Basic brute force detection added. Accounts throttle by captcha after 5 failed attempts, and locked out for 24 hours after 200 attempts.

2024-12-26 17:46:35 -05:00 · 2024-12-26 17:46:35 -05:00 · 9c18c23ad5
commit 9c18c23ad5
parent e0f53df176
13 changed files with 463 additions and 50 deletions
--- a/www/js/utils.js
+++ b/www/js/utils.js
@ -404,17 +404,19 @@ class canopyAjaxUtils{
        }
    }

-    async login(user, pass){
+    async login(user, pass, verification){
        var response = await fetch(`/api/account/login`,{
            method: "POST",
            headers: {
                "Content-Type": "application/json"
            },
-            body: JSON.stringify({user, pass})
+            body: JSON.stringify(verification ? {user, pass, verification} : {user, pass})
        });

        if(response.status == 200){
            location.reload();
+        }else if(response.status == 429){
+            location = `/login?user=${user}`;
        }else{
            utils.ux.displayResponseError(await response.json());
        }