feat: integrate rate limiting and enhance security features

- Added @convex-dev/rate-limiter dependency to manage request limits effectively. - Implemented rate limiting configurations for IPs, users, and endpoints to prevent abuse and enhance security. - Introduced new security analysis endpoint to detect potential attacks based on incoming requests. - Updated backend schema to include rate limit configurations and various cyber attack types for improved incident tracking. - Enhanced existing security functions to incorporate rate limiting checks, ensuring robust protection against brute force and other attacks.
2025-11-16 01:20:57 -03:00
parent ea01e2401a
commit 88983ea297
19 changed files with 3102 additions and 109 deletions
--- a/packages/backend/convex/schema.ts
+++ b/packages/backend/convex/schema.ts
@@ -15,6 +15,10 @@ export const ataqueCiberneticoTipo = v.union(
  v.literal("credential_stuffing"),
  v.literal("sql_injection"),
  v.literal("xss"),
+  v.literal("path_traversal"),
+  v.literal("command_injection"),
+  v.literal("nosql_injection"),
+  v.literal("xxe"),
  v.literal("man_in_the_middle"),
  v.literal("ddos"),
  v.literal("engenharia_social"),
@@ -1261,4 +1265,39 @@ export default defineSchema({
    .index("by_status", ["status"])
    .index("by_solicitante", ["solicitanteId", "status"])
    .index("by_criado_em", ["criadoEm"]),
+
+  rateLimitConfig: defineTable({
+    nome: v.string(),
+    tipo: v.union(
+      v.literal("ip"),
+      v.literal("usuario"),
+      v.literal("endpoint"),
+      v.literal("global")
+    ),
+    identificador: v.optional(v.string()),
+    limite: v.number(),
+    janelaSegundos: v.number(),
+    estrategia: v.union(
+      v.literal("fixed_window"),
+      v.literal("sliding_window"),
+      v.literal("token_bucket")
+    ),
+    acaoExcedido: v.union(
+      v.literal("bloquear"),
+      v.literal("throttle"),
+      v.literal("alertar")
+    ),
+    bloqueioTemporarioSegundos: v.optional(v.number()),
+    ativo: v.boolean(),
+    prioridade: v.number(),
+    criadoPor: v.id("usuarios"),
+    atualizadoPor: v.optional(v.id("usuarios")),
+    criadoEm: v.number(),
+    atualizadoEm: v.number(),
+    notas: v.optional(v.string()),
+    tags: v.optional(v.array(v.string()))
+  })
+    .index("by_tipo_identificador", ["tipo", "identificador"])
+    .index("by_ativo", ["ativo"])
+    .index("by_prioridade", ["prioridade"])
 });