Automatically clean failed login attempts
This commit is contained in:
parent
05e911bfc5
commit
9943df4952
@ -1,7 +1,9 @@
|
|||||||
use std::collections::HashMap;
|
use std::collections::HashMap;
|
||||||
use std::net::IpAddr;
|
use std::net::IpAddr;
|
||||||
|
|
||||||
use crate::constants::KEEP_FAILED_LOGIN_ATTEMPTS_FOR;
|
use actix::{Actor, AsyncContext, Context};
|
||||||
|
|
||||||
|
use crate::constants::{FAIL_LOGIN_ATTEMPT_CLEANUP_INTERVAL, KEEP_FAILED_LOGIN_ATTEMPTS_FOR};
|
||||||
use crate::utils::time::time;
|
use crate::utils::time::time;
|
||||||
|
|
||||||
#[derive(Debug, Default)]
|
#[derive(Debug, Default)]
|
||||||
@ -41,6 +43,18 @@ impl BruteForceActor {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
impl Actor for BruteForceActor {
|
||||||
|
type Context = Context<Self>;
|
||||||
|
|
||||||
|
fn started(&mut self, ctx: &mut Self::Context) {
|
||||||
|
// Clean up at a regular interval failed attempts
|
||||||
|
ctx.run_interval(FAIL_LOGIN_ATTEMPT_CLEANUP_INTERVAL, |act, _ctx| {
|
||||||
|
log::trace!("Cleaning up failed login attempts");
|
||||||
|
act.clean_attempts();
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod test {
|
mod test {
|
||||||
use std::net::{IpAddr, Ipv4Addr};
|
use std::net::{IpAddr, Ipv4Addr};
|
||||||
|
@ -1,3 +1,5 @@
|
|||||||
|
use std::time::Duration;
|
||||||
|
|
||||||
/// File in storage containing users list
|
/// File in storage containing users list
|
||||||
pub const USERS_LIST_FILE: &str = "users.json";
|
pub const USERS_LIST_FILE: &str = "users.json";
|
||||||
|
|
||||||
@ -32,3 +34,4 @@ pub const LOGIN_ROUTE: &str = "/login";
|
|||||||
/// Bruteforce protection
|
/// Bruteforce protection
|
||||||
pub const KEEP_FAILED_LOGIN_ATTEMPTS_FOR: u64 = 3600;
|
pub const KEEP_FAILED_LOGIN_ATTEMPTS_FOR: u64 = 3600;
|
||||||
pub const MAX_FAILED_LOGIN_ATTEMPTS: u64 = 15;
|
pub const MAX_FAILED_LOGIN_ATTEMPTS: u64 = 15;
|
||||||
|
pub const FAIL_LOGIN_ATTEMPT_CLEANUP_INTERVAL: Duration = Duration::from_secs(60);
|
@ -1,11 +1,12 @@
|
|||||||
use actix::Actor;
|
use actix::Actor;
|
||||||
use actix_identity::{CookieIdentityPolicy, IdentityService};
|
use actix_identity::{CookieIdentityPolicy, IdentityService};
|
||||||
use actix_web::cookie::time::Duration;
|
use actix_web::{App, get, HttpServer, web};
|
||||||
use actix_web::cookie::SameSite;
|
use actix_web::cookie::SameSite;
|
||||||
|
use actix_web::cookie::time::Duration;
|
||||||
use actix_web::middleware::Logger;
|
use actix_web::middleware::Logger;
|
||||||
use actix_web::{get, web, App, HttpServer};
|
|
||||||
use clap::Parser;
|
use clap::Parser;
|
||||||
|
|
||||||
|
use basic_oidc::actors::bruteforce_actor::BruteForceActor;
|
||||||
use basic_oidc::actors::users_actor::UsersActor;
|
use basic_oidc::actors::users_actor::UsersActor;
|
||||||
use basic_oidc::constants::{
|
use basic_oidc::constants::{
|
||||||
DEFAULT_ADMIN_PASSWORD, DEFAULT_ADMIN_USERNAME, MAX_INACTIVITY_DURATION, MAX_SESSION_DURATION,
|
DEFAULT_ADMIN_PASSWORD, DEFAULT_ADMIN_USERNAME, MAX_INACTIVITY_DURATION, MAX_SESSION_DURATION,
|
||||||
@ -63,6 +64,7 @@ async fn main() -> std::io::Result<()> {
|
|||||||
}
|
}
|
||||||
|
|
||||||
let users_actor = UsersActor::new(users).start();
|
let users_actor = UsersActor::new(users).start();
|
||||||
|
let bruteforce_actor = BruteForceActor::default().start();
|
||||||
|
|
||||||
log::info!("Server will listen on {}", config.listen_address);
|
log::info!("Server will listen on {}", config.listen_address);
|
||||||
let listen_address = config.listen_address.to_string();
|
let listen_address = config.listen_address.to_string();
|
||||||
@ -77,6 +79,7 @@ async fn main() -> std::io::Result<()> {
|
|||||||
|
|
||||||
App::new()
|
App::new()
|
||||||
.app_data(web::Data::new(users_actor.clone()))
|
.app_data(web::Data::new(users_actor.clone()))
|
||||||
|
.app_data(web::Data::new(bruteforce_actor.clone()))
|
||||||
.app_data(web::Data::new(config.clone()))
|
.app_data(web::Data::new(config.clone()))
|
||||||
.wrap(Logger::default())
|
.wrap(Logger::default())
|
||||||
.wrap(AuthMiddleware {})
|
.wrap(AuthMiddleware {})
|
||||||
|
Loading…
Reference in New Issue
Block a user