Make Telegram notification translatable, update README
This commit is contained in:
parent
3fabf4381e
commit
7c55b96cf1
5 changed files with 16 additions and 12 deletions
10
README.md
10
README.md
|
@ -57,9 +57,11 @@ log_to_file=false # Whether to write logs to a file
|
||||||
log_file=config/log.txt # Where to store the log file if it is enabled
|
log_file=config/log.txt # Where to store the log file if it is enabled
|
||||||
enable_scram=false # Whether the app should shut down if there are 3 or more failed login attempts within 100 seconds
|
enable_scram=false # Whether the app should shut down if there are 3 or more failed login attempts within 100 seconds
|
||||||
|
|
||||||
# Not present by default, set only if you want to be notified of any failed login attempts over telegram
|
# Not present by default, set only if you want to be notified of any failed login attempts over Telegram
|
||||||
tg_token=tgtoken
|
# Values correspond to API flags, see https://core.telegram.org/bots/api#sendmessage
|
||||||
tg_chat=chatid
|
tg_token=your_telegram_token
|
||||||
|
tg_chat=chat_id
|
||||||
|
tg_topic=message_thread_id
|
||||||
```
|
```
|
||||||
|
|
||||||
### Docker deployment:
|
### Docker deployment:
|
||||||
|
@ -68,7 +70,7 @@ The [package](https://git.a71.su/Andrew71/hibiscus/packages) provided in this re
|
||||||
and there is a [Dockerfile](./Dockerfile) in case you want to compile for something rarer (like a Pi).
|
and there is a [Dockerfile](./Dockerfile) in case you want to compile for something rarer (like a Pi).
|
||||||
This repo contains the [compose.yml](./compose.yml) that I personally use.
|
This repo contains the [compose.yml](./compose.yml) that I personally use.
|
||||||
|
|
||||||
**Note**: versioned images may be provided in the future, possibly via dockerhub
|
**Note**: versioned images may be provided in the future, possibly via `ghcr.io`.
|
||||||
|
|
||||||
### Executable flags
|
### Executable flags
|
||||||
If you for some reason decide to run plain executable instead of docker, it supports following flags:
|
If you for some reason decide to run plain executable instead of docker, it supports following flags:
|
||||||
|
|
4
TODO.md
4
TODO.md
|
@ -5,8 +5,8 @@ List of things to add to this project
|
||||||
|
|
||||||
## v1.0.0
|
## v1.0.0
|
||||||
* a logo so I can enable PWA (and look cool)
|
* a logo so I can enable PWA (and look cool)
|
||||||
* Versioned containers via `ghcr.io` or `dockerhub`,
|
* Versioned containers via `ghcr.io`,
|
||||||
with automatic CI/CD build on release
|
with automatic CI/CD build on release. NOT DockerHub due to their anti-Russian actions.
|
||||||
* ...QA? And polishing.
|
* ...QA? And polishing.
|
||||||
|
|
||||||
## Brainstorming
|
## Brainstorming
|
||||||
|
|
6
auth.go
6
auth.go
|
@ -22,17 +22,15 @@ var failedLogins []failedLogin
|
||||||
// NoteLoginFail attempts to log and counteract bruteforce/spam attacks
|
// NoteLoginFail attempts to log and counteract bruteforce/spam attacks
|
||||||
func NoteLoginFail(username string, password string, r *http.Request) {
|
func NoteLoginFail(username string, password string, r *http.Request) {
|
||||||
slog.Warn("failed auth", "username", username, "password", password, "address", r.RemoteAddr)
|
slog.Warn("failed auth", "username", username, "password", password, "address", r.RemoteAddr)
|
||||||
NotifyTelegram(fmt.Sprintf("Failed auth attempt in hibiscus:\nusername=%s\npassword=%s\nremote=%s", username, password, r.RemoteAddr))
|
NotifyTelegram(fmt.Sprintf(TranslatableText("info.telegram_notification")+":\nusername=%s\npassword=%s\nremote=%s", username, password, r.RemoteAddr))
|
||||||
|
|
||||||
attempt := failedLogin{username, password, time.Now()}
|
attempt := failedLogin{username, password, time.Now()}
|
||||||
updatedLogins := []failedLogin{attempt}
|
updatedLogins := []failedLogin{attempt}
|
||||||
|
|
||||||
for _, attempt := range failedLogins {
|
for _, attempt := range failedLogins {
|
||||||
if 100 > time.Now().Sub(attempt.Timestamp).Abs().Seconds() {
|
if 100 > time.Now().Sub(attempt.Timestamp).Abs().Seconds() {
|
||||||
updatedLogins = append(updatedLogins, attempt)
|
updatedLogins = append(updatedLogins, attempt)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
failedLogins = updatedLogins
|
failedLogins = updatedLogins
|
||||||
|
|
||||||
// At least 3 failed attempts in last 100 seconds -> likely bruteforce
|
// At least 3 failed attempts in last 100 seconds -> likely bruteforce
|
||||||
|
@ -78,7 +76,7 @@ func Scram() {
|
||||||
os.Exit(0) // TODO: should this be 0 or 1?
|
os.Exit(0) // TODO: should this be 0 or 1?
|
||||||
}
|
}
|
||||||
|
|
||||||
// NotifyTelegram attempts to send a message to admin through telegram
|
// NotifyTelegram attempts to send a message to admin through Telegram
|
||||||
func NotifyTelegram(msg string) {
|
func NotifyTelegram(msg string) {
|
||||||
if Cfg.TelegramChat == "" || Cfg.TelegramToken == "" {
|
if Cfg.TelegramChat == "" || Cfg.TelegramToken == "" {
|
||||||
slog.Debug("ignoring telegram request due to lack of credentials")
|
slog.Debug("ignoring telegram request due to lack of credentials")
|
||||||
|
|
|
@ -22,5 +22,7 @@
|
||||||
"info.version.link": "source and changelog",
|
"info.version.link": "source and changelog",
|
||||||
"info.export": "Export data",
|
"info.export": "Export data",
|
||||||
"info.readme": "Edit readme.txt",
|
"info.readme": "Edit readme.txt",
|
||||||
"info.config": "Edit config"
|
"info.config": "Edit config",
|
||||||
|
|
||||||
|
"info.telegram_notification": "Failed auth attempt in Hibiscus.txt"
|
||||||
}
|
}
|
|
@ -22,5 +22,7 @@
|
||||||
"info.version.link": "исходный код",
|
"info.version.link": "исходный код",
|
||||||
"info.export": "Экспорт данных",
|
"info.export": "Экспорт данных",
|
||||||
"info.readme": "Редактировать readme.txt",
|
"info.readme": "Редактировать readme.txt",
|
||||||
"info.config": "Редактировать конфиг"
|
"info.config": "Редактировать конфиг",
|
||||||
|
|
||||||
|
"info.telegram_notification": "Неверная попытка авторизации в Hibiscus.txt"
|
||||||
}
|
}
|
Loading…
Reference in a new issue