Browse Source

Implemented a procedure to ban people based on ip after they have x amount of invalid log-in attempts.

pull/29/head
jrtechs 6 years ago
parent
commit
f9299a9bd0
5 changed files with 100 additions and 17 deletions
  1. +1
    -1
      admin/admin.js
  2. +78
    -15
      admin/login/login.js
  3. +4
    -0
      includes/html/banHammer.html
  4. +5
    -1
      sites/admin.js
  5. +12
    -0
      utils/utils.js

+ 1
- 1
admin/admin.js View File

@ -14,7 +14,7 @@ module.exports=
* @param request * @param request
* @return {*|Promise} * @return {*|Promise}
*/ */
main: function(request)
main: function(request, clientAddress)
{ {
return new Promise(function(resolve, reject) return new Promise(function(resolve, reject)
{ {

+ 78
- 15
admin/login/login.js View File

@ -4,6 +4,8 @@ const utils = require('../../utils/utils.js');
//update db //update db
const sql = require('../../utils/sql'); const sql = require('../../utils/sql');
const qs = require('querystring');
/** /**
* Processes post data to see if the user has successfully * Processes post data to see if the user has successfully
@ -13,16 +15,20 @@ const sql = require('../../utils/sql');
* @param request * @param request
* @returns {Promise} * @returns {Promise}
*/ */
const processLogin = function(request)
const processLogin = function(request, clientAddress)
{ {
return new Promise(function(resolve, reject) return new Promise(function(resolve, reject)
{ {
utils.getPostData(request).then(function(postData) utils.getPostData(request).then(function(postData)
{ {
const post = qs.parse(postData);
if(!post.username && !post.password)
{
resolve("");
}
return sql.checkLogin(postData); return sql.checkLogin(postData);
}).then(function(loginResult) }).then(function(loginResult)
{ {
if(loginResult.pass) if(loginResult.pass)
{ {
request.session.user = loginResult.user; request.session.user = loginResult.user;
@ -31,8 +37,9 @@ const processLogin = function(request)
} }
else else
{ {
console.log("password incorrect");
resolve("Password incorrect");
banIP(clientAddress);
console.log("Invader!");
resolve("Wrong!");
} }
}).catch(function(err) }).catch(function(err)
{ {
@ -42,6 +49,54 @@ const processLogin = function(request)
}; };
/** Global Containing Ban Data **/
var banData = {};
/** Number of incorrect login attempts permitted per ip */
const LOGIN_LIMIT = 5;
/**
* Determines if a client is banned from the server
* or not.
*
* @param clientAddress
*/
const isBanned = function(clientAddress)
{
if(clientAddress in banData)
{
user = banData[clientAddress];
return user.incorrectLogins > LOGIN_LIMIT;
}
return false;
};
/**
* Increments the user's incorrect login attempt
* counter.
*
* @param clientAddress
*/
const banIP = function(clientAddress)
{
if(clientAddress in banData)
{
user = banData[clientAddress];
user.incorrectLogins++;
}
else
{
var newUser = new Object();
newUser.incorrectLogins = 1;
banData[clientAddress] = newUser;
}
};
module.exports= module.exports=
{ {
/** /**
@ -50,19 +105,27 @@ module.exports=
* @param request express request containing post data * @param request express request containing post data
* @returns {Promise} resolves html of login page * @returns {Promise} resolves html of login page
*/ */
main: function(request)
main: function(request, clientAddress)
{ {
return new Promise(function(resolve, reject)
if(isBanned(clientAddress))
{ {
Promise.all([utils.include("./admin/login/login.html"),
require("../../sidebar/sidebar.js").main(),
processLogin(request)]).then(function(html)
{
resolve(html.join('') + "</div>");
}).catch(function(err)
return utils.printBannedPage();
}
else
{
return new Promise(function(resolve, reject)
{ {
reject(err);
})
});
Promise.all([utils.include("./admin/login/login.html"),
require("../../sidebar/sidebar.js").main(),
processLogin(request, clientAddress)]).then(function(html)
{
resolve(html.join('') + "</div>");
}).catch(function(err)
{
reject(err);
})
});
}
}, },
}; };

+ 4
- 0
includes/html/banHammer.html View File

@ -0,0 +1,4 @@
<br>
<center><h1>Ban Hammer!</h1></center>
<br>
<center><img src="/includes/img/404.jpg" alt="Page not found" width="70%" /></center>

+ 5
- 1
sites/admin.js View File

@ -26,12 +26,16 @@ module.exports=
} }
else else
{ {
const clientAddress = (request.headers['x-forwarded-for'] || '').split(',')[0]
|| request.connection.remoteAddress;
result.writeHead(200, {'Content-Type': 'text/html'}); result.writeHead(200, {'Content-Type': 'text/html'});
const file = "../admin/admin.js"; const file = "../admin/admin.js";
Promise.all([includes.printAdminHeader(), Promise.all([includes.printAdminHeader(),
require(file).main(request),
require(file).main(request, clientAddress),
includes.printFooter()]).then(function(content) includes.printFooter()]).then(function(content)
{ {
result.write(content.join('')); result.write(content.join(''));

+ 12
- 0
utils/utils.js View File

@ -133,5 +133,17 @@ module.exports=
printWrongHost: function() printWrongHost: function()
{ {
return this.include("includes/html/incorrectHost.html"); return this.include("includes/html/incorrectHost.html");
},
/**
* Displays 404 error to user
*
* @param result
* @returns {*}
*/
printBannedPage: function()
{
return this.include("includes/html/banHammer.html");
} }
}; };

Loading…
Cancel
Save