72 lines
1.1 KiB
Go
72 lines
1.1 KiB
Go
|
package fail2ban
|
||
|
|
|
||
|
|
import (
|
||
|
|
"sync"
|
||
|
|
"time"
|
||
|
|
)
|
||
|
|
|
||
|
|
type Client struct {
|
||
|
|
FailedAttempts int
|
||
|
|
BlockedUntil time.Time
|
||
|
|
}
|
||
|
|
|
||
|
|
type Fail2Ban struct {
|
||
|
|
mu sync.Mutex
|
||
|
|
clients map[string]*Client
|
||
|
|
}
|
||
|
|
|
||
|
|
func NewFail2Ban() *Fail2Ban {
|
||
|
|
return &Fail2Ban{
|
||
|
|
clients: make(map[string]*Client),
|
||
|
|
mu: sync.Mutex{},
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
func (f *Fail2Ban) FailedAttempt(ip string) {
|
||
|
|
f.mu.Lock()
|
||
|
|
defer f.mu.Unlock()
|
||
|
|
|
||
|
|
client, ok := f.clients[ip]
|
||
|
|
if !ok {
|
||
|
|
client = &Client{}
|
||
|
|
f.clients[ip] = client
|
||
|
|
}
|
||
|
|
|
||
|
|
client.FailedAttempts++
|
||
|
|
if client.FailedAttempts >= 3 {
|
||
|
|
client.BlockedUntil = time.Now().Add(10 * time.Minute)
|
||
|
|
client.FailedAttempts = 0
|
||
|
|
|
||
|
|
// Automatically unblock the client after 1 hour
|
||
|
|
time.AfterFunc(1*time.Hour, func() {
|
||
|
|
f.unblockClient(ip)
|
||
|
|
})
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
func (f *Fail2Ban) unblockClient(ip string) {
|
||
|
|
f.mu.Lock()
|
||
|
|
defer f.mu.Unlock()
|
||
|
|
|
||
|
|
client, ok := f.clients[ip]
|
||
|
|
if ok {
|
||
|
|
client.BlockedUntil = time.Time{}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
func (f *Fail2Ban) CanChangePassword(ip string) bool {
|
||
|
|
f.mu.Lock()
|
||
|
|
defer f.mu.Unlock()
|
||
|
|
|
||
|
|
client, ok := f.clients[ip]
|
||
|
|
if !ok {
|
||
|
|
return true
|
||
|
|
}
|
||
|
|
|
||
|
|
if time.Now().Before(client.BlockedUntil) {
|
||
|
|
return false
|
||
|
|
}
|
||
|
|
|
||
|
|
return true
|
||
|
|
}
|