Expose WebUI ban duration to users

2026-01-02 05:38:06 -06:00 · 2020-02-12 22:04:54 +08:00
parent e162aef5be
commit b02eb32806
7 changed files with 63 additions and 16 deletions
--- a/src/webui/api/appcontroller.cpp
+++ b/src/webui/api/appcontroller.cpp
@@ -233,6 +233,7 @@ void AppController::preferencesAction()
        authSubnetWhitelistStringList << Utils::Net::subnetToString(subnet);
    data["bypass_auth_subnet_whitelist"] = authSubnetWhitelistStringList.join("\n");
    data["web_ui_max_auth_fail_count"] = pref->getWebUIMaxAuthFailCount();
+    data["web_ui_ban_duration"] = static_cast<int>(pref->getWebUIBanDuration().count());
    data["web_ui_session_timeout"] = pref->getWebUISessionTimeout();
    // Use alternative Web UI
    data["alternative_webui_enabled"] = pref->isAltWebUiEnabled();
@@ -604,6 +605,8 @@ void AppController::setPreferencesAction()
    }
    if (hasKey("web_ui_max_auth_fail_count"))
        pref->setWebUIMaxAuthFailCount(it.value().toInt());
+    if (hasKey("web_ui_ban_duration"))
+        pref->setWebUIBanDuration(std::chrono::seconds {it.value().toInt()});
    if (hasKey("web_ui_session_timeout"))
        pref->setWebUISessionTimeout(it.value().toInt());
    // Use alternative Web UI
--- a/src/webui/api/authcontroller.cpp
+++ b/src/webui/api/authcontroller.cpp
@@ -36,8 +36,6 @@
 #include "apierror.h"
 #include "isessionmanager.h"

-constexpr int BAN_TIME = 3600000; // 1 hour
-
 void AuthController::loginAction()
 {
    if (sessionManager()->session()) {
@@ -116,6 +114,6 @@ void AuthController::increaseFailedAttempts()
    if (failedLogin.failedAttemptsCount >= Preferences::instance()->getWebUIMaxAuthFailCount()) {
        // Max number of failed attempts reached
        // Start ban period
-        failedLogin.banTimer.setRemainingTime(BAN_TIME);
+        failedLogin.banTimer.setRemainingTime(Preferences::instance()->getWebUIBanDuration());
    }
 }
--- a/src/webui/www/private/views/preferences.html
+++ b/src/webui/www/private/views/preferences.html
@@ -733,6 +733,10 @@
                    <td><label for="webUIMaxAuthFailCountInput">QBT_TR(Ban client after consecutive failures:)QBT_TR[CONTEXT=OptionsDialog]</label></td>
                    <td><input type="number" id="webUIMaxAuthFailCountInput" style="width: 4em;" min="0" /></td>
                </tr>
+                <tr>
+                    <td style="text-align: right;"><label for="webUIBanDurationInput">QBT_TR(ban for:)QBT_TR[CONTEXT=OptionsDialog]</label></td>
+                    <td><input type="number" id="webUIBanDurationInput" style="width: 4em;" min="1" />QBT_TR(seconds)QBT_TR[CONTEXT=OptionsDialog]</td>
+                </tr>
            </table>
            <table>
                <tr>
@@ -1725,6 +1729,7 @@
                        $('bypass_auth_subnet_whitelist_textarea').setProperty('value', pref.bypass_auth_subnet_whitelist);
                        updateBypasssAuthSettings();
                        $('webUIMaxAuthFailCountInput').setProperty('value', pref.web_ui_max_auth_fail_count.toInt());
+                        $('webUIBanDurationInput').setProperty('value', pref.web_ui_ban_duration.toInt());
                        $('webUISessionTimeoutInput').setProperty('value', pref.web_ui_session_timeout.toInt());

                        // Use alternative Web UI
@@ -2089,6 +2094,7 @@
            settings.set('bypass_auth_subnet_whitelist_enabled', $('bypass_auth_subnet_whitelist_checkbox').getProperty('checked'));
            settings.set('bypass_auth_subnet_whitelist', $('bypass_auth_subnet_whitelist_textarea').getProperty('value'));
            settings.set('web_ui_max_auth_fail_count', $('webUIMaxAuthFailCountInput').getProperty('value'));
+            settings.set('web_ui_ban_duration', $('webUIBanDurationInput').getProperty('value'));
            settings.set('web_ui_session_timeout', $('webUISessionTimeoutInput').getProperty('value'));

            // Use alternative Web UI