Automatically clean failed login attempts

This commit is contained in:
Pierre HUBERT 2022-04-03 16:45:25 +02:00
parent 05e911bfc5
commit 9943df4952
3 changed files with 26 additions and 6 deletions

View File

@ -1,7 +1,9 @@
use std::collections::HashMap;
use std::net::IpAddr;
use crate::constants::KEEP_FAILED_LOGIN_ATTEMPTS_FOR;
use actix::{Actor, AsyncContext, Context};
use crate::constants::{FAIL_LOGIN_ATTEMPT_CLEANUP_INTERVAL, KEEP_FAILED_LOGIN_ATTEMPTS_FOR};
use crate::utils::time::time;
#[derive(Debug, Default)]
@ -41,6 +43,18 @@ impl BruteForceActor {
}
}
impl Actor for BruteForceActor {
type Context = Context<Self>;
fn started(&mut self, ctx: &mut Self::Context) {
// Clean up at a regular interval failed attempts
ctx.run_interval(FAIL_LOGIN_ATTEMPT_CLEANUP_INTERVAL, |act, _ctx| {
log::trace!("Cleaning up failed login attempts");
act.clean_attempts();
});
}
}
#[cfg(test)]
mod test {
use std::net::{IpAddr, Ipv4Addr};

View File

@ -1,3 +1,5 @@
use std::time::Duration;
/// File in storage containing users list
pub const USERS_LIST_FILE: &str = "users.json";
@ -32,3 +34,4 @@ pub const LOGIN_ROUTE: &str = "/login";
/// Bruteforce protection
pub const KEEP_FAILED_LOGIN_ATTEMPTS_FOR: u64 = 3600;
pub const MAX_FAILED_LOGIN_ATTEMPTS: u64 = 15;
pub const FAIL_LOGIN_ATTEMPT_CLEANUP_INTERVAL: Duration = Duration::from_secs(60);

View File

@ -1,11 +1,12 @@
use actix::Actor;
use actix_identity::{CookieIdentityPolicy, IdentityService};
use actix_web::cookie::time::Duration;
use actix_web::{App, get, HttpServer, web};
use actix_web::cookie::SameSite;
use actix_web::cookie::time::Duration;
use actix_web::middleware::Logger;
use actix_web::{get, web, App, HttpServer};
use clap::Parser;
use basic_oidc::actors::bruteforce_actor::BruteForceActor;
use basic_oidc::actors::users_actor::UsersActor;
use basic_oidc::constants::{
DEFAULT_ADMIN_PASSWORD, DEFAULT_ADMIN_USERNAME, MAX_INACTIVITY_DURATION, MAX_SESSION_DURATION,
@ -63,6 +64,7 @@ async fn main() -> std::io::Result<()> {
}
let users_actor = UsersActor::new(users).start();
let bruteforce_actor = BruteForceActor::default().start();
log::info!("Server will listen on {}", config.listen_address);
let listen_address = config.listen_address.to_string();
@ -77,6 +79,7 @@ async fn main() -> std::io::Result<()> {
App::new()
.app_data(web::Data::new(users_actor.clone()))
.app_data(web::Data::new(bruteforce_actor.clone()))
.app_data(web::Data::new(config.clone()))
.wrap(Logger::default())
.wrap(AuthMiddleware {})
@ -91,7 +94,7 @@ async fn main() -> std::io::Result<()> {
// Logout page
.route("/logout", web::get().to(logout_route))
})
.bind(listen_address)?
.run()
.await
.bind(listen_address)?
.run()
.await
}