Expose WebUI ban duration to users

2024-10-22 10:46:04 +03:00 · 2020-02-12 22:04:54 +08:00 · 2020-02-12 22:04:54 +08:00 · b02eb32806
commit b02eb32806
parent e162aef5be
7 changed files with 63 additions and 16 deletions
--- a/src/base/preferences.cpp
+++ b/src/base/preferences.cpp
@ -29,6 +29,8 @@

 #include "preferences.h"

+#include <chrono>
+
 #ifdef Q_OS_MACOS
 #include <CoreServices/CoreServices.h>
 #endif
@ -631,6 +633,16 @@ void Preferences::setWebUIMaxAuthFailCount(const int count)
    setValue("Preferences/WebUI/MaxAuthenticationFailCount", count);
 }

+std::chrono::seconds Preferences::getWebUIBanDuration() const
+{
+    return std::chrono::seconds {value("Preferences/WebUI/BanDuration", 3600).toInt()};
+}
+
+void Preferences::setWebUIBanDuration(const std::chrono::seconds duration)
+{
+    setValue("Preferences/WebUI/BanDuration", static_cast<int>(duration.count()));
+}
+
 int Preferences::getWebUISessionTimeout() const
 {
    return value("Preferences/WebUI/SessionTimeout", 3600).toInt();
--- a/src/base/preferences.h
+++ b/src/base/preferences.h
@ -196,6 +196,8 @@ public:
    void setWebUIPassword(const QByteArray &password);
    int getWebUIMaxAuthFailCount() const;
    void setWebUIMaxAuthFailCount(int count);
+    std::chrono::seconds getWebUIBanDuration() const;
+    void setWebUIBanDuration(std::chrono::seconds duration);
    int getWebUISessionTimeout() const;
    void setWebUISessionTimeout(int timeout);

--- a/src/gui/optionsdialog.cpp
+++ b/src/gui/optionsdialog.cpp
@ -422,6 +422,7 @@ OptionsDialog::OptionsDialog(QWidget *parent)
    connect(m_ui->checkBypassAuthSubnetWhitelist, &QAbstractButton::toggled, this, &ThisType::enableApplyButton);
    connect(m_ui->checkBypassAuthSubnetWhitelist, &QAbstractButton::toggled, m_ui->IPSubnetWhitelistButton, &QPushButton::setEnabled);
    connect(m_ui->spinBanCounter, qSpinBoxValueChanged, this, &ThisType::enableApplyButton);
+    connect(m_ui->spinBanDuration, qSpinBoxValueChanged, this, &ThisType::enableApplyButton);
    connect(m_ui->spinSessionTimeout, qSpinBoxValueChanged, this, &ThisType::enableApplyButton);
    connect(m_ui->checkClickjacking, &QCheckBox::toggled, this, &ThisType::enableApplyButton);
    connect(m_ui->checkCSRFProtection, &QCheckBox::toggled, this, &ThisType::enableApplyButton);
@ -772,6 +773,7 @@ void OptionsDialog::saveOptions()
        pref->setWebUIHttpsCertificatePath(m_ui->textWebUIHttpsCert->selectedPath());
        pref->setWebUIHttpsKeyPath(m_ui->textWebUIHttpsKey->selectedPath());
        pref->setWebUIMaxAuthFailCount(m_ui->spinBanCounter->value());
+        pref->setWebUIBanDuration(std::chrono::seconds {m_ui->spinBanDuration->value()});
        pref->setWebUISessionTimeout(m_ui->spinSessionTimeout->value());
        // Authentication
        pref->setWebUiUsername(webUiUsername());
@ -1156,6 +1158,7 @@ void OptionsDialog::loadOptions()
    m_ui->checkBypassAuthSubnetWhitelist->setChecked(pref->isWebUiAuthSubnetWhitelistEnabled());
    m_ui->IPSubnetWhitelistButton->setEnabled(m_ui->checkBypassAuthSubnetWhitelist->isChecked());
    m_ui->spinBanCounter->setValue(pref->getWebUIMaxAuthFailCount());
+    m_ui->spinBanDuration->setValue(pref->getWebUIBanDuration().count());
    m_ui->spinSessionTimeout->setValue(pref->getWebUISessionTimeout());

    // Security
--- a/src/gui/optionsdialog.ui
+++ b/src/gui/optionsdialog.ui
@ -2987,25 +2987,15 @@ Specify an IPv4 or IPv6 address. You can specify &quot;0.0.0.0&quot; for any IPv
                   </widget>
                  </item>
                  <item>
-                   <layout class="QHBoxLayout" name="horizontalLayout_19">
-                    <item>
+                   <layout class="QGridLayout" name="gridLayout_10">
+                    <item row="0" column="0">
                     <widget class="QLabel" name="lblBanCounter">
                      <property name="text">
                       <string>Ban client after consecutive failures:</string>
                      </property>
                     </widget>
                    </item>
-                    <item>
-                     <widget class="QSpinBox" name="spinBanCounter">
-                      <property name="specialValueText">
-                       <string>Never</string>
-                      </property>
-                      <property name="maximum">
-                       <number>2147483647</number>
-                      </property>
-                     </widget>
-                    </item>
-                    <item>
+                    <item row="0" column="2">
                     <spacer name="horizontalSpacer_15">
                      <property name="orientation">
                       <enum>Qt::Horizontal</enum>
@ -3018,6 +3008,39 @@ Specify an IPv4 or IPv6 address. You can specify &quot;0.0.0.0&quot; for any IPv
                      </property>
                     </spacer>
                    </item>
+                    <item row="0" column="1">
+                     <widget class="QSpinBox" name="spinBanCounter">
+                      <property name="specialValueText">
+                       <string>Never</string>
+                      </property>
+                      <property name="maximum">
+                       <number>2147483647</number>
+                      </property>
+                     </widget>
+                    </item>
+                    <item row="1" column="0">
+                     <widget class="QLabel" name="lblBanDuration">
+                      <property name="text">
+                       <string>ban for:</string>
+                      </property>
+                      <property name="alignment">
+                       <set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
+                      </property>
+                     </widget>
+                    </item>
+                    <item row="1" column="1">
+                     <widget class="QSpinBox" name="spinBanDuration">
+                      <property name="suffix">
+                       <string> sec</string>
+                      </property>
+                      <property name="minimum">
+                       <number>1</number>
+                      </property>
+                      <property name="maximum">
+                       <number>2147483647</number>
+                      </property>
+                     </widget>
+                    </item>
                   </layout>
                  </item>
                  <item>
--- a/src/webui/api/appcontroller.cpp
+++ b/src/webui/api/appcontroller.cpp
@ -233,6 +233,7 @@ void AppController::preferencesAction()
        authSubnetWhitelistStringList << Utils::Net::subnetToString(subnet);
    data["bypass_auth_subnet_whitelist"] = authSubnetWhitelistStringList.join("\n");
    data["web_ui_max_auth_fail_count"] = pref->getWebUIMaxAuthFailCount();
+    data["web_ui_ban_duration"] = static_cast<int>(pref->getWebUIBanDuration().count());
    data["web_ui_session_timeout"] = pref->getWebUISessionTimeout();
    // Use alternative Web UI
    data["alternative_webui_enabled"] = pref->isAltWebUiEnabled();
@ -604,6 +605,8 @@ void AppController::setPreferencesAction()
    }
    if (hasKey("web_ui_max_auth_fail_count"))
        pref->setWebUIMaxAuthFailCount(it.value().toInt());
+    if (hasKey("web_ui_ban_duration"))
+        pref->setWebUIBanDuration(std::chrono::seconds {it.value().toInt()});
    if (hasKey("web_ui_session_timeout"))
        pref->setWebUISessionTimeout(it.value().toInt());
    // Use alternative Web UI
--- a/src/webui/api/authcontroller.cpp
+++ b/src/webui/api/authcontroller.cpp
@ -36,8 +36,6 @@
 #include "apierror.h"
 #include "isessionmanager.h"

-constexpr int BAN_TIME = 3600000; // 1 hour
-
 void AuthController::loginAction()
 {
    if (sessionManager()->session()) {
@ -116,6 +114,6 @@ void AuthController::increaseFailedAttempts()
    if (failedLogin.failedAttemptsCount >= Preferences::instance()->getWebUIMaxAuthFailCount()) {
        // Max number of failed attempts reached
        // Start ban period
-        failedLogin.banTimer.setRemainingTime(BAN_TIME);
+        failedLogin.banTimer.setRemainingTime(Preferences::instance()->getWebUIBanDuration());
    }
 }
--- a/src/webui/www/private/views/preferences.html
+++ b/src/webui/www/private/views/preferences.html
@ -733,6 +733,10 @@
                    <td><label for="webUIMaxAuthFailCountInput">QBT_TR(Ban client after consecutive failures:)QBT_TR[CONTEXT=OptionsDialog]</label></td>
                    <td><input type="number" id="webUIMaxAuthFailCountInput" style="width: 4em;" min="0" /></td>
                </tr>
+                <tr>
+                    <td style="text-align: right;"><label for="webUIBanDurationInput">QBT_TR(ban for:)QBT_TR[CONTEXT=OptionsDialog]</label></td>
+                    <td><input type="number" id="webUIBanDurationInput" style="width: 4em;" min="1" />QBT_TR(seconds)QBT_TR[CONTEXT=OptionsDialog]</td>
+                </tr>
            </table>
            <table>
                <tr>
@ -1725,6 +1729,7 @@
                        $('bypass_auth_subnet_whitelist_textarea').setProperty('value', pref.bypass_auth_subnet_whitelist);
                        updateBypasssAuthSettings();
                        $('webUIMaxAuthFailCountInput').setProperty('value', pref.web_ui_max_auth_fail_count.toInt());
+                        $('webUIBanDurationInput').setProperty('value', pref.web_ui_ban_duration.toInt());
                        $('webUISessionTimeoutInput').setProperty('value', pref.web_ui_session_timeout.toInt());

                        // Use alternative Web UI
@ -2089,6 +2094,7 @@
            settings.set('bypass_auth_subnet_whitelist_enabled', $('bypass_auth_subnet_whitelist_checkbox').getProperty('checked'));
            settings.set('bypass_auth_subnet_whitelist', $('bypass_auth_subnet_whitelist_textarea').getProperty('value'));
            settings.set('web_ui_max_auth_fail_count', $('webUIMaxAuthFailCountInput').getProperty('value'));
+            settings.set('web_ui_ban_duration', $('webUIBanDurationInput').getProperty('value'));
            settings.set('web_ui_session_timeout', $('webUISessionTimeoutInput').getProperty('value'));

            // Use alternative Web UI