Basic brute force detection added. Accounts throttle by captcha after 5 failed attempts, and locked out for 24 hours after 200 attempts.

2024-12-26 17:46:35 -05:00 · 2024-12-26 17:46:35 -05:00 · 9c18c23ad5
commit 9c18c23ad5
parent e0f53df176
13 changed files with 463 additions and 50 deletions
--- a/src/views/lockedAccount.ejs
+++ b/src/views/lockedAccount.ejs
@ -0,0 +1,32 @@
+<!--Canopy - The next generation of stoner streaming software
+Copyright (C) 2024  Rainbownapkin and the TTN Community
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>.-->
+
+<!DOCTYPE html>
+<html>
+    <head>
+        <%- include('partial/styles', {instance, user}); %>
+        <link rel="stylesheet" type="text/css" href="/css/login.css">
+        <title><%= instance %> - Account Locked!</title>
+    </head>
+    <body>
+        <%- include('partial/navbar', {user}); %>
+        <h3 class="danger-text">Multiple failed attempts detected!</h3>
+        <p class="danger-text">Your account has been locked due to detected brute-force attacks!<br>Your account will be unlocked in 24 hours.</p>
+    </body>
+    <footer>
+        <%- include('partial/scripts', {user}); %>
+    </footer>
+</html>
--- a/src/views/login.ejs
+++ b/src/views/login.ejs
@ -0,0 +1,47 @@
+<!--Canopy - The next generation of stoner streaming software
+Copyright (C) 2024  Rainbownapkin and the TTN Community
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>.-->
+
+<!DOCTYPE html>
+<html>
+    <head>
+        <%- include('partial/styles', {instance, user}); %>
+        <link rel="stylesheet" type="text/css" href="/css/login.css">
+        <link rel="stylesheet" type="text/css" href="/lib/altcha/altcha.css">
+        <title><%= instance %> - Log-In</title>
+    </head>
+    <body>
+        <%- include('partial/navbar', {user}); %>
+        <% if(challenge != null){ %>
+            <h3 class="danger-text">Multiple failed attempts detected!</h3>
+            <p class="danger-text">Please complete verification challenge to continue!</p>
+        <% } %>
+        <form action="javascript:">
+            <label>Username:</label>
+            <input class="login-page-prompt" id="login-page-username" placeholder="Required">
+            <label>Password:</label>
+            <input class="login-page-prompt"  id="login-page-password" placeholder="Required" type="password">
+            <% if(challenge != null){ %>
+                <altcha-widget challengejson="<%= JSON.stringify(challenge) %>"></altcha-widget>
+            <% } %>
+            <button id="login-page-button" class='positive-button'>Login</button>
+        </form>
+    </body>
+    <footer>
+        <%- include('partial/scripts', {user}); %>
+        <script src="/js/login.js"></script>
+        <script src="/lib/altcha/altcha.js" type="module"></script>
+    </footer>
+</html>