add loger, access log and bans/whitelist
This commit is contained in:
nahakubuilde
@@ -207,3 +207,75 @@ func boolToStr(b bool) string {
|
||||
}
|
||||
return "false"
|
||||
}
|
||||
|
||||
// --- Security (IP Ban & Thresholds) Settings ---
|
||||
|
||||
// GetSecuritySettingsHandler returns current security-related config
|
||||
func (h *Handlers) GetSecuritySettingsHandler(c *gin.Context) {
|
||||
c.JSON(http.StatusOK, gin.H{
|
||||
"pwd_failures_threshold": h.config.PwdFailuresThreshold,
|
||||
"mfa_failures_threshold": h.config.MFAFailuresThreshold,
|
||||
"failures_window_minutes": h.config.FailuresWindowMinutes,
|
||||
"auto_ban_duration_hours": h.config.AutoBanDurationHours,
|
||||
"auto_ban_permanent": h.config.AutoBanPermanent,
|
||||
})
|
||||
}
|
||||
|
||||
// PostSecuritySettingsHandler validates and saves security-related config
|
||||
func (h *Handlers) PostSecuritySettingsHandler(c *gin.Context) {
|
||||
pwdStr := strings.TrimSpace(c.PostForm("pwd_failures_threshold"))
|
||||
mfaStr := strings.TrimSpace(c.PostForm("mfa_failures_threshold"))
|
||||
winStr := strings.TrimSpace(c.PostForm("failures_window_minutes"))
|
||||
durStr := strings.TrimSpace(c.PostForm("auto_ban_duration_hours"))
|
||||
permStr := strings.TrimSpace(c.PostForm("auto_ban_permanent"))
|
||||
|
||||
// basic validation
|
||||
if pwdStr == "" || mfaStr == "" || winStr == "" || durStr == "" {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": "All numeric fields are required"})
|
||||
return
|
||||
}
|
||||
if _, err := strconv.Atoi(pwdStr); err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid password failures threshold"})
|
||||
return
|
||||
}
|
||||
if _, err := strconv.Atoi(mfaStr); err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid MFA failures threshold"})
|
||||
return
|
||||
}
|
||||
if _, err := strconv.Atoi(winStr); err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid failures window (minutes)"})
|
||||
return
|
||||
}
|
||||
if _, err := strconv.Atoi(durStr); err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid auto-ban duration (hours)"})
|
||||
return
|
||||
}
|
||||
|
||||
// normalize perm
|
||||
perm := strings.EqualFold(permStr, "true") || permStr == "1" || strings.EqualFold(permStr, "on")
|
||||
permStr = boolToStr(perm)
|
||||
|
||||
// Save values
|
||||
if err := h.config.SaveSetting("SECURITY", "PWD_FAILURES_THRESHOLD", pwdStr); err != nil {
|
||||
c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to save PWD_FAILURES_THRESHOLD"})
|
||||
return
|
||||
}
|
||||
if err := h.config.SaveSetting("SECURITY", "MFA_FAILURES_THRESHOLD", mfaStr); err != nil {
|
||||
c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to save MFA_FAILURES_THRESHOLD"})
|
||||
return
|
||||
}
|
||||
if err := h.config.SaveSetting("SECURITY", "FAILURES_WINDOW_MINUTES", winStr); err != nil {
|
||||
c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to save FAILURES_WINDOW_MINUTES"})
|
||||
return
|
||||
}
|
||||
if err := h.config.SaveSetting("SECURITY", "AUTO_BAN_DURATION_HOURS", durStr); err != nil {
|
||||
c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to save AUTO_BAN_DURATION_HOURS"})
|
||||
return
|
||||
}
|
||||
if err := h.config.SaveSetting("SECURITY", "AUTO_BAN_PERMANENT", permStr); err != nil {
|
||||
c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to save AUTO_BAN_PERMANENT"})
|
||||
return
|
||||
}
|
||||
|
||||
c.JSON(http.StatusOK, gin.H{"success": true})
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user