feat: IP & device rate limits

2026-03-14 01:07:26 +03:00
parent 9b87eb74d7
commit ad711d1daf
7 changed files with 212 additions and 7 deletions
@@ -97,6 +97,9 @@ class PhoneOTP(models.Model):
    verified_at = models.DateTimeField(null=True, blank=True)
    attempt_count = models.PositiveSmallIntegerField(default=0)
    max_attempts = models.PositiveSmallIntegerField(default=5)
+    # Request metadata for abuse controls and support investigations.
+    request_ip = models.GenericIPAddressField(null=True, blank=True, db_index=True)
+    device_signal = models.CharField(max_length=64, blank=True, default="", db_index=True)

    def is_expired(self):
        return timezone.now() >= self.expires_at