Generalize attempts to use resources

[tspenov]

Rate Limiting System Refactor

Changes

• Introduced a new generic AccessAttempt module to handle rate limiting across different features
• Created AccessAttemptBehaviour to define a common interface for rate-limited actions
• Migrated email login attempts to use the new system
• Added rate limiting for coupon code validation
• Added comprehensive tests for the new rate limiting system

Technical Details

• Created new access_attempts table to track attempts across different features
• Each attempt type (email login, coupon validation) has its own configuration for:
  • Time interval
  • Maximum attempts per user
  • Maximum attempts per IP address
• Implemented proper error handling and user-friendly error messages

This refactor makes it easier to add rate limiting to new features while maintaining consistent behavior and configuration across the application.

Example implementation of the behaviour

defmodule Sanbase.Accounts.CouponAttempt do
  @behaviour Sanbase.Accounts.AccessAttemptBehaviour
  alias Sanbase.Accounts.AccessAttempt

  @impl true
  def type, do: "coupon"

  @impl true
  def config do
    %{
      interval_in_minutes: 10,
      allowed_user_attempts: 5,
      allowed_ip_attempts: 20
    }
  end

  @impl true
  def check_attempt_limit(user, remote_ip) do
    AccessAttempt.check_attempt_limit(type(), user, remote_ip)
  end

  @impl true
  def create(user, remote_ip) do
    AccessAttempt.create(type(), user, remote_ip)
  end
end

Ticket

Checklist:

• I have performed a self-review of my own code
• I have made corresponding changes to the documentation
• I have tried to find clearer solution before commenting hard-to-understand parts of code
• I have added tests that prove my fix is effective or that my feature works