add rate limiting support

common/defender_test.go

@@ -41,17 +41,18 @@ func TestBasicDefender(t *testing.T) {
 	assert.NoError(t, err)
 
 	config := &DefenderConfig{
-		Enabled:          true,
-		BanTime:          10,
-		BanTimeIncrement: 2,
-		Threshold:        5,
-		ScoreInvalid:     2,
-		ScoreValid:       1,
-		ObservationTime:  15,
-		EntriesSoftLimit: 1,
-		EntriesHardLimit: 2,
-		SafeListFile:     "slFile",
-		BlockListFile:    "blFile",
+		Enabled:           true,
+		BanTime:           10,
+		BanTimeIncrement:  2,
+		Threshold:         5,
+		ScoreInvalid:      2,
+		ScoreValid:        1,
+		ScoreRateExceeded: 3,
+		ObservationTime:   15,
+		EntriesSoftLimit:  1,
+		EntriesHardLimit:  2,
+		SafeListFile:      "slFile",
+		BlockListFile:     "blFile",
 	}
 
 	_, err = newInMemoryDefender(config)
@@ -74,6 +75,7 @@ func TestBasicDefender(t *testing.T) {
 
 	defender.AddEvent("172.16.1.4", HostEventLoginFailed)
 	defender.AddEvent("192.168.8.4", HostEventUserNotFound)
+	defender.AddEvent("172.16.1.3", HostEventRateExceeded)
 	assert.Equal(t, 0, defender.countHosts())
 
 	testIP := "12.34.56.78"
@@ -82,10 +84,10 @@ func TestBasicDefender(t *testing.T) {
 	assert.Equal(t, 0, defender.countBanned())
 	assert.Equal(t, 1, defender.GetScore(testIP))
 	assert.Nil(t, defender.GetBanTime(testIP))
-	defender.AddEvent(testIP, HostEventNoLoginTried)
+	defender.AddEvent(testIP, HostEventRateExceeded)
 	assert.Equal(t, 1, defender.countHosts())
 	assert.Equal(t, 0, defender.countBanned())
-	assert.Equal(t, 3, defender.GetScore(testIP))
+	assert.Equal(t, 4, defender.GetScore(testIP))
 	defender.AddEvent(testIP, HostEventNoLoginTried)
 	assert.Equal(t, 0, defender.countHosts())
 	assert.Equal(t, 1, defender.countBanned())
@@ -315,6 +317,11 @@ func TestDefenderConfig(t *testing.T) {
 	require.Error(t, err)
 
 	c.ScoreInvalid = 2
+	c.ScoreRateExceeded = 10
+	err = c.validate()
+	require.Error(t, err)
+
+	c.ScoreRateExceeded = 2
 	c.ScoreValid = 10
 	err = c.validate()
 	require.Error(t, err)