fix(security): change pairing lockout to per-client accounting

Replace global failed-attempt counter with per-client HashMap keyed by client identity (IP address for gateway, chat_id for Telegram). This prevents a single attacker from locking out all legitimate clients. Bounded state: entries are evicted after lockout expiry, and the map is capped at 1024 tracked clients. Closes #603 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-02-19 07:33:11 -08:00 · 2026-02-19 07:33:11 -08:00 · 56af0d169e
commit 56af0d169e
parent ba500a606e
3 changed files with 73 additions and 28 deletions
--- a/src/channels/telegram.rs
+++ b/src/channels/telegram.rs
@ -629,7 +629,7 @@ impl TelegramChannel {

        if let Some(code) = Self::extract_bind_code(text) {
            if let Some(pairing) = self.pairing.as_ref() {
-                match pairing.try_pair(code).await {
+                match pairing.try_pair(code, &chat_id).await {
                    Ok(Some(_token)) => {
                        let bind_identity = normalized_sender_id.clone().or_else(|| {
                            if normalized_username.is_empty() || normalized_username == "unknown" {