Business Logic
Waffle provides a protection layer for application-specific processing. It can detect malicious login attempts such as credential stuffing and abnormal payment requests.
⚠
Currently, does not supported user-defined detection logic, but we are planning to support it.
User Logins
If your application provides authentication, you may want to protect against account takeovers such as credential stuffing and brute force attacks.
By using Waffle’s Account Takeover protection feature, you can apply rate limiting based on client IP and user ID keys to detect these attacks.
⚠
Currently, this feature uses in-memory rate limiting, so it may not be properly applied in distributed systems. However, it should be sufficient for detecting credential stuffing.
import (
"github.com/sitebatch/waffle-go/contrib/application"
)
// Apply rate limiting based on client IP and user ID key to
// detect attacks such as credential stuffing
// ctx MUST be a context propagated from Waffle HTTP server middleware such as WafMiddleware
if err := application.ProtectAccountTakeover(ctx, clientIP, email); err != nil {
return err
}
err := login(ctx, email, password)
if err != nil {
return err
}