NussNougate/crafty-4
2
0
Fork 0
mirror of https://gitlab.com/crafty-controller/crafty-4.git synced 2025-01-18 17:15:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'tweak/anti-lockout' into 'dev'

Browse Source 
Remove ability to move to create server | Add logging

See merge request crafty-controller/crafty-4!706
This commit is contained in:
Iain Powrie 2024-02-02 22:17:53 +00:00
commit 4f715ba614
4 changed files with 46 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -3,7 +3,7 @@
### New features
- Use Papermc Group's API for `paper` & `folia` builds in server builder ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/688))
- Allow omission of player count from Dashboard (e.g. for proxy servers) ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/692))
- Add lockout user for forgot password ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/694))
- Add lockout user for forgot password ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/694) | [Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/706))
### Refactor
- Refactor subpage perm checks ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/695))
### Bug fixes

43
app/classes/shared/main_controller.py
View File

@ -90,18 +90,51 @@ class Controller:
def log_attempt(self, remote_ip, username):
remote = self.auth_tracker.get(str(remote_ip), None)
if remote:
remote["names"].append(username)
remote["attempts"] += 1
remote["times"].append(datetime.now().strftime("%d/%m/%Y %H:%M:%S"))
if not remote:
self.auth_tracker[str(remote_ip)] = {
"login": {
"names": [username],
"attempts": 1,
"times": [datetime.now().strftime("%d/%m/%Y %H:%M:%S")],
}
}
return
if remote.get("login", None):
remote["login"]["names"].append(username)
remote["login"]["attempts"] += 1
remote["login"]["times"].append(
datetime.now().strftime("%d/%m/%Y %H:%M:%S")
)
self.auth_tracker[str(remote_ip)] = remote
else:
self.auth_tracker[str(remote_ip)] = {
self.auth_tracker[str(remote_ip)]["login"] = {
"names": [username],
"attempts": 1,
"times": [datetime.now().strftime("%d/%m/%Y %H:%M:%S")],
}
def log_antilockout(self, remote_ip):
remote = self.auth_tracker.get(str(remote_ip), None)
if not remote:
self.auth_tracker[str(remote_ip)] = {
"anti-lockout": {
"attempts": 1,
"times": [datetime.now().strftime("%d/%m/%Y %H:%M:%S")],
}
}
return
if remote.get("anti-lockout", None):
remote["anti-lockout"]["attempts"] += 1
remote["anti-lockout"]["times"].append(
datetime.now().strftime("%d/%m/%Y %H:%M:%S")
)
self.auth_tracker[str(remote_ip)] = remote
else:
self.auth_tracker[str(remote_ip)]["anti-lockout"] = {
"attempts": 1,
"times": [datetime.now().strftime("%d/%m/%Y %H:%M:%S")],
}
def write_auth_tracker(self):
with open(
os.path.join(os.path.curdir, "logs", "auth_tracker.log"),

4
app/classes/web/routes/api/crafty/antilockout/index.py
View File

@ -2,10 +2,14 @@ import logging
from app.classes.web.base_api_handler import BaseApiHandler
logger = logging.getLogger(__name__)
auth_log = logging.getLogger("auth")
class ApiCraftyLockoutHandler(BaseApiHandler):
def get(self):
auth_log.warning(f"Anti-Lockout request from {self.get_remote_ip()}")
self.controller.log_antilockout(self.get_remote_ip())
if self.controller.users.get_id_by_name("anti-lockout-user"):
return self.finish_json(
425, {"status": "error", "data": "Lockout recovery already in progress"}

3
app/classes/web/server_handler.py
View File

@ -86,6 +86,9 @@ class ServerHandler(BaseHandler):
template = "public/404.html"
if exec_user["username"] == "anti-lockout-user":
return self.redirect("/panel/panel_config")
page_data = {
"update_available": self.helper.update_available,
"version_data": self.helper.get_version_string(),