Basic brute force detection added. Accounts throttle by captcha after 5 failed attempts, and locked out for 24 hours after 200 attempts.

www/js/login.js

@@ -0,0 +1,70 @@
+/*Canopy - The next generation of stoner streaming software
+Copyright (C) 2024  Rainbownapkin and the TTN Community
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>.*/
+
+class registerPrompt{
+    constructor(){
+        //Grab user prompt
+        this.user = document.querySelector("#login-page-username");
+        //Grab pass prompts
+        this.pass = document.querySelector("#login-page-password");
+        //Grab register button
+        this.button = document.querySelector("#login-page-button");
+        //Grab altcha widget
+        this.altcha = document.querySelector("altcha-widget");
+        //Setup null property to hold verification payload from altcha widget
+        this.verification = null
+
+        //Run input setup after DOM content has completely loaded to ensure altcha event listeners work
+        document.addEventListener('DOMContentLoaded', this.setupInput.bind(this));
+    }
+
+    setupInput(){
+        //If we need verification
+        if(this.altcha != null){
+            //Add verification event listener to altcha widget
+            this.altcha.addEventListener("verified", this.verify.bind(this));
+        }
+
+        //Add register event listener to register button
+        this.button.addEventListener("click", this.login.bind(this));
+    }
+
+    verify(event){
+        //pull verification payload from event
+        this.verification = event.detail.payload;
+    }
+
+    login(){
+        console.log(this.altcha != null)
+        //If we need verification
+        if(this.altcha != null){
+            //If verification isn't complete
+            if( this.verification == null){
+                //don't bother
+                console.log("not complete");
+                return;
+            }
+
+            //login with verification
+            utils.ajax.login(this.user.value , this.pass.value, this.verification);
+        }else{
+            //login
+            utils.ajax.login(this.user.value, this.pass.value);
+        }
+    }
+}
+
+const registerForm = new registerPrompt();

www/js/utils.js

@@ -404,17 +404,19 @@ class canopyAjaxUtils{
         }
     }
 
-    async login(user, pass){
+    async login(user, pass, verification){
         var response = await fetch(`/api/account/login`,{
             method: "POST",
             headers: {
                 "Content-Type": "application/json"
             },
-            body: JSON.stringify({user, pass})
+            body: JSON.stringify(verification ? {user, pass, verification} : {user, pass})
         });
 
         if(response.status == 200){
             location.reload();
+        }else if(response.status == 429){
+            location = `/login?user=${user}`;
         }else{
             utils.ux.displayResponseError(await response.json());
         }