Make scram optional

auth.go

@@ -19,7 +19,7 @@ type failedLogin struct {
 
 var failedLogins []failedLogin
 
-// NoteLoginFail attempts to counteract bruteforce/spam attacks
+// NoteLoginFail attempts to log and counteract bruteforce/spam attacks
 func NoteLoginFail(username string, password string, r *http.Request) {
 	slog.Warn("failed auth", "username", username, "password", password, "address", r.RemoteAddr)
 	NotifyTelegram(fmt.Sprintf("Failed auth attempt in hibiscus:\nusername=%s\npassword=%s\nremote=%s", username, password, r.RemoteAddr))
@@ -36,7 +36,7 @@ func NoteLoginFail(username string, password string, r *http.Request) {
 	failedLogins = updatedLogins
 
 	// At least 3 failed attempts in last 100 seconds -> likely bruteforce
-	if len(failedLogins) >= 3 {
+	if len(failedLogins) >= 3 && Cfg.Scram {
 		Scram()
 	}
 }

config.go

@@ -17,6 +17,7 @@ type Config struct {
 	Username string `config:"username"`
 	Password string `config:"password"`
 	Port     int    `config:"port"`
+	Scram    bool   `config:"enable_scram"`
 
 	TelegramToken string `config:"tg_token"`
 	TelegramChat  string `config:"tg_chat"`
@@ -80,6 +81,12 @@ func (c *Config) Reload() error {
 			c.TelegramToken = value
 		} else if key == "tg_chat" {
 			c.TelegramChat = value
+		} else if key == "enable_scram" {
+			if value == "true" {
+				c.Scram = true
+			} else {
+				c.Scram = false
+			}
 		}
 	}
 	if err := scanner.Err(); err != nil {

config/config.txt

@@ -1,3 +1,4 @@
 username=admin
 password=admin
 port=7101
+enable_scram=false