0xJacky
diff --git a/‎api/settings/auth.go‎
Lines changed: 45 additions & 0 deletions b/‎api/settings/auth.go‎
Lines changed: 45 additions & 0 deletions
diff --git a/‎api/settings/router.go‎
Lines changed: 14 additions & 0 deletions b/‎api/settings/router.go‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎api/system/settings.go‎ renamed to ‎api/settings/settings.go‎
Lines changed: 4 additions & 1 deletion b/‎api/system/settings.go‎ renamed to ‎api/settings/settings.go‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎api/system/router.go‎
Lines changed: 7 additions & 11 deletions b/‎api/system/router.go‎
Lines changed: 7 additions & 11 deletions
diff --git a/‎api/user/auth.go‎
Lines changed: 65 additions & 18 deletions b/‎api/user/auth.go‎
Lines changed: 65 additions & 18 deletions
diff --git a/‎api/user/casdoor.go‎
Lines changed: 3 additions & 3 deletions b/‎api/user/casdoor.go‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎app/.eslintrc.cjs‎
Lines changed: 0 additions & 1 deletion b/‎app/.eslintrc.cjs‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎app/package.json‎
Lines changed: 16 additions & 16 deletions b/‎app/package.json‎
Lines changed: 16 additions & 16 deletions
@@ -0,0 +1,45 @@
+package settings
+
+import (
+	"github.com/0xJacky/Nginx-UI/api"
+	"github.com/0xJacky/Nginx-UI/query"
+	"github.com/0xJacky/Nginx-UI/settings"
+	"github.com/gin-gonic/gin"
+	"net/http"
+	"time"
+)
+
+func GetBanLoginIP(c *gin.Context) {
+	b := query.BanIP
+
+	// clear expired banned IPs
+	_, _ = b.Where(b.ExpiredAt.Lte(time.Now().Unix())).Delete()
+
+	banIps, err := b.Where(
+		b.ExpiredAt.Gte(time.Now().Unix()),
+		b.Attempts.Gte(settings.AuthSettings.MaxAttempts)).Find()
+	if err != nil {
+		api.ErrHandler(c, err)
+		return
+	}
+	c.JSON(http.StatusOK, banIps)
+}
+
+func RemoveBannedIP(c *gin.Context) {
+	var json struct {
+		IP string `json:"ip"`
+	}
+	if !api.BindAndValid(c, &json) {
+		return
+	}
+
+	b := query.BanIP
+	_, err := b.Where(b.IP.Eq(json.IP)).Delete()
+
+	if err != nil {
+		api.ErrHandler(c, err)
+		return
+	}
+
+	c.JSON(http.StatusNoContent, nil)
+}
@@ -0,0 +1,14 @@
+package settings
+
+import (
+	"github.com/gin-gonic/gin"
+)
+
+func InitRouter(r *gin.RouterGroup) {
+	r.GET("settings/server/name", GetServerName)
+	r.GET("settings", GetSettings)
+	r.POST("settings", SaveSettings)
+
+	r.GET("settings/auth/banned_ips", GetBanLoginIP)
+	r.DELETE("settings/auth/banned_ip", RemoveBannedIP)
+}
@@ -1,4 +1,4 @@
-package system
+package settings
 
 import (
 	"github.com/0xJacky/Nginx-UI/api"
@@ -20,6 +20,7 @@ func GetSettings(c *gin.Context) {
 		"nginx":     settings.NginxSettings,
 		"openai":    settings.OpenAISettings,
 		"logrotate": settings.LogrotateSettings,
+		"auth":      settings.AuthSettings,
 	})
 }
 
@@ -29,6 +30,7 @@ func SaveSettings(c *gin.Context) {
 		Nginx     settings.Nginx     `json:"nginx"`
 		Openai    settings.OpenAI    `json:"openai"`
 		Logrotate settings.Logrotate `json:"logrotate"`
+		Auth      settings.Auth      `json:"auth"`
 	}
 
 	if !api.BindAndValid(c, &json) {
@@ -44,6 +46,7 @@ func SaveSettings(c *gin.Context) {
 	settings.ProtectedFill(&settings.NginxSettings, &json.Nginx)
 	settings.ProtectedFill(&settings.OpenAISettings, &json.Openai)
 	settings.ProtectedFill(&settings.LogrotateSettings, &json.Logrotate)
+	settings.ProtectedFill(&settings.AuthSettings, &json.Auth)
 
 	err := settings.Save()
 	if err != nil {
 
@@ -1,21 +1,17 @@
 package system
 
 import (
-    "github.com/gin-gonic/gin"
+	"github.com/gin-gonic/gin"
 )
 
 func InitPublicRouter(r *gin.RouterGroup) {
-    r.GET("install", InstallLockCheck)
-    r.POST("install", InstallNginxUI)
-    r.GET("translation/:code", GetTranslation)
+	r.GET("install", InstallLockCheck)
+	r.POST("install", InstallNginxUI)
+	r.GET("translation/:code", GetTranslation)
 }
 
 func InitPrivateRouter(r *gin.RouterGroup) {
-    r.GET("settings/server/name", GetServerName)
-    r.GET("settings", GetSettings)
-    r.POST("settings", SaveSettings)
-
-    r.GET("upgrade/release", GetRelease)
-    r.GET("upgrade/current", GetCurrentVersion)
-    r.GET("upgrade/perform", PerformCoreUpgrade)
+	r.GET("upgrade/release", GetRelease)
+	r.GET("upgrade/current", GetCurrentVersion)
+	r.GET("upgrade/perform", PerformCoreUpgrade)
 }
@@ -2,45 +2,92 @@ package user
 
 import (
 	"github.com/0xJacky/Nginx-UI/api"
-	"github.com/0xJacky/Nginx-UI/model"
+	"github.com/0xJacky/Nginx-UI/internal/logger"
+	"github.com/0xJacky/Nginx-UI/internal/user"
+	"github.com/0xJacky/Nginx-UI/query"
+	"github.com/0xJacky/Nginx-UI/settings"
+	"github.com/gin-gonic/gin"
+	"github.com/pkg/errors"
 	"net/http"
+	"sync"
 	"time"
-
-	"github.com/gin-gonic/gin"
-	"golang.org/x/crypto/bcrypt"
 )
 
+var mutex = &sync.Mutex{}
+
 type LoginUser struct {
 	Name     string `json:"name" binding:"required,max=255"`
 	Password string `json:"password" binding:"required,max=255"`
 }
 
+const (
+	ErrPasswordIncorrect = 4031
+	ErrMaxAttempts       = 4291
+	ErrUserBanned        = 4033
+)
+
 type LoginResponse struct {
 	Message string `json:"message"`
-	Token   string `json:"token"`
+	Error   string `json:"error,omitempty"`
+	Code    int    `json:"code"`
+	Token   string `json:"token,omitempty"`
 }
 
 func Login(c *gin.Context) {
-	var user LoginUser
-	ok := api.BindAndValid(c, &user)
-	if !ok {
+	// make sure that only one request is processed at a time
+	mutex.Lock()
+	defer mutex.Unlock()
+	// check if the ip is banned
+	clientIP := c.ClientIP()
+	b := query.BanIP
+	banIP, _ := b.Where(b.IP.Eq(clientIP),
+		b.ExpiredAt.Gte(time.Now().Unix()),
+		b.Attempts.Gte(settings.AuthSettings.MaxAttempts),
+	).Count()
+
+	if banIP > 0 {
+		c.JSON(http.StatusTooManyRequests, LoginResponse{
+			Message: "Max attempts",
+			Code:    ErrMaxAttempts,
+		})
 		return
 	}
 
-	u, _ := model.GetUser(user.Name)
+	var json LoginUser
+	ok := api.BindAndValid(c, &json)
+	if !ok {
+		return
+	}
 
-	if err := bcrypt.CompareHashAndPassword([]byte(u.Password), []byte(user.Password)); err != nil {
-		time.Sleep(5 * time.Second)
-		c.JSON(http.StatusForbidden, gin.H{
-			"message": "The username or password is incorrect",
-		})
+	u, err := user.Login(json.Name, json.Password)
+	if err != nil {
+		// time.Sleep(5 * time.Second)
+		switch {
+		case errors.Is(err, user.ErrPasswordIncorrect):
+			c.JSON(http.StatusForbidden, LoginResponse{
+				Message: "Password incorrect",
+				Code:    ErrPasswordIncorrect,
+			})
+		case errors.Is(err, user.ErrUserBanned):
+			c.JSON(http.StatusForbidden, LoginResponse{
+				Message: "The user is banned",
+				Code:    ErrUserBanned,
+			})
+		default:
+			api.ErrHandler(c, err)
+		}
+		user.BanIP(clientIP)
 		return
 	}
 
-	token, err := model.GenerateJWT(u.Name)
+	// login success, clear banned record
+	_, _ = b.Where(b.IP.Eq(clientIP)).Delete()
+
+	logger.Info("[User Login]", u.Name)
+	token, err := user.GenerateJWT(u.Name)
 	if err != nil {
-		c.JSON(http.StatusInternalServerError, gin.H{
-			"message": err.Error(),
+		c.JSON(http.StatusInternalServerError, LoginResponse{
+			Message: err.Error(),
 		})
 		return
 	}
@@ -54,7 +101,7 @@ func Login(c *gin.Context) {
 func Logout(c *gin.Context) {
 	token := c.GetHeader("Authorization")
 	if token != "" {
-		err := model.DeleteToken(token)
+		err := user.DeleteToken(token)
 		if err != nil {
 			c.JSON(http.StatusInternalServerError, gin.H{
 				"message": err.Error(),
 
@@ -3,7 +3,7 @@ package user
 import (
 	"fmt"
 	"github.com/0xJacky/Nginx-UI/api"
-	"github.com/0xJacky/Nginx-UI/model"
+	"github.com/0xJacky/Nginx-UI/internal/user"
 	"github.com/0xJacky/Nginx-UI/settings"
 	"github.com/casdoor/casdoor-go-sdk/casdoorsdk"
 	"github.com/gin-gonic/gin"
@@ -53,7 +53,7 @@ func CasdoorCallback(c *gin.Context) {
 		return
 	}
 
-	u, err := model.GetUser(claims.Name)
+	u, err := user.GetUser(claims.Name)
 	if err != nil {
 		if errors.Is(err, gorm.ErrRecordNotFound) {
 			c.JSON(http.StatusForbidden, gin.H{
@@ -65,7 +65,7 @@ func CasdoorCallback(c *gin.Context) {
 		return
 	}
 
-	userToken, err := model.GenerateJWT(u.Name)
+	userToken, err := user.GenerateJWT(u.Name)
 	if err != nil {
 		api.ErrHandler(c, err)
 		return
 
@@ -8,7 +8,6 @@ module.exports = {
     'plugin:vue/vue3-recommended',
     'plugin:import/recommended',
     'plugin:import/typescript',
-    'plugin:promise/recommended',
     'plugin:sonarjs/recommended',
     'plugin:@typescript-eslint/recommended',
 
 
@@ -3,7 +3,7 @@
   "version": "2.0.0-beta.25",
   "type": "module",
   "scripts": {
-    "dev": "vite",
+    "dev": "vite --host",
     "typecheck": "vue-tsc --noEmit",
     "lint": "eslint . -c .eslintrc.cjs --fix --ext .ts,.vue,.tsx,.d.ts",
     "build": "vite build",
@@ -13,17 +13,17 @@
   "dependencies": {
     "@ant-design/icons-vue": "^7.0.1",
     "@formkit/auto-animate": "^0.8.2",
-    "@vue/reactivity": "^3.4.29",
-    "@vue/shared": "^3.4.29",
+    "@vue/reactivity": "^3.4.33",
+    "@vue/shared": "^3.4.33",
     "@vueuse/core": "^10.11.0",
     "@xterm/addon-attach": "^0.11.0",
     "@xterm/addon-fit": "^0.10.0",
     "@xterm/xterm": "^5.5.0",
     "ant-design-vue": "^4.2.3",
-    "apexcharts": "^3.49.1",
+    "apexcharts": "^3.50.0",
     "axios": "^1.7.2",
-    "dayjs": "^1.11.11",
-    "highlight.js": "^11.9.0",
+    "dayjs": "^1.11.12",
+    "highlight.js": "^11.10.0",
     "lodash": "^4.17.21",
     "marked": "^10.0.0",
     "nprogress": "^0.2.0",
@@ -32,42 +32,42 @@
     "reconnecting-websocket": "^4.4.0",
     "sortablejs": "^1.15.2",
     "vite-plugin-build-id": "^0.2.9",
-    "vue": "^3.4.29",
+    "vue": "^3.4.33",
     "vue-github-button": "github:0xJacky/vue-github-button",
-    "vue-router": "^4.3.3",
+    "vue-router": "^4.4.0",
     "vue3-ace-editor": "2.2.4",
     "vue3-apexcharts": "1.4.4",
     "vue3-gettext": "3.0.0-beta.4",
     "vuedraggable": "^4.1.0"
   },
   "devDependencies": {
     "@antfu/eslint-config-vue": "^0.43.1",
-    "@types/lodash": "^4.17.5",
+    "@types/lodash": "^4.17.7",
     "@types/nprogress": "^0.2.3",
     "@types/sortablejs": "^1.15.8",
     "@typescript-eslint/eslint-plugin": "^6.21.0",
     "@typescript-eslint/parser": "^6.21.0",
     "@vitejs/plugin-vue": "^5.0.5",
     "@vitejs/plugin-vue-jsx": "^3.1.0",
-    "@vue/compiler-sfc": "^3.4.29",
+    "@vue/compiler-sfc": "^3.4.33",
     "@vue/tsconfig": "^0.5.1",
-    "ace-builds": "^1.35.0",
+    "ace-builds": "^1.35.3",
     "autoprefixer": "^10.4.19",
     "eslint": "^8.57.0",
     "eslint-import-resolver-alias": "^1.1.2",
     "eslint-import-resolver-typescript": "^3.6.1",
     "eslint-plugin-import": "^2.29.1",
     "eslint-plugin-regex": "^1.10.0",
     "eslint-plugin-sonarjs": "^0.23.0",
-    "eslint-plugin-vue": "^9.26.0",
+    "eslint-plugin-vue": "^9.27.0",
     "less": "^4.2.0",
-    "postcss": "^8.4.38",
-    "tailwindcss": "^3.4.4",
+    "postcss": "^8.4.39",
+    "tailwindcss": "^3.4.6",
     "typescript": "5.3.3",
-    "unplugin-auto-import": "^0.17.6",
+    "unplugin-auto-import": "^0.17.8",
     "unplugin-vue-components": "^0.26.0",
     "unplugin-vue-define-options": "^1.4.5",
-    "vite": "^5.3.1",
+    "vite": "^5.3.4",
     "vite-svg-loader": "^5.1.0",
     "vue-tsc": "^1.8.27"
   },