summaryrefslogtreecommitdiff
path: root/lib/VN3/User/Login.pm
blob: 7660762a3003032098d28a6e178a003c6e29f19b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
package VN3::User::Login;

use VN3::Prelude;

# TODO: Redirect to a password change form when a user logs in with an insecure password.

TUWF::get '/u/login' => sub {
    return tuwf->resRedirect('/', 'temp') if auth;
    Framework title => 'Login', center => 1, sub {
        Div 'data-elm-module' => 'User.Login', '';
    };
};


my $elm_Throttled = elm_api 'Throttled';
my $elm_BadLogin = elm_api 'BadLogin';

json_api '/u/login', {
    username => { username => 1 },
    password => { password => 1 }
}, sub {
    my $data = shift;

    my $conf = tuwf->conf->{login_throttle} || [ 24*3600/10, 24*3600 ];
    my $ip = norm_ip tuwf->reqIP;

    my $tm = tuwf->dbVali(
        'SELECT', sql_totime('greatest(timeout, now())'), 'FROM login_throttle WHERE ip =', \$ip
    ) || time;

    return $elm_Throttled->() if $tm-time() > $conf->[1];
    return $elm_Success->() if auth->login($data->{username}, $data->{password});

    # Failed login, update throttle.
    my $upd = {
        ip      => \$ip,
        timeout => sql_fromtime $tm+$conf->[0]
    };
    tuwf->dbExeci('INSERT INTO login_throttle', $upd, 'ON CONFLICT (ip) DO UPDATE SET', $upd);
    $elm_BadLogin->()
};


TUWF::get qr{/$UID_RE/logout}, sub {
    return tuwf->resNotFound if !auth || auth->uid != tuwf->capture('id');
    auth->logout;
    tuwf->resRedirect('/', 'temp');
};

1;