Added readme to Manager. Add support for failed logging attempt log file, to enable fail2ban...
This commit is contained in:
Kalzu Rekku
@@ -48,10 +48,11 @@ func main() {
|
||||
dyfiUser := flag.String("dyfi-user", os.Getenv("DYFI_USER"), "dy.fi username (email)")
|
||||
dyfiPass := flag.String("dyfi-pass", os.Getenv("DYFI_PASS"), "dy.fi password")
|
||||
email := flag.String("email", os.Getenv("ACME_EMAIL"), "Email for Let's Encrypt notifications")
|
||||
logFile := flag.String("log", os.Getenv("LOG_FILE"), "Path to log file for fail2ban")
|
||||
|
||||
flag.Parse()
|
||||
|
||||
logger = NewLogger()
|
||||
logger = NewLogger(*logFile)
|
||||
|
||||
// --- ENCRYPTION INITIALIZATION ---
|
||||
serverKey := os.Getenv("SERVER_KEY")
|
||||
@@ -180,6 +181,8 @@ func main() {
|
||||
userID := strings.TrimSpace(r.FormValue("userid"))
|
||||
user, err := store.GetUser(userID)
|
||||
if err != nil || user == nil {
|
||||
// FAIL2BAN TRIGGER
|
||||
logger.Warn("AUTH_FAILURE: User not found: %s from IP %s", userID, getIP(r))
|
||||
tmpl.Execute(w, map[string]interface{}{"Step2": false, "Error": "User not found"})
|
||||
return
|
||||
}
|
||||
@@ -219,10 +222,15 @@ func main() {
|
||||
return
|
||||
}
|
||||
|
||||
// Get the user from the store and the TOTP code from the form
|
||||
user, _ := store.GetUser(session.UserID)
|
||||
totpCode := strings.TrimSpace(r.FormValue("totp"))
|
||||
|
||||
// Validate the TOTP code
|
||||
if !totp.Validate(totpCode, user.TOTPSecret) {
|
||||
// --- FAIL2BAN TRIGGER ---
|
||||
logger.Warn("AUTH_FAILURE: Invalid TOTP for user %s from IP %s", session.UserID, getIP(r))
|
||||
|
||||
tmpl.Execute(w, map[string]interface{}{"Step2": true, "Error": "Invalid TOTP code"})
|
||||
return
|
||||
}
|
||||
@@ -230,6 +238,7 @@ func main() {
|
||||
sessions.Lock()
|
||||
delete(sessions.m, cookie.Value)
|
||||
|
||||
// Create a new long-lived authenticated session (1 hour)
|
||||
authSessionID := fmt.Sprintf("%d", time.Now().UnixNano())
|
||||
sessions.m[authSessionID] = &Session{
|
||||
UserID: session.UserID,
|
||||
@@ -249,6 +258,7 @@ func main() {
|
||||
MaxAge: 3600,
|
||||
})
|
||||
|
||||
// Redirect to the main application
|
||||
http.Redirect(w, r, "/app", http.StatusSeeOther)
|
||||
})
|
||||
|
||||
@@ -371,6 +381,16 @@ func cleanupSessions() {
|
||||
}
|
||||
}
|
||||
|
||||
func getIP(r *http.Request) string {
|
||||
// Check for X-Forwarded-For if you are behind a proxy (Nginx/Cloudflare)
|
||||
if xff := r.Header.Get("X-Forwarded-For"); xff != "" {
|
||||
return strings.Split(xff, ",")[0]
|
||||
}
|
||||
// Otherwise use RemoteAddr (strip the port)
|
||||
ip, _, _ := net.SplitHostPort(r.RemoteAddr)
|
||||
return ip
|
||||
}
|
||||
|
||||
func makeHTTPRequest(method, url string, headers map[string]string, body string) map[string]interface{} {
|
||||
client := &http.Client{Timeout: 30 * time.Second}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user