Hone logo
Hone
Problems

Leetflex Banned Accounts

Leetflex, a popular streaming service, needs to identify and ban accounts that exhibit suspicious activity, such as using VPNs to access content from restricted regions. You are tasked with building a system to detect these banned accounts based on their login history. This is crucial for enforcing content licensing agreements and maintaining service integrity.

Problem Description

Given a list of login events, where each event records a user ID, a login timestamp, and the IP address used for the login, your task is to identify all users who have logged in from two different IP addresses within a one-hour window.

Requirements:

  • Process a list of login events.
  • For each user, track their login IPs and timestamps.
  • Determine if a user has logged in from at least two distinct IP addresses within any continuous 60-minute period.
  • Return a list of user IDs that meet this condition.

Expected Behavior:

The output should be a sorted list of unique user IDs that have been flagged as suspicious.

Edge Cases:

  • Users with no logins.
  • Users with only one login.
  • Users with multiple logins, but all from the same IP address.
  • Users with logins from different IPs, but never within a one-hour window.
  • Timestamps that are very close but not within the one-hour window.

Examples

Example 1:

Input:
logins = [
  [user_id: "user1", timestamp: 1678886400, ip_address: "192.168.1.1"],
  [user_id: "user1", timestamp: 1678886460, ip_address: "192.168.1.1"],
  [user_id: "user2", timestamp: 1678886400, ip_address: "10.0.0.1"],
  [user_id: "user1", timestamp: 1678889999, ip_address: "192.168.1.2"],
  [user_id: "user2", timestamp: 1678890000, ip_address: "10.0.0.2"],
  [user_id: "user1", timestamp: 1678890000, ip_address: "192.168.1.1"],
]
Output: ["user1", "user2"]
Explanation:
- "user1": Logs in at 1678886400 from "192.168.1.1". Later logs in at 1678889999 from "192.168.1.2". The time difference is 3599 seconds (just under an hour). Then logs in at 1678890000 from "192.168.1.1". The login at 1678889999 and 1678890000 are within a minute of each other and from different IPs.
- "user2": Logs in at 1678886400 from "10.0.0.1". Logs in at 1678890000 from "10.0.0.2". The time difference is 3600 seconds (exactly one hour). Since the window is *within* one hour, this qualifies. Therefore, "user2" is also banned.

Example 2:

Input:
logins = [
  [user_id: "userA", timestamp: 1000, ip_address: "1.1.1.1"],
  [user_id: "userA", timestamp: 3600, ip_address: "2.2.2.2"],
  [user_id: "userA", timestamp: 7200, ip_address: "3.3.3.3"],
  [user_id: "userB", timestamp: 5000, ip_address: "4.4.4.4"],
]
Output: []
Explanation:
- "userA": All logins are more than one hour apart.
- "userB": Only one login.
No user logged in from two different IPs within a 60-minute window.

Example 3:

Input:
logins = [
  [user_id: "userX", timestamp: 100, ip_address: "A"],
  [user_id: "userX", timestamp: 150, ip_address: "B"],
  [user_id: "userX", timestamp: 60000, ip_address: "A"],
  [user_id: "userX", timestamp: 60050, ip_address: "B"],
  [user_id: "userX", timestamp: 60100, ip_address: "C"],
]
Output: ["userX"]
Explanation:
The logins at timestamps 60000 (IP B), 60050 (IP B), and 60100 (IP C) are all within 100 seconds of each other.
The login at 60050 (IP B) and 60100 (IP C) are from different IPs and within 50 seconds of each other, which is less than an hour. This triggers the ban.

Constraints

  • 1 <= logins.length <= 10^5 (The total number of login events)
  • 1 <= user_id.length <= 30 (User IDs are strings)
  • 0 <= timestamp <= 10^9 (Timestamps are integers representing seconds since epoch)
  • 1 <= ip_address.length <= 15 (IP addresses are strings, assuming standard IPv4 format)
  • The input logins array might not be sorted by timestamp.
  • The time complexity of your solution should ideally be better than O(N^2), where N is the number of login events.

Notes

  • A one-hour window is precisely 3600 seconds.
  • The problem defines "within a one-hour window" to mean that the difference between the two timestamps is strictly less than 3600 seconds.
  • Consider how you might efficiently group logins by user and then check the IP and time conditions for each user.
  • The output should be sorted alphabetically by user ID.
Loading editor...
plaintext