API Key Reuse Prevention

[koladev32]

Is your feature request related to a problem? Please describe.

Replay attacks are a security concern when API keys are intercepted and reused in quick succession. This leads to unauthorized access, resource exhaustion, and data misuse. Currently, there’s no safeguard in place to prevent rapid reuse of intercepted API keys.

Describe the solution you'd like

Introduce an optional Django app to prevent replay attacks by tracking API key usage and blocking identical requests within a configurable cooldown period. This app would leverage Redis as the primary storage for low-latency tracking with TTL management. If Redis isn’t available, the app would support using the primary database as an alternative, though with potential performance impacts.

Describe alternatives you've considered

Considered rate limiting and third-party security solutions, but these do not directly address replay attacks by blocking identical requests in short intervals. Redis was chosen as the primary storage for its speed and suitability for time-based data.

Additional context

This app would be added to INSTALLED_APPS, allowing necessary migrations and an admin interface for monitoring and adjusting settings. Redis support offers optimal performance, while fallback to the primary database provides flexibility for varied infrastructures.