hapus code yang tidak dipakai

pandigresik · pandigresik · commit fa6eb7cd518e · 2026-03-05T15:30:46.000+07:00
diff --git a/app/Http/Controllers/Api/Auth/AuthController.php b/app/Http/Controllers/Api/Auth/AuthController.php
@@ -4,7 +4,6 @@
 
 use App\Http\Controllers\Controller;
 use App\Models\User;
-use App\Http\Middleware\GlobalRateLimiter;
 use Illuminate\Auth\Events\Lockout;
 use Illuminate\Http\Request;
 use Illuminate\Http\Response;
@@ -30,19 +29,6 @@ class AuthController extends Controller
      */
     public const DECAY_SECOND = 600;
 
-    /**
-     * @var \App\Http\Middleware\GlobalRateLimiter
-     */
-    protected $globalRateLimiter;
-
-    /**
-     * Create a new controller instance.
-     */
-    public function __construct(GlobalRateLimiter $globalRateLimiter)
-    {
-        $this->globalRateLimiter = $globalRateLimiter;
-    }
-
     /**
      * Attempt to authenticate the request's credentials.
      *
diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
@@ -3,7 +3,6 @@
 namespace App\Http\Controllers\Auth;
 
 use App\Http\Controllers\Controller;
-use App\Http\Middleware\GlobalRateLimiter;
 use App\Models\User;
 use App\Providers\RouteServiceProvider;
 use App\Services\OtpService;
@@ -23,7 +22,6 @@ class LoginController extends Controller
 
     protected $otpService;
     protected $twoFactorService;
-    protected $globalRateLimiter;
     protected $username;
 
     /**
@@ -38,13 +36,11 @@ class LoginController extends Controller
      */
     public function __construct(
         OtpService $otpService,
-        TwoFactorService $twoFactorService,
-        GlobalRateLimiter $globalRateLimiter
+        TwoFactorService $twoFactorService
     ) {
         $this->middleware('guest')->except('logout');
         $this->otpService = $otpService;
         $this->twoFactorService = $twoFactorService;
-        $this->globalRateLimiter = $globalRateLimiter;
         $this->username = $this->findUsername();
     }
 
diff --git a/app/Http/Controllers/Auth/OtpLoginController.php b/app/Http/Controllers/Auth/OtpLoginController.php
@@ -8,7 +8,6 @@
 use App\Models\User;
 use App\Services\OtpService;
 use App\Services\TwoFactorService;
-use App\Http\Middleware\GlobalRateLimiter;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\RateLimiter;
@@ -17,17 +16,14 @@ class OtpLoginController extends Controller
 {
     protected $otpService;
     protected $twoFactorService;
-    protected $globalRateLimiter;
 
     public function __construct(
         OtpService $otpService,
-        TwoFactorService $twoFactorService,
-        GlobalRateLimiter $globalRateLimiter
+        TwoFactorService $twoFactorService
     ) {
         $this->middleware('guest')->except('logout');
         $this->otpService = $otpService;
         $this->twoFactorService = $twoFactorService;
-        $this->globalRateLimiter = $globalRateLimiter;
     }
 
     /**
diff --git a/app/Http/Controllers/OtpController.php b/app/Http/Controllers/OtpController.php
@@ -6,7 +6,6 @@
 use App\Http\Requests\OtpVerifyRequest;
 use App\Services\OtpService;
 use App\Services\TwoFactorService;
-use App\Http\Middleware\GlobalRateLimiter;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\RateLimiter;
@@ -15,16 +14,13 @@ class OtpController extends Controller
 {
     protected $otpService;
     protected $twoFactorService;
-    protected $globalRateLimiter;
 
     public function __construct(
         OtpService $otpService,
-        TwoFactorService $twoFactorService,
-        GlobalRateLimiter $globalRateLimiter
+        TwoFactorService $twoFactorService
     ) {
         $this->otpService = $otpService;
         $this->twoFactorService = $twoFactorService;
-        $this->globalRateLimiter = $globalRateLimiter;
     }
 
     /**
diff --git a/app/Http/Controllers/TwoFactorController.php b/app/Http/Controllers/TwoFactorController.php
@@ -9,7 +9,6 @@
 use App\Http\Middleware\GlobalRateLimiter;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
-use Illuminate\Support\Facades\RateLimiter;
 
 class TwoFactorController extends Controller
 {
@@ -25,7 +24,7 @@ public function __construct(
         $this->twoFactorService = $twoFactorService;
         $this->otpService = $otpService;
         $this->globalRateLimiter = $globalRateLimiter;
-    }    
+    }
 
      public function activate()
     {
@@ -46,20 +45,28 @@ public function enable(TwoFactorEnableRequest $request)
     {
         $userId = Auth::id();
 
-        // Rate limiting untuk setup dengan enhanced key (IP + User-Agent + User ID)
+        // Rate limiting key for 2FA setup
         $key = $this->get2faSetupRateLimitKey($request, $userId);
         $maxAttempts = config('app.2fa_setup_max_attempts', 3);
-        $decaySeconds = config('app.2fa_setup_decay_seconds', 300);
+        $decayMinutes = config('app.2fa_setup_decay_seconds', 300) / 60;
 
-        if (RateLimiter::tooManyAttempts($key, $maxAttempts)) {
+        // Check if account is locked due to too many failed attempts
+        $lockoutCheck = $this->globalRateLimiter->isLocked($key, $maxAttempts);
+        if ($lockoutCheck['locked']) {
+            $minutes = ceil($lockoutCheck['availableIn'] / 60);
             return response()->json([
                 'success' => false,
-                'message' => 'Terlalu banyak percobaan. Coba lagi dalam ' . RateLimiter::availableIn($key) . ' detik.'
-            ], 429);
+                'message' => "AKUN TERKUNCI. Terlalu banyak percobaan aktivasi 2FA. Coba lagi dalam {$minutes} menit.",
+                'locked' => true,
+                'retry_after' => $lockoutCheck['availableIn'],
+            ], 403);
         }
 
-        RateLimiter::hit($key, $decaySeconds);
         $identifier = $request->channel === 'email' ? Auth::user()->email : Auth::user()->telegram_chat_id;
+        
+        // Record this attempt (will apply progressive delay)
+        $result = $this->globalRateLimiter->recordFailedAttempt($key, $maxAttempts, $decayMinutes);
+
         // Simpan konfigurasi sementara di session
         $request->session()->put('temp_2fa_config', [
             'channel' => $request->channel,
@@ -92,20 +99,23 @@ public function verifyEnable(TwoFactorVerifyRequest $request)
     {
         $userId = Auth::id();
 
-        // Rate limiting untuk verifikasi dengan enhanced key
+        // Rate limiting key for 2FA verification
         $key = $this->get2faVerifyRateLimitKey($request, $userId);
         $maxAttempts = config('app.2fa_verify_max_attempts', 5);
-        $decaySeconds = config('app.2fa_verify_decay_seconds', 300);
+        $decayMinutes = config('app.2fa_verify_decay_seconds', 300) / 60;
 
-        if (RateLimiter::tooManyAttempts($key, $maxAttempts)) {
+        // Check if account is locked due to too many failed attempts
+        $lockoutCheck = $this->globalRateLimiter->isLocked($key, $maxAttempts);
+        if ($lockoutCheck['locked']) {
+            $minutes = ceil($lockoutCheck['availableIn'] / 60);
             return response()->json([
                 'success' => false,
-                'message' => 'Terlalu banyak percobaan verifikasi. Coba lagi dalam ' . RateLimiter::availableIn($key) . ' detik.'
-            ], 429);
+                'message' => "AKUN TERKUNCI. Terlalu banyak percobaan verifikasi 2FA. Coba lagi dalam {$minutes} menit.",
+                'locked' => true,
+                'retry_after' => $lockoutCheck['availableIn'],
+            ], 403);
         }
 
-        RateLimiter::hit($key, $decaySeconds);
-
         $tempConfig = $request->session()->get('temp_2fa_config');
 
         if (!$tempConfig) {
@@ -123,7 +133,8 @@ public function verifyEnable(TwoFactorVerifyRequest $request)
             session(['2fa_verified' => true]);
             // Hapus konfigurasi sementara
             $request->session()->forget('temp_2fa_config');
-            RateLimiter::clear($key);
+            // Clear rate limiter on successful verification
+            $this->globalRateLimiter->clearFailedAttempts($key);
 
             return response()->json([
                 'success' => true,
@@ -132,10 +143,30 @@ public function verifyEnable(TwoFactorVerifyRequest $request)
             ]);
         }
 
-        return response()->json([
+        // Record failed attempt with progressive delay
+        $failResult = $this->globalRateLimiter->recordFailedAttempt($key, $maxAttempts, $decayMinutes);
+        
+        $response = [
             'success' => false,
             'message' => $result['message']
-        ], 400);
+        ];
+
+        // Add progressive delay information
+        if ($failResult['delay'] > 0) {
+            $response['progressive_delay'] = $failResult['delay'];
+            $response['message'] = "Kode tidak valid. Percobaan gagal ke-{$failResult['attempts']}. Delay: {$failResult['delay']} detik.";
+        }
+
+        // Add lockout warning
+        if ($failResult['locked']) {
+            $response['message'] = "AKUN TERKUNCI. Terlalu banyak gagal verifikasi ({$failResult['attempts']} kali).";
+            $response['locked'] = true;
+            $response['lockout_expires_in'] = $failResult['lockout_expires_in'] ?? 900;
+        } elseif ($failResult['remaining'] === 0) {
+            $response['message'] = "PERINGATAN: Akun akan terkunci setelah {$failResult['attempts']} kali gagal verifikasi.";
+        }
+
+        return response()->json($response, 400);
     }
 
     /**
@@ -167,19 +198,25 @@ public function resend(Request $request)
 
         $userId = Auth::id();
 
-        // Rate limiting untuk resend dengan enhanced key
+        // Rate limiting key for 2FA resend
         $key = $this->get2faResendRateLimitKey($request, $userId);
         $maxAttempts = config('app.2fa_resend_max_attempts', 2);
-        $decaySeconds = config('app.2fa_resend_decay_seconds', 30);
+        $decayMinutes = config('app.2fa_resend_decay_seconds', 30) / 60;
 
-        if (RateLimiter::tooManyAttempts($key, $maxAttempts)) {
+        // Check if rate limited
+        $lockoutCheck = $this->globalRateLimiter->isLocked($key, $maxAttempts);
+        if ($lockoutCheck['locked']) {
+            $minutes = ceil($lockoutCheck['availableIn'] / 60);
             return response()->json([
                 'success' => false,
-                'message' => 'Tunggu ' . RateLimiter::availableIn($key) . ' detik sebelum mengirim ulang.'
+                'message' => "Terlalu banyak permintaan. Tunggu {$minutes} menit sebelum mengirim ulang.",
+                'locked' => true,
+                'retry_after' => $lockoutCheck['availableIn'],
             ], 429);
         }
 
-        RateLimiter::hit($key, $decaySeconds);
+        // Record this attempt
+        $this->globalRateLimiter->recordFailedAttempt($key, $maxAttempts, $decayMinutes);
 
         $result = $this->otpService->generateAndSend(
             Auth::id(),
@@ -218,26 +255,30 @@ public function verifyChallenge(TwoFactorVerifyRequest $request)
     {
         $userId = Auth::id();
 
-        // Rate limiting untuk verifikasi challenge dengan enhanced key
+        // Rate limiting key for 2FA challenge
         $key = $this->get2faChallengeRateLimitKey($request, $userId);
         $maxAttempts = config('app.2fa_challenge_max_attempts', 5);
-        $decaySeconds = config('app.2fa_challenge_decay_seconds', 300);
+        $decayMinutes = config('app.2fa_challenge_decay_seconds', 300) / 60;
 
-        if (RateLimiter::tooManyAttempts($key, $maxAttempts)) {
+        // Check if account is locked due to too many failed attempts
+        $lockoutCheck = $this->globalRateLimiter->isLocked($key, $maxAttempts);
+        if ($lockoutCheck['locked']) {
+            $minutes = ceil($lockoutCheck['availableIn'] / 60);
             return response()->json([
                 'success' => false,
-                'message' => 'Terlalu banyak percobaan. Coba lagi dalam ' . RateLimiter::availableIn($key) . ' detik.'
-            ], 429);
+                'message' => "AKUN TERKUNCI. Terlalu banyak percobaan verifikasi 2FA. Coba lagi dalam {$minutes} menit.",
+                'locked' => true,
+                'retry_after' => $lockoutCheck['availableIn'],
+            ], 403);
         }
 
-        RateLimiter::hit($key, $decaySeconds);
-
         $result = $this->otpService->verify(Auth::id(), $request->code);
 
         if ($result['success']) {
             // Tandai session bahwa 2FA sudah terverifikasi
             session(['2fa_verified' => true]);
-            RateLimiter::clear($key);
+            // Clear rate limiter on successful verification
+            $this->globalRateLimiter->clearFailedAttempts($key);
 
             return response()->json([
                 'success' => true,
@@ -246,10 +287,30 @@ public function verifyChallenge(TwoFactorVerifyRequest $request)
             ]);
         }
 
-        return response()->json([
+        // Record failed attempt with progressive delay
+        $failResult = $this->globalRateLimiter->recordFailedAttempt($key, $maxAttempts, $decayMinutes);
+        
+        $response = [
             'success' => false,
             'message' => $result['message']
-        ], 400);
+        ];
+
+        // Add progressive delay information
+        if ($failResult['delay'] > 0) {
+            $response['progressive_delay'] = $failResult['delay'];
+            $response['message'] = "Kode tidak valid. Percobaan gagal ke-{$failResult['attempts']}. Delay: {$failResult['delay']} detik.";
+        }
+
+        // Add lockout warning
+        if ($failResult['locked']) {
+            $response['message'] = "AKUN TERKUNCI. Terlalu banyak gagal verifikasi ({$failResult['attempts']} kali).";
+            $response['locked'] = true;
+            $response['lockout_expires_in'] = $failResult['lockout_expires_in'] ?? 900;
+        } elseif ($failResult['remaining'] === 0) {
+            $response['message'] = "PERINGATAN: Akun akan terkunci setelah {$failResult['attempts']} kali gagal verifikasi.";
+        }
+
+        return response()->json($response, 400);
     }
 
     /**
diff --git a/tests/Feature/TwoFactorControllerTest.php b/tests/Feature/TwoFactorControllerTest.php
