feat: add IP-based login brute-force protection (#531)
* feat: add IP-based login brute-force protection - Per-IP rate limiting: 3 failed login attempts locks the IP for 1 hour - Separate counters for password login and token auth - Global safety net: 20 req/min, hard lock after 50 total failures - Persistent lock state to ~/.hermes-web-ui/.login-lock.json (survives restarts) - Manual unlock: edit or delete the lock file - Frontend handles 429/503 responses with localized error messages - i18n support for 8 languages * feat: add locked IP management endpoint and UI - GET /api/auth/locked-ips: list all currently locked IPs (protected) - DELETE /api/auth/locked-ips/:ip: unlock a specific IP (protected) - DELETE /api/auth/locked-ips: unlock all IPs (protected) - AccountSettings: shows locked IPs with remaining time, unlock buttons - i18n support for 8 languages - Clean up stale .js artifacts, add .gitignore rule * fix: cross-type IP lock and IPv6-compatible unlock route - Password and token login now share IP lock state: if an IP is locked by either method, ALL auth methods are blocked for that IP - Changed unlock endpoint from path param to query param (?ip=xxx) to support IPv6 addresses containing colons - Merged unlockIp and unlockAll into a single handler * chore: increase global login rate limit from 20 to 100 requests per minute Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> --------- Co-authored-by: ekko <fqsy1416@gmail.com> Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
ccc
@@ -14,6 +14,7 @@ export default {
|
||||
passwordPlaceholder: 'パスワード',
|
||||
credentialsRequired: 'ユーザー名とパスワードを入力してください',
|
||||
invalidCredentials: 'ユーザー名またはパスワードが正しくありません',
|
||||
tooManyAttempts: 'ログイン試行回数が多すぎます。しばらくしてからお試しください',
|
||||
passwordMismatch: 'パスワードが一致しません',
|
||||
passwordTooShort: 'パスワードは6文字以上必要です',
|
||||
setupSuccess: 'パスワードログインが設定されました',
|
||||
@@ -519,6 +520,16 @@ export default {
|
||||
cors: 'CORS 許可元',
|
||||
corsHint: '許可するクロスオリジン',
|
||||
},
|
||||
lockedIps: {
|
||||
title: 'ロック済みIP管理',
|
||||
count: '{count}件ロック中',
|
||||
empty: 'ロック済みIPなし',
|
||||
unlock: 'ロック解除',
|
||||
unlockAll: '全て解除',
|
||||
unlockAllConfirm: '全てのロック済みIPを解除しますか?',
|
||||
unlocked: 'IPをロック解除しました',
|
||||
allUnlocked: '{count}件のIPをロック解除しました',
|
||||
},
|
||||
},
|
||||
|
||||
// プラットフォームチャンネル設定
|
||||
|
||||
Reference in New Issue
Block a user