From e20161b3def6b6611b317af87230ddd9691e52bc Mon Sep 17 00:00:00 2001
From: Kazuhisa Wada <153587838+kazuhisa-wada@users.noreply.github.com>
Date: Mon, 16 Dec 2024 20:05:27 +0900
Subject: [PATCH] make login lockout duration configurable (#11699)

---
 api/.env.example                | 2 ++
 api/configs/feature/__init__.py | 5 +++++
 api/services/account_service.py | 2 +-
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/api/.env.example b/api/.env.example
index 74f83aa06c..9602c6492d 100644
--- a/api/.env.example
+++ b/api/.env.example
@@ -435,3 +435,5 @@ CREATE_TIDB_SERVICE_JOB_ENABLED=false
 
 # Maximum number of submitted thread count in a ThreadPool for parallel node execution
 MAX_SUBMIT_COUNT=100
+# Lockout duration in seconds
+LOGIN_LOCKOUT_DURATION=86400
\ No newline at end of file
diff --git a/api/configs/feature/__init__.py b/api/configs/feature/__init__.py
index e79401bdfd..dfcfa635d4 100644
--- a/api/configs/feature/__init__.py
+++ b/api/configs/feature/__init__.py
@@ -485,6 +485,11 @@ class AuthConfig(BaseSettings):
         default=60,
     )
 
+    LOGIN_LOCKOUT_DURATION: PositiveInt = Field(
+        description="Time (in seconds) a user must wait before retrying login after exceeding the rate limit.",
+        default=86400,
+    )
+
 
 class ModerationConfig(BaseSettings):
     """
diff --git a/api/services/account_service.py b/api/services/account_service.py
index f0c6ac7ebd..22b54a3ab8 100644
--- a/api/services/account_service.py
+++ b/api/services/account_service.py
@@ -420,7 +420,7 @@ class AccountService:
         if count is None:
             count = 0
         count = int(count) + 1
-        redis_client.setex(key, 60 * 60 * 24, count)
+        redis_client.setex(key, dify_config.LOGIN_LOCKOUT_DURATION, count)
 
     @staticmethod
     def is_login_error_rate_limit(email: str) -> bool: