils.ColorReset, clientIP, method, path)
c.Next()
return
}
}
}
// Get rate limit settings from database/cache
setting, err := settingsService.GetRateLimitSettingByName(settingName)
if err != nil || setting == nil {
// If error or not found, use default and allow
c.Next()
return
}
// Check if setting is active
if !setting.IsActive {
c.Next()
return
}
key := settingName + ":" + clientIP
// Increment counter
duration := time.Duration(setting.WindowSeconds) * time.Second
count, err := cacheService.IncrementRateLimit(key, duration)
if err != nil {
// If Redis is down, allow the request
c.Next()
return
}
remaining := setting.MaxRequests - count
if remaining < 0 {
remaining = 0
}
// Check if limit exceeded
if count > setting.MaxRequests {
fmt.Printf("%s[RATE LIMIT EXCEEDED]%s IP: %s - %s %s - Limit: %d\n", utils.ColorYellow, utils.ColorReset, clientIP, method, path, setting.MaxRequests)
c.JSON(http.StatusTooManyRequests, gin.H{
"error": "Too many requests. Please try again later.",
"limit": setting.MaxRequests,
"window": setting.WindowSeconds,
"retry_after": setting.WindowSeconds,
})
c.Abort()
return
}
// Log normal access with remaining limit
fmt.Printf("[Rate Limit] IP: %s - %s %s - Used: %d/%d - Remaining: %d\n", clientIP, method, path, count, setting.MaxRequests, remaining)
c.Next()
}
}
// LoginRateLimitMiddleware limits login attempts per IP
func LoginRateLimitMiddleware() gin.HandlerFunc {
return RateLimitMiddleware(5, 1*time.Minute) // 5 login attempts per minute
}
// RegisterRateLimitMiddleware limits registration attempts per IP
func RegisterRateLimitMiddleware() gin.HandlerFunc {
return RateLimitMiddleware(3, 5*time.Minute) // 3 registration attempts per 5 minutes
}
// APIRateLimitMiddleware general API rate limiting
func APIRateLimitMiddleware() gin.HandlerFunc {
return RateLimitMiddleware(100, 1*time.Minute) // 100 requests per minute
}