From 6449a300a43eba83a45ee1aaac9dd70e06aaf933 Mon Sep 17 00:00:00 2001 From: Andrew-71 Date: Thu, 28 Mar 2024 11:05:23 +0300 Subject: [PATCH] Make scram optional --- auth.go | 4 ++-- config.go | 7 +++++++ config/config.txt | 1 + 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/auth.go b/auth.go index 33b44eb..b448a06 100644 --- a/auth.go +++ b/auth.go @@ -19,7 +19,7 @@ type failedLogin struct { var failedLogins []failedLogin -// NoteLoginFail attempts to counteract bruteforce/spam attacks +// NoteLoginFail attempts to log and counteract bruteforce/spam attacks func NoteLoginFail(username string, password string, r *http.Request) { slog.Warn("failed auth", "username", username, "password", password, "address", r.RemoteAddr) NotifyTelegram(fmt.Sprintf("Failed auth attempt in hibiscus:\nusername=%s\npassword=%s\nremote=%s", username, password, r.RemoteAddr)) @@ -36,7 +36,7 @@ func NoteLoginFail(username string, password string, r *http.Request) { failedLogins = updatedLogins // At least 3 failed attempts in last 100 seconds -> likely bruteforce - if len(failedLogins) >= 3 { + if len(failedLogins) >= 3 && Cfg.Scram { Scram() } } diff --git a/config.go b/config.go index 3680501..2d7b0b7 100644 --- a/config.go +++ b/config.go @@ -17,6 +17,7 @@ type Config struct { Username string `config:"username"` Password string `config:"password"` Port int `config:"port"` + Scram bool `config:"enable_scram"` TelegramToken string `config:"tg_token"` TelegramChat string `config:"tg_chat"` @@ -80,6 +81,12 @@ func (c *Config) Reload() error { c.TelegramToken = value } else if key == "tg_chat" { c.TelegramChat = value + } else if key == "enable_scram" { + if value == "true" { + c.Scram = true + } else { + c.Scram = false + } } } if err := scanner.Err(); err != nil { diff --git a/config/config.txt b/config/config.txt index 57f51d8..030bdf5 100644 --- a/config/config.txt +++ b/config/config.txt @@ -1,3 +1,4 @@ username=admin password=admin port=7101 +enable_scram=false