Protect FastAPI login endpoints from brute-force attacks using middleware
Project description
fastapi-login-shield
A simple and lightweight middleware to protect your FastAPI login endpoints from brute-force attacks using per-IP rate limiting with exponential backoff.
Features
- Per-IP login attempt tracking
- Exponential backoff for repeated failed attempts
- Auto-expiry of old IP data (default: 15 minutes)
- Non-intrusive integration via Starlette middleware
- Customizable login path and expiration timeout
Installation
pip install fastapi-login-shield
Usage
1. Add the middleware to your FastAPI app
from fastapi import FastAPI
from fastapi_login_shield.middleware import LoginShieldMiddleware
app = FastAPI()
# Add the middleware
app.add_middleware(LoginShieldMiddleware, login_path="/login")
2. Example login endpoint
from fastapi import HTTPException, Request
@app.post("/login")
async def login(request: Request):
# Simulate authentication logic
form = await request.json()
username = form.get("username")
password = form.get("password")
if username != "admin" or password != "secret":
raise HTTPException(status_code=401, detail="Invalid credentials")
return {"message": "Login successful!"}
How It Works
- The middleware intercepts all requests to the specified login path.
- If the response is a failed login (
401or403), it increments the attempt counter for the client IP. - If the count exceeds a threshold (e.g., 3), it applies an exponential delay (
2^countseconds, up to 10 minutes). - If a login succeeds (
2xxresponse), the counter for that IP is reset. - IPs are automatically cleaned from memory if inactive for a configurable duration (default: 900 seconds).
Configuration
You can customize the login path and expiration time like this:
app.add_middleware(
LoginShieldMiddleware,
login_path="/auth/login",
expire_seconds=600 # expire IP data after 10 minutes
)
Security Notes
- This middleware does not block login attempts permanently, it only applies temporary delays.
License
MIT License
Author
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file fastapi_login_shield-0.1.9.tar.gz.
File metadata
- Download URL: fastapi_login_shield-0.1.9.tar.gz
- Upload date:
- Size: 2.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1315bec508b50ea9fce7e43f59093b00f191a13a7b182b8432c7d01f31ea61e2
|
|
| MD5 |
7e8da76b7506a4b075074ac92e20ef37
|
|
| BLAKE2b-256 |
9f342d08b7791aea616c42d99a324c7986a5834d6a8eed045d09fb9f84e31ee9
|
File details
Details for the file fastapi_login_shield-0.1.9-py3-none-any.whl.
File metadata
- Download URL: fastapi_login_shield-0.1.9-py3-none-any.whl
- Upload date:
- Size: 3.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9aabc8833408bfa3c67f170fa3113f404a90382b4090eec61dc2f39352f8f1ac
|
|
| MD5 |
baa8533937dd54a035f0931a2abcc91d
|
|
| BLAKE2b-256 |
45ac5a0a508308cdd7b915b09dd8fd3db8079dbcdf08a0ce475c9931c5c5fe01
|
