diff --git a/README.md b/README.md index a3b8ab5..71a6c9a 100644 --- a/README.md +++ b/README.md @@ -57,9 +57,11 @@ log_to_file=false # Whether to write logs to a file log_file=config/log.txt # Where to store the log file if it is enabled enable_scram=false # Whether the app should shut down if there are 3 or more failed login attempts within 100 seconds -# Not present by default, set only if you want to be notified of any failed login attempts over telegram -tg_token=tgtoken -tg_chat=chatid +# Not present by default, set only if you want to be notified of any failed login attempts over Telegram +# Values correspond to API flags, see https://core.telegram.org/bots/api#sendmessage +tg_token=your_telegram_token +tg_chat=chat_id +tg_topic=message_thread_id ``` ### Docker deployment: @@ -68,7 +70,7 @@ The [package](https://git.a71.su/Andrew71/hibiscus/packages) provided in this re and there is a [Dockerfile](./Dockerfile) in case you want to compile for something rarer (like a Pi). This repo contains the [compose.yml](./compose.yml) that I personally use. -**Note**: versioned images may be provided in the future, possibly via dockerhub +**Note**: versioned images may be provided in the future, possibly via `ghcr.io`. ### Executable flags If you for some reason decide to run plain executable instead of docker, it supports following flags: diff --git a/TODO.md b/TODO.md index d35fb47..07fce74 100644 --- a/TODO.md +++ b/TODO.md @@ -5,8 +5,8 @@ List of things to add to this project ## v1.0.0 * a logo so I can enable PWA (and look cool) -* Versioned containers via `ghcr.io` or `dockerhub`, -with automatic CI/CD build on release +* Versioned containers via `ghcr.io`, +with automatic CI/CD build on release. NOT DockerHub due to their anti-Russian actions. * ...QA? And polishing. ## Brainstorming diff --git a/auth.go b/auth.go index 1a1f545..c28cd05 100644 --- a/auth.go +++ b/auth.go @@ -22,17 +22,15 @@ var failedLogins []failedLogin // NoteLoginFail attempts to log and counteract bruteforce/spam attacks func NoteLoginFail(username string, password string, r *http.Request) { slog.Warn("failed auth", "username", username, "password", password, "address", r.RemoteAddr) - NotifyTelegram(fmt.Sprintf("Failed auth attempt in hibiscus:\nusername=%s\npassword=%s\nremote=%s", username, password, r.RemoteAddr)) + NotifyTelegram(fmt.Sprintf(TranslatableText("info.telegram_notification")+":\nusername=%s\npassword=%s\nremote=%s", username, password, r.RemoteAddr)) attempt := failedLogin{username, password, time.Now()} updatedLogins := []failedLogin{attempt} - for _, attempt := range failedLogins { if 100 > time.Now().Sub(attempt.Timestamp).Abs().Seconds() { updatedLogins = append(updatedLogins, attempt) } } - failedLogins = updatedLogins // At least 3 failed attempts in last 100 seconds -> likely bruteforce @@ -78,7 +76,7 @@ func Scram() { os.Exit(0) // TODO: should this be 0 or 1? } -// NotifyTelegram attempts to send a message to admin through telegram +// NotifyTelegram attempts to send a message to admin through Telegram func NotifyTelegram(msg string) { if Cfg.TelegramChat == "" || Cfg.TelegramToken == "" { slog.Debug("ignoring telegram request due to lack of credentials") diff --git a/i18n/en.json b/i18n/en.json index 2a33873..89585cd 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -22,5 +22,7 @@ "info.version.link": "source and changelog", "info.export": "Export data", "info.readme": "Edit readme.txt", - "info.config": "Edit config" + "info.config": "Edit config", + + "info.telegram_notification": "Failed auth attempt in Hibiscus.txt" } \ No newline at end of file diff --git a/i18n/ru.json b/i18n/ru.json index f244ec6..98c6cd8 100644 --- a/i18n/ru.json +++ b/i18n/ru.json @@ -22,5 +22,7 @@ "info.version.link": "исходный код", "info.export": "Экспорт данных", "info.readme": "Редактировать readme.txt", - "info.config": "Редактировать конфиг" + "info.config": "Редактировать конфиг", + + "info.telegram_notification": "Неверная попытка авторизации в Hibiscus.txt" } \ No newline at end of file