Basic brute force detection added. Accounts throttle by captcha after 5 failed attempts, and locked out for 24 hours after 200 attempts.

www/css/login.css

@@ -0,0 +1,35 @@
+/*Canopy - The next generation of stoner streaming software
+Copyright (C) 2024  Rainbownapkin and the TTN Community
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>.*/
+form{
+	display: flex;
+	flex-direction: column;
+	align-items: center;
+	gap: 0.5em;
+	margin: 5% 17%;
+}
+
+.login-page-prompt{
+	width: 100%
+}
+
+#login-page-button{
+	width: 6em;
+	height: 2em;
+}
+
+.danger-text{
+	text-align: center;
+}

www/css/theme/movie-night.css

@@ -66,8 +66,7 @@ along with this program.  If not, see <https://www.gnu.org/licenses/>.*/
     --altcha-color-base: var(--bg1);
     --altcha-color-border: var(--accent1);
     --altcha-color-text: var(--accent1);
-    --altcha-color-border-focus: currentColor;
-    --altcha-color-error-text: #f23939;
+    --altcha-color-error-text: var(--danger0);
     --altcha-max-width: 260px;
 }
 
@@ -118,8 +117,25 @@ button:active{
     box-shadow: var(--focus-glow0-alt0);
 }
 
-input{
-    accent-color: var(--focus0);
+input:focus, textarea:focus{
+    outline: none;
+    box-shadow: var(--focus-glow0);
+}
+
+input:checked{
+    accent-color: var(--focus0-alt0);
+    box-shadow: var(--focus-glow0);
+}
+
+/* NOT! -Wayne */
+input:not([type='checkbox']):not(.navbar-item), textarea {    
+    border-radius: 1em;
+    border: none;
+    padding: 0.1em 0.5em;
+}
+
+textarea{
+    border-bottom-right-radius: 0;
 }
 
 .danger-button{
@@ -139,7 +155,7 @@ input{
     box-shadow: var(--danger-glow0-alt1);
 }
 
-.danger-link{
+.danger-link, .danger-text{
     color: var(--danger0);
 }
 
@@ -200,6 +216,7 @@ div.control-prompt:focus-within{
 input.control-prompt, input.control-prompt:focus{
     border: none;
     outline: none;
+    box-shadow: none;
 }
 
 

www/js/login.js

@@ -0,0 +1,70 @@
+/*Canopy - The next generation of stoner streaming software
+Copyright (C) 2024  Rainbownapkin and the TTN Community
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>.*/
+
+class registerPrompt{
+    constructor(){
+        //Grab user prompt
+        this.user = document.querySelector("#login-page-username");
+        //Grab pass prompts
+        this.pass = document.querySelector("#login-page-password");
+        //Grab register button
+        this.button = document.querySelector("#login-page-button");
+        //Grab altcha widget
+        this.altcha = document.querySelector("altcha-widget");
+        //Setup null property to hold verification payload from altcha widget
+        this.verification = null
+
+        //Run input setup after DOM content has completely loaded to ensure altcha event listeners work
+        document.addEventListener('DOMContentLoaded', this.setupInput.bind(this));
+    }
+
+    setupInput(){
+        //If we need verification
+        if(this.altcha != null){
+            //Add verification event listener to altcha widget
+            this.altcha.addEventListener("verified", this.verify.bind(this));
+        }
+
+        //Add register event listener to register button
+        this.button.addEventListener("click", this.login.bind(this));
+    }
+
+    verify(event){
+        //pull verification payload from event
+        this.verification = event.detail.payload;
+    }
+
+    login(){
+        console.log(this.altcha != null)
+        //If we need verification
+        if(this.altcha != null){
+            //If verification isn't complete
+            if( this.verification == null){
+                //don't bother
+                console.log("not complete");
+                return;
+            }
+
+            //login with verification
+            utils.ajax.login(this.user.value , this.pass.value, this.verification);
+        }else{
+            //login
+            utils.ajax.login(this.user.value, this.pass.value);
+        }
+    }
+}
+
+const registerForm = new registerPrompt();

www/js/utils.js

@@ -404,17 +404,19 @@ class canopyAjaxUtils{
         }
     }
 
-    async login(user, pass){
+    async login(user, pass, verification){
         var response = await fetch(`/api/account/login`,{
             method: "POST",
             headers: {
                 "Content-Type": "application/json"
             },
-            body: JSON.stringify({user, pass})
+            body: JSON.stringify(verification ? {user, pass, verification} : {user, pass})
         });
 
         if(response.status == 200){
             location.reload();
+        }else if(response.status == 429){
+            location = `/login?user=${user}`;
         }else{
             utils.ux.displayResponseError(await response.json());
         }