首页 发现 帮助
登录
mirrors
/
wekan
镜像自地址 https://github.com/wekan/wekan.git
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

Changed brute force protection package from eluck:accounts-lockout to
lucasantoniassi:accounts-lockout that is maintained and works.
Added Snap/Docker/Source settings.

Thanks to xet7 !

Closes #1572,
closes #1821

Lauri Ojansivu 6 年之前
父节点
4ac8247db0
当前提交
b7c000b78b
共有 10 个文件被更改,包括 90 次插入5 次删除
合并视图 显示文件统计
  1. 1 1
      .meteor/packages
  2. 3 3
      .meteor/versions
  3. 12 0
      Dockerfile
  4. 10 0
      docker-compose.yml
  5. 10 0
      releases/virtualbox/start-wekan.sh
  6. 16 0
      server/accounts-lockout.js
  7. 0 1
      snap-src/bin/config
  8. 18 0
      snap-src/bin/wekan-help
  9. 10 0
      start-wekan.bat
  10. 10 0
      start-wekan.sh

+ 1 - 1
.meteor/packages
查看文件 

@@ -82,7 +82,6 @@ staringatlights:fast-render
 
 mixmax:smart-disconnect
 
 mixmax:smart-disconnect
 
 accounts-password@1.5.0
 
 accounts-password@1.5.0
 
 cfs:gridfs
 
 cfs:gridfs
 
-eluck:accounts-lockout
 
 rzymek:fullcalendar
 
 rzymek:fullcalendar
 
 momentjs:moment@2.22.2
 
 momentjs:moment@2.22.2
 
 browser-policy-framing
 
 browser-policy-framing
 
@@ -92,3 +91,4 @@ wekan-scrollbar
 
 mquandalle:perfect-scrollbar
 
 mquandalle:perfect-scrollbar
 
 mdg:meteor-apm-agent
 
 mdg:meteor-apm-agent
 
 meteorhacks:unblock
 
 meteorhacks:unblock
 
+lucasantoniassi:accounts-lockout

+ 3 - 3
.meteor/versions
查看文件 

@@ -60,7 +60,6 @@ ecmascript-runtime@0.5.0
 
 ecmascript-runtime-client@0.5.0
 
 ecmascript-runtime-client@0.5.0
 
 ecmascript-runtime-server@0.5.0
 
 ecmascript-runtime-server@0.5.0
 
 ejson@1.1.0
 
 ejson@1.1.0
 
-eluck:accounts-lockout@0.9.0
 
 email@1.2.3
 
 email@1.2.3
 
 es5-shim@4.6.15
 
 es5-shim@4.6.15
 
 fastclick@1.0.13
 
 fastclick@1.0.13
 
@@ -82,6 +81,7 @@ launch-screen@1.1.1
 
 livedata@1.0.18
 
 livedata@1.0.18
 
 localstorage@1.2.0
 
 localstorage@1.2.0
 
 logging@1.1.19
 
 logging@1.1.19
 
+lucasantoniassi:accounts-lockout@1.0.0
 
 matb33:collection-hooks@0.8.4
 
 matb33:collection-hooks@0.8.4
 
 matteodem:easy-search@1.6.4
 
 matteodem:easy-search@1.6.4
 
 mdg:meteor-apm-agent@3.1.2
 
 mdg:meteor-apm-agent@3.1.2
 
@@ -145,8 +145,6 @@ reload@1.1.11
 
 retry@1.0.9
 
 retry@1.0.9
 
 routepolicy@1.0.12
 
 routepolicy@1.0.12
 
 rzymek:fullcalendar@3.8.0
 
 rzymek:fullcalendar@3.8.0
 
-wekan-accounts-oidc@1.0.10
 
-wekan-oidc@1.0.12
 
 service-configuration@1.0.11
 
 service-configuration@1.0.11
 
 session@1.1.7
 
 session@1.1.7
 
 sha@1.0.9
 
 sha@1.0.9
 
@@ -181,6 +179,8 @@ useraccounts:unstyled@1.14.2
 
 verron:autosize@3.0.8
 
 verron:autosize@3.0.8
 
 webapp@1.4.0
 
 webapp@1.4.0
 
 webapp-hashing@1.0.9
 
 webapp-hashing@1.0.9
 
+wekan-accounts-oidc@1.0.10
 
+wekan-oidc@1.0.12
 
 wekan-scrollbar@3.1.3
 
 wekan-scrollbar@3.1.3
 
 wekan:accounts-cas@0.1.0
 
 wekan:accounts-cas@0.1.0
 
 wekan:wekan-ldap@0.0.2
 
 wekan:wekan-ldap@0.0.2

+ 12 - 0
Dockerfile
查看文件 

@@ -12,6 +12,12 @@ ARG FIBERS_VERSION
 
 ARG ARCHITECTURE
 
 ARG ARCHITECTURE
 
 ARG SRC_PATH
 
 ARG SRC_PATH
 
 ARG WITH_API
 
 ARG WITH_API
 
+ARG ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE
 
+ARG ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD
 
+ARG ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW
 
+ARG ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE
 
+ARG ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD
 
+ARG ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW
 
 ARG EMAIL_NOTIFICATION_TIMEOUT
 
 ARG EMAIL_NOTIFICATION_TIMEOUT
 
 ARG MATOMO_ADDRESS
 
 ARG MATOMO_ADDRESS
 
 ARG MATOMO_SITE_ID
 
 ARG MATOMO_SITE_ID
 
@@ -102,6 +108,12 @@ ENV BUILD_DEPS="apt-utils bsdtar gnupg gosu wget curl bzip2 build-essential pyth
 
     ARCHITECTURE=linux-x64 \
 
     ARCHITECTURE=linux-x64 \
 
     SRC_PATH=./ \
 
     SRC_PATH=./ \
 
     WITH_API=true \
 
     WITH_API=true \
 
+    ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE=3 \
 
+    ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD=60 \
 
+    ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW=15 \
 
+    ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE=3 \
 
+    ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD=60 \
 
+    ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW=15 \
 
     EMAIL_NOTIFICATION_TIMEOUT=30000 \
 
     EMAIL_NOTIFICATION_TIMEOUT=30000 \
 
     MATOMO_ADDRESS="" \
 
     MATOMO_ADDRESS="" \
 
     MATOMO_SITE_ID="" \
 
     MATOMO_SITE_ID="" \

+ 10 - 0
docker-compose.yml
查看文件 

@@ -221,6 +221,16 @@ services:
 
       # If you disable Wekan API with false, Export Board does not work.
 
       # If you disable Wekan API with false, Export Board does not work.
 
       - WITH_API=true
 
       - WITH_API=true
 
       #---------------------------------------------------------------
 
       #---------------------------------------------------------------
 
+      # ==== PASSWORD BRUTE FORCE PROTECTION ====
 
+      #https://atmospherejs.com/lucasantoniassi/accounts-lockout
 
+      #Defaults below. Uncomment to change. wekan/server/accounts-lockout.js
 
+      #- ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE=3
 
+      #- ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD=60
 
+      #- ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW=15
 
+      #- ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE=3
 
+      #- ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD=60
 
+      #- ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW=15
 
+      #---------------------------------------------------------------
 
       # ==== EMAIL NOTIFICATION TIMEOUT, ms =====
 
       # ==== EMAIL NOTIFICATION TIMEOUT, ms =====
 
       # Defaut: 30000 ms = 30s
 
       # Defaut: 30000 ms = 30s
 
       #- EMAIL_NOTIFICATION_TIMEOUT=30000
 
       #- EMAIL_NOTIFICATION_TIMEOUT=30000

+ 10 - 0
releases/virtualbox/start-wekan.sh
查看文件 

@@ -25,6 +25,16 @@
 
         # Wekan Export Board works when WITH_API='true'.
 
         # Wekan Export Board works when WITH_API='true'.
 
         # If you disable Wekan API, Export Board does not work.
 
         # If you disable Wekan API, Export Board does not work.
 
         export WITH_API='true'
 
         export WITH_API='true'
 
+        #---------------------------------------------------------------
 
+        # ==== PASSWORD BRUTE FORCE PROTECTION ====
 
+        #https://atmospherejs.com/lucasantoniassi/accounts-lockout
 
+        #Defaults below. Uncomment to change. wekan/server/accounts-lockout.js
 
+        #export ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE=3
 
+        #export ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD=60
 
+        #export ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW=15
 
+        #export ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE=3
 
+        #export ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD=60
 
+        #export ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW=15
 
         #---------------------------------------------
 
         #---------------------------------------------
 
         # CORS: Set Access-Control-Allow-Origin header. Example: *
 
         # CORS: Set Access-Control-Allow-Origin header. Example: *
 
         #export CORS=*
 
         #export CORS=*

+ 16 - 0
server/accounts-lockout.js
查看文件 

@@ -0,0 +1,16 @@
 
+// https://atmospherejs.com/lucasantoniassi/accounts-lockout
 
+// server
 
+import { AccountsLockout } from 'meteor/lucasantoniassi:accounts-lockout';
 
+
 
+(new AccountsLockout({
 
+  knownUsers: {
 
+    failuresBeforeLockout: process.env.ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE || 3,
 
+    lockoutPeriod: process.env.ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD || 60,
 
+    failureWindow: process.env.ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW || 15,
 
+  },
 
+  unknownUsers: {
 
+    failuresBeforeLockout: process.env.ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE || 3,
 
+    lockoutPeriod: process.env.ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD || 60,
 
+    failureWindow: process.env.ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW || 15,
 
+  },
 
+})).startup();

文件差异内容过多而无法显示
+ 0 - 1
snap-src/bin/config


+ 18 - 0
snap-src/bin/wekan-help
查看文件 

@@ -40,6 +40,24 @@ echo -e "\t$ snap set $SNAP_NAME with-api='true'"
 
 echo -e "\t-Disable the API:"
 
 echo -e "\t-Disable the API:"
 
 echo -e "\t$ snap set $SNAP_NAME with-api='false'"
 
 echo -e "\t$ snap set $SNAP_NAME with-api='false'"
 
 echo -e "\n"
 
 echo -e "\n"
 
+echo -e "Accounts lockout known users failures before, greater than 0. Default: 3"
 
+echo -e "\t$ snap set $SNAP_NAME accounts-lockout-known-users-failures-before='3'"
 
+echo -e "\n"
 
+echo -e "Accounts lockout know users period, in seconds. Default: 60"
 
+echo -e "\t$ snap set $SNAP_NAME accounts-lockout-known-users-period='60'"
 
+echo -e "\n"
 
+echo -e "Accounts lockout unknown failure window, in seconds. Default: 15"
 
+echo -e "\t$ snap set $SNAP_NAME accounts-lockout-known-users-failure-window='15'"
 
+echo -e "\n"
 
+echo -e "Accounts lockout unknown users failures before, greater than 0. Default: 3"
 
+echo -e "\t$ snap set $SNAP_NAME accounts-lockout-unknown-users-failures-before='3'"
 
+echo -e "\n"
 
+echo -e "Accounts lockout unknown users lockout period, in seconds. Default: 60"
 
+echo -e "\t$ snap set $SNAP_NAME accounts-lockout-unknown-users-lockout-period='60'"
 
+echo -e "\n"
 
+echo -e "Accounts lockout unknown users failure window, in seconds. Default: 15"
 
+echo -e "\t$ snap set $SNAP_NAME accounts-lockout-unknown-users-failure-window='15'"
 
+echo -e "\n"
 
 echo -e "To enable the Email Notification Timeout of wekan in ms, default 30000 (=30s):"
 
 echo -e "To enable the Email Notification Timeout of wekan in ms, default 30000 (=30s):"
 
 echo -e "\t$ snap set $SNAP_NAME email-notification-timeout='10000'"
 
 echo -e "\t$ snap set $SNAP_NAME email-notification-timeout='10000'"
 
 echo -e "\t-Disable the Email Notification Timeout of Wekan:"
 
 echo -e "\t-Disable the Email Notification Timeout of Wekan:"

+ 10 - 0
start-wekan.bat
查看文件 

@@ -14,6 +14,16 @@ SET PORT=2000
 
 REM # If you disable Wekan API with false, Export Board does not work.
 
 REM # If you disable Wekan API with false, Export Board does not work.
 
 SET WITH_API=true
 
 SET WITH_API=true
 
 
 
+REM # ==== PASSWORD BRUTE FORCE PROTECTION ====
 
+REM #https://atmospherejs.com/lucasantoniassi/accounts-lockout
 
+REM #Defaults below. Uncomment to change. wekan/server/accounts-lockout.js
 
+REM SET ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE=3
 
+REM SET ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD=60
 
+REM SET ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW=15
 
+REM SET ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE=3
 
+REM SET ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD=60
 
+REM SET ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW=15
 
+
 
 REM # Optional: Integration with Matomo https://matomo.org that is installed to your server
 
 REM # Optional: Integration with Matomo https://matomo.org that is installed to your server
 
 REM # The address of the server where Matomo is hosted.
 
 REM # The address of the server where Matomo is hosted.
 
 REM # example: - MATOMO_ADDRESS=https://example.com/matomo
 
 REM # example: - MATOMO_ADDRESS=https://example.com/matomo

+ 10 - 0
start-wekan.sh
查看文件 

@@ -43,6 +43,16 @@ function wekan_repo_check(){
 
       # Wekan Export Board works when WITH_API=true.
 
       # Wekan Export Board works when WITH_API=true.
 
       # If you disable Wekan API with false, Export Board does not work.
 
       # If you disable Wekan API with false, Export Board does not work.
 
       export WITH_API='true'
 
       export WITH_API='true'
 
+      #---------------------------------------------------------------
 
+      # ==== PASSWORD BRUTE FORCE PROTECTION ====
 
+      #https://atmospherejs.com/lucasantoniassi/accounts-lockout
 
+      #Defaults below. Uncomment to change. wekan/server/accounts-lockout.js
 
+      #export ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE=3
 
+      #export ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD=60
 
+      #export ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW=15
 
+      #export ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE=3
 
+      #export ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD=60
 
+      #export ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW=15
 
       #---------------------------------------------
 
       #---------------------------------------------
 
       # CORS: Set Access-Control-Allow-Origin header. Example: *
 
       # CORS: Set Access-Control-Allow-Origin header. Example: *
 
       #export CORS=*
 
       #export CORS=*

部分文件因为文件数量过多而无法显示