Notify authentication backends of failed login attempts

Closes #157.
author: Himbeer <himbeer@disroot.org> 2024-11-17 16:39:09 +0100
committer: Himbeer <himbeer@disroot.org> 2024-11-17 16:39:09 +0100
commit: 3b344731fff17f3c5255f278f8f14879e7610f7d (patch)
tree: f92726ba8364a21e450ff4b53fedfd285ab253e5 /process.go
parent: d0d39d2f9f3abb68eec146376b3233c8bc7c1cfa (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/process.go b/process.go
index 71cf0b8..215e6cc 100644
--- a/process.go
+++ b/process.go
@@ -88,7 +88,8 @@ func (cc *ClientConn) process(pkt mt.Pkt) {
 		cc.name = cmd.PlayerName
 		cc.logger.SetPrefix(fmt.Sprintf("[%s %s] ", cc.RemoteAddr(), cc.Name()))
 
-		if DefaultAuth().Banned(cc.RemoteAddr().(*net.UDPAddr)) {
+		ip := cc.RemoteAddr().(*net.UDPAddr).IP.String()
+		if DefaultAuth().Banned(ip, cc.Name()) {
 			cc.Log("<-", "banned")
 			cc.Kick("Banned by proxy.")
 			return
@@ -339,6 +340,11 @@ func (cc *ClientConn) process(pkt mt.Pkt) {
 				})
 			}
 		} else {
+			ip := cc.RemoteAddr().(*net.UDPAddr).IP.String()
+			if err := DefaultAuth().RecordFail(ip, cc.Name(), wantSudo); err != nil {
+				cc.Log("<-", "record auth fail:", err)
+			}
+
 			if wantSudo {
 				cc.Log("<-", "invalid password (sudo)")
 				cc.SendCmd(&mt.ToCltDenySudoMode{})
author	Himbeer <himbeer@disroot.org>	2024-11-17 16:39:09 +0100
committer	Himbeer <himbeer@disroot.org>	2024-11-17 16:39:09 +0100
commit	3b344731fff17f3c5255f278f8f14879e7610f7d (patch)
tree	f92726ba8364a21e450ff4b53fedfd285ab253e5 /process.go
parent	d0d39d2f9f3abb68eec146376b3233c8bc7c1cfa (diff)