Rate-Limit-Sperren: Admin-UI zum Freigeben

Bei zu vielen Login-Fehlversuchen war ohne Container-Restart kein Weg zurück. Jetzt sehen Admins die aktiven Sperren und können einzeln freigeben. Backend: - GET /api/settings/rate-limits/active (settings:read) Liest SecurityEvent RATE_LIMIT_HIT der letzten 15 Min, gruppiert nach IP, liefert lastEmail/limiters/hitCount/lastHit. - POST /api/settings/rate-limits/reset (settings:update) Body { ipAddress } → ruft loginRateLimiter.resetKey + passwordReset- RateLimiter.resetKey auf (express-rate-limit v7), audited als UPDATE auf resourceType=RateLimit. Frontend: - Neue Seite /settings/rate-limits: Tabelle mit IP/Email/Limiter/Hits/ Letzter-Hit/Aktion. Auto-Refresh alle 15s. Freigeben-Button pro IP. - Kachel in Settings-Übersicht (orange, ShieldOff-Icon, settings:read). Live-verifiziert: 11 failed Logins → 429 ab dem 11.; Liste zeigt IP + Email; POST /reset → 200; danach wieder 401 statt 429; Audit-Log „Rate-Limit für IP 127.0.0.1 manuell freigegeben" angelegt. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-17 01:20:43 +02:00
parent 69b9a35674
commit 956bc394b8
7 changed files with 338 additions and 1 deletions
@@ -1,7 +1,7 @@
 import { Link } from 'react-router-dom';
 import { useAuth } from '../context/AuthContext';
 import Card from '../components/ui/Card';
-import { Settings as SettingsIcon, Code, Store, Clock, Calendar, UserCog, ChevronRight, Building2, FileType, Eye, Globe, Mail, Database, Shield, ShieldAlert, FileText, FileEdit, PackageCheck } from 'lucide-react';
+import { Settings as SettingsIcon, Code, Store, Clock, Calendar, UserCog, ChevronRight, Building2, FileType, Eye, Globe, Mail, Database, Shield, ShieldAlert, ShieldOff, FileText, FileEdit, PackageCheck } from 'lucide-react';

 export default function Settings() {
  const { hasPermission, developerMode, setDeveloperMode } = useAuth();
@@ -259,6 +259,27 @@ export default function Settings() {
                </div>
              </Link>
            )}
+            {hasPermission('settings:read') && (
+              <Link
+                to="/settings/rate-limits"
+                className="block p-4 bg-white border border-gray-200 rounded-lg shadow-sm hover:shadow-md hover:border-orange-300 transition-all group"
+              >
+                <div className="flex items-start gap-4">
+                  <div className="p-2 bg-orange-50 rounded-lg group-hover:bg-orange-100 transition-colors">
+                    <ShieldOff className="w-6 h-6 text-orange-600" />
+                  </div>
+                  <div className="flex-1">
+                    <h3 className="font-semibold text-gray-900 group-hover:text-orange-600 transition-colors flex items-center gap-2">
+                      Rate-Limit-Sperren
+                      <ChevronRight className="w-4 h-4 opacity-0 group-hover:opacity-100 transition-opacity" />
+                    </h3>
+                    <p className="text-sm text-gray-500 mt-1">
+                      Aktuell gesperrte IP-Adressen anzeigen und ggf. wieder freigeben.
+                    </p>
+                  </div>
+                </div>
+              </Link>
+            )}
            {hasPermission('gdpr:admin') && (
              <Link
                to="/settings/gdpr"