hasTooManyAttempts method - DatabaseRateLimitedRequestAttemptUtil class - core library

serverpod_auth_idp_server package
documentation
core.dart
DatabaseRateLimitedRequestAttemptUtil<T>
hasTooManyAttempts method

hasTooManyAttempts method

@override

Future<bool> hasTooManyAttempts(

Session session, {
required T nonce,
Map<String, String>? extraData,

})

override

Records and attempts and checks if there have been too many attempts for the given nonce.

If the attempt is rate limited, the config.onRateLimitExceeded callback will be called.

nonce is the unique identifier for the request (e.g., email, request ID, token). extraData is optional additional data to log with the attempt.

Returns true if the rate limit has been exceeded, false otherwise.

Implementation

@override
Future<bool> hasTooManyAttempts(
  final Session session, {
  required final T nonce,
  final Map<String, String>? extraData,
}) async {
  // NOTE: The attempt counting runs in a separate transaction, so that it is
  // never rolled back with the parent transaction.
  final rateLimitExceeded = await session.db.transaction((
    final transaction,
  ) async {
    final savePoint = await transaction.createSavepoint();
    await recordAttempt(
      session,
      nonce: nonce,
      extraData: extraData,
      transaction: transaction,
    );

    final attemptCount = await countAttempts(
      session,
      nonce: nonce,
      transaction: transaction,
    );

    final isRateLimited =
        config.maxAttempts != null && attemptCount > config.maxAttempts!;

    if (isRateLimited) {
      await savePoint.rollback();
      return true;
    }

    await savePoint.release();
    return false;
  });

  if (rateLimitExceeded) {
    await config.onRateLimitExceeded?.call(session, nonce);
  }

  return rateLimitExceeded;
}