o ?7il @sUdZddlZddlZddlmZddlmZeeZ da eej e d<dej fddZ d edefd d Zd edefd d Zd eddfddZdS)zD Login security utilities Account lockout and failed login tracking N)settings)Optional _redis_clientreturncCs<tdurtjrtjtjddatStjtjtjdddatS)zGet or create Redis clientNT)decode_responsesr)hostportdbr)rr REDIS_URLredisfrom_urlRedis REDIS_HOST REDIS_PORTrr?/lsinfo/ai/hellotax_ai/base_platform/app/core/login_security.pyget_redis_clients remailc Csfzt}d|}||}|dkr||d|WSty2}z td|tdd}~ww)z Record a failed login attempt Args: email: User email Returns: Number of failed attempts Raises: RuntimeError: If Redis is unavailable (fail-close strategy) failed_login:iz.Redis unavailable for recording failed login: :Login security system unavailable. Please try again later.N)rincrexpire Exceptionloggererror RuntimeErrorrclientkeyattemptserrrrecord_failed_login#s    r"c Cshzt}d|}||}|durWdSt|dkWSty3}z td|tdd}~ww)z Check if account is locked due to failed login attempts Args: email: User email Returns: True if account is locked Raises: RuntimeError: If Redis is unavailable (fail-close strategy) rNFz*Redis unavailable for account lock check: r)rgetintrrrrrrrris_account_lockedCs   r&c CsXzt}d|}||WdSty+}ztd|WYd}~dSd}~ww)za Reset failed login attempts after successful login Args: email: User email rz1Redis unavailable for resetting failed attempts: N)rdeleterrr)rrrr!rrrreset_failed_attempts`s r()__doc__r logging app.configrtypingr getLogger__name__rrr __annotations__rstrr%r"boolr&r(rrrrs