mirror of
https://github.com/louislam/uptime-kuma.git
synced 2024-11-23 23:04:04 +00:00
Merge remote-tracking branch 'origin/master'
This commit is contained in:
commit
21405f71b5
1 changed files with 7 additions and 0 deletions
|
@ -2,6 +2,7 @@ const basicAuth = require("express-basic-auth");
|
||||||
const passwordHash = require("./password-hash");
|
const passwordHash = require("./password-hash");
|
||||||
const { R } = require("redbean-node");
|
const { R } = require("redbean-node");
|
||||||
const { setting } = require("./util-server");
|
const { setting } = require("./util-server");
|
||||||
|
const { log } = require("../src/util");
|
||||||
const { loginRateLimiter, apiRateLimiter } = require("./rate-limiter");
|
const { loginRateLimiter, apiRateLimiter } = require("./rate-limiter");
|
||||||
const { Settings } = require("./settings");
|
const { Settings } = require("./settings");
|
||||||
const dayjs = require("dayjs");
|
const dayjs = require("dayjs");
|
||||||
|
@ -81,12 +82,16 @@ function apiAuthorizer(username, password, callback) {
|
||||||
apiRateLimiter.pass(null, 0).then((pass) => {
|
apiRateLimiter.pass(null, 0).then((pass) => {
|
||||||
if (pass) {
|
if (pass) {
|
||||||
verifyAPIKey(password).then((valid) => {
|
verifyAPIKey(password).then((valid) => {
|
||||||
|
if (!valid) {
|
||||||
|
log.warn("api-auth", "Failed API auth attempt: invalid API Key");
|
||||||
|
}
|
||||||
callback(null, valid);
|
callback(null, valid);
|
||||||
// Only allow a set number of api requests per minute
|
// Only allow a set number of api requests per minute
|
||||||
// (currently set to 60)
|
// (currently set to 60)
|
||||||
apiRateLimiter.removeTokens(1);
|
apiRateLimiter.removeTokens(1);
|
||||||
});
|
});
|
||||||
} else {
|
} else {
|
||||||
|
log.warn("api-auth", "Failed API auth attempt: rate limit exceeded");
|
||||||
callback(null, false);
|
callback(null, false);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
@ -106,10 +111,12 @@ function userAuthorizer(username, password, callback) {
|
||||||
callback(null, user != null);
|
callback(null, user != null);
|
||||||
|
|
||||||
if (user == null) {
|
if (user == null) {
|
||||||
|
log.warn("basic-auth", "Failed basic auth attempt: invalid username/password");
|
||||||
loginRateLimiter.removeTokens(1);
|
loginRateLimiter.removeTokens(1);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
} else {
|
} else {
|
||||||
|
log.warn("basic-auth", "Failed basic auth attempt: rate limit exceeded");
|
||||||
callback(null, false);
|
callback(null, false);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
Loading…
Reference in a new issue