feat(auth): enhance authentication system with login attempt tracking and configuration options

- Added a new `LoginAttempt` model to track login attempts, including rate limiting and lockout functionality. - Introduced environment variables for configuring login rate limits and maximum failures. - Updated the authentication middleware to handle login attempts and enforce rate limits. - Enhanced the user model with indexing for username and email for improved lookup performance. - Modified the `.env.example` file to include new optional authentication settings. - Updated integration tests to cover new login attempt features and authentication state management.
2026-01-20 19:55:32 -08:00
parent 260a898e3e
commit af07a73a07
13 changed files with 433 additions and 29 deletions
@@ -42,14 +42,17 @@ model Library {
 }

 model User {
-  id                      String   @id @default(uuid())
-  username                String?  @unique
-  email                   String?  @unique
-  passwordHash            String
-  mustResetPassword       Boolean  @default(false)
-  role                    String   @default("USER")
-  createdAt               DateTime @default(now())
-  updatedAt               DateTime @updatedAt
+  id                String   @id @default(uuid())
+  username          String?  @unique
+  email             String?  @unique
+  passwordHash      String
+  mustResetPassword Boolean  @default(false)
+  role              String   @default("USER")
+  createdAt         DateTime @default(now())
+  updatedAt         DateTime @updatedAt
+
+  @@index([username])
+  @@index([email])
 }

 model SystemConfig {
@@ -58,3 +61,19 @@ model SystemConfig {
  createdAt           DateTime @default(now())
  updatedAt           DateTime @updatedAt
 }
+
+model LoginAttempt {
+  id           String   @id @default(uuid())
+  identifier   String
+  ip           String
+  count        Int      @default(0)
+  failures     Int      @default(0)
+  resetTime    DateTime
+  lockoutUntil DateTime?
+  lastAttempt  DateTime @default(now())
+  createdAt    DateTime @default(now())
+  updatedAt    DateTime @updatedAt
+
+  @@unique([identifier, ip])
+  @@index([lastAttempt])
+}