From f9299a9bd0ab954da756238f964d48d600f8c7a0 Mon Sep 17 00:00:00 2001 From: jrtechs Date: Sun, 11 Nov 2018 20:52:36 -0500 Subject: [PATCH] Implemented a procedure to ban people based on ip after they have x amount of invalid log-in attempts. --- admin/admin.js | 2 +- admin/login/login.js | 93 ++++++++++++++++++++++++++++++------ includes/html/banHammer.html | 4 ++ sites/admin.js | 6 ++- utils/utils.js | 12 +++++ 5 files changed, 100 insertions(+), 17 deletions(-) create mode 100644 includes/html/banHammer.html diff --git a/admin/admin.js b/admin/admin.js index 967086a..73516a3 100644 --- a/admin/admin.js +++ b/admin/admin.js @@ -14,7 +14,7 @@ module.exports= * @param request * @return {*|Promise} */ - main: function(request) + main: function(request, clientAddress) { return new Promise(function(resolve, reject) { diff --git a/admin/login/login.js b/admin/login/login.js index 71aafd9..d2185e8 100644 --- a/admin/login/login.js +++ b/admin/login/login.js @@ -4,6 +4,8 @@ const utils = require('../../utils/utils.js'); //update db const sql = require('../../utils/sql'); +const qs = require('querystring'); + /** * Processes post data to see if the user has successfully @@ -13,16 +15,20 @@ const sql = require('../../utils/sql'); * @param request * @returns {Promise} */ -const processLogin = function(request) +const processLogin = function(request, clientAddress) { return new Promise(function(resolve, reject) { utils.getPostData(request).then(function(postData) { + const post = qs.parse(postData); + if(!post.username && !post.password) + { + resolve(""); + } return sql.checkLogin(postData); }).then(function(loginResult) { - if(loginResult.pass) { request.session.user = loginResult.user; @@ -31,8 +37,9 @@ const processLogin = function(request) } else { - console.log("password incorrect"); - resolve("Password incorrect"); + banIP(clientAddress); + console.log("Invader!"); + resolve("Wrong!"); } }).catch(function(err) { @@ -42,6 +49,54 @@ const processLogin = function(request) }; +/** Global Containing Ban Data **/ +var banData = {}; + +/** Number of incorrect login attempts permitted per ip */ +const LOGIN_LIMIT = 5; + + +/** + * Determines if a client is banned from the server + * or not. + * + * @param clientAddress + */ +const isBanned = function(clientAddress) +{ + if(clientAddress in banData) + { + user = banData[clientAddress]; + + return user.incorrectLogins > LOGIN_LIMIT; + } + return false; + +}; + + +/** + * Increments the user's incorrect login attempt + * counter. + * + * @param clientAddress + */ +const banIP = function(clientAddress) +{ + if(clientAddress in banData) + { + user = banData[clientAddress]; + user.incorrectLogins++; + } + else + { + var newUser = new Object(); + newUser.incorrectLogins = 1; + banData[clientAddress] = newUser; + } +}; + + module.exports= { /** @@ -50,19 +105,27 @@ module.exports= * @param request express request containing post data * @returns {Promise} resolves html of login page */ - main: function(request) + main: function(request, clientAddress) { - return new Promise(function(resolve, reject) + if(isBanned(clientAddress)) { - Promise.all([utils.include("./admin/login/login.html"), - require("../../sidebar/sidebar.js").main(), - processLogin(request)]).then(function(html) - { - resolve(html.join('') + ""); - }).catch(function(err) + return utils.printBannedPage(); + } + else + { + return new Promise(function(resolve, reject) { - reject(err); - }) - }); + Promise.all([utils.include("./admin/login/login.html"), + require("../../sidebar/sidebar.js").main(), + processLogin(request, clientAddress)]).then(function(html) + { + resolve(html.join('') + ""); + }).catch(function(err) + { + reject(err); + }) + }); + } + }, }; \ No newline at end of file diff --git a/includes/html/banHammer.html b/includes/html/banHammer.html new file mode 100644 index 0000000..e3b1159 --- /dev/null +++ b/includes/html/banHammer.html @@ -0,0 +1,4 @@ +
+

Ban Hammer!

+
+
Page not found
diff --git a/sites/admin.js b/sites/admin.js index 50ce73b..d7a3e78 100644 --- a/sites/admin.js +++ b/sites/admin.js @@ -26,12 +26,16 @@ module.exports= } else { + const clientAddress = (request.headers['x-forwarded-for'] || '').split(',')[0] + || request.connection.remoteAddress; + + result.writeHead(200, {'Content-Type': 'text/html'}); const file = "../admin/admin.js"; Promise.all([includes.printAdminHeader(), - require(file).main(request), + require(file).main(request, clientAddress), includes.printFooter()]).then(function(content) { result.write(content.join('')); diff --git a/utils/utils.js b/utils/utils.js index 7413fa0..9af829a 100644 --- a/utils/utils.js +++ b/utils/utils.js @@ -133,5 +133,17 @@ module.exports= printWrongHost: function() { return this.include("includes/html/incorrectHost.html"); + }, + + + /** + * Displays 404 error to user + * + * @param result + * @returns {*} + */ + printBannedPage: function() + { + return this.include("includes/html/banHammer.html"); } }; \ No newline at end of file