alarm audit

Signed-off-by: 21pages <pages21@163.com>
2022-12-20 16:20:42 +08:00 · 2022-12-20 16:20:42 +08:00 · 56f154f69a
commit 56f154f69a
parent 866ab24087
1 changed files with 47 additions and 0 deletions
--- a/src/server/connection.rs
+++ b/src/server/connection.rs
@ -654,6 +654,13 @@ impl Connection {
        {
            self.send_login_error("Your ip is blocked by the peer")
                .await;
+            Self::post_alarm_audit(
+                AlarmAuditType::IpWhiltelist, //"ip whiltelist",
+                true,
+                json!({
+                            "ip":addr.ip(),
+                }),
+            );
            sleep(1.).await;
            return false;
        }
@ -750,6 +757,26 @@ impl Connection {
        });
    }

+    pub fn post_alarm_audit(typ: AlarmAuditType, from_remote: bool, info: Value) {
+        let url = crate::get_audit_server(
+            Config::get_option("api-server"),
+            Config::get_option("custom-rendezvous-server"),
+            "alarm".to_owned(),
+        );
+        if url.is_empty() {
+            return;
+        }
+        let mut v = Value::default();
+        v["id"] = json!(Config::get_id());
+        v["uuid"] = json!(base64::encode(hbb_common::get_uuid()));
+        v["typ"] = json!(typ as i8);
+        v["from_remote"] = json!(from_remote);
+        v["info"] = serde_json::Value::String(info.to_string());
+        tokio::spawn(async move {
+            allow_err!(Self::post_audit_async(url, v).await);
+        });
+    }
+
    #[inline]
    async fn post_audit_async(url: String, v: Value) -> ResultType<String> {
        crate::post_request(url, v.to_string(), "").await
@ -1157,8 +1184,22 @@ impl Connection {
                if failure.2 > 30 {
                    self.send_login_error("Too many wrong password attempts")
                        .await;
+                    Self::post_alarm_audit(
+                        AlarmAuditType::ManyWrongPassword,
+                        true,
+                        json!({
+                                    "ip":self.ip,
+                        }),
+                    );
                } else if time == failure.0 && failure.1 > 6 {
                    self.send_login_error("Please try 1 minute later").await;
+                    Self::post_alarm_audit(
+                        AlarmAuditType::FrequentAttempt,
+                        true,
+                        json!({
+                                    "ip":self.ip,
+                        }),
+                    );
                } else if !self.validate_password() {
                    if failure.0 == time {
                        failure.1 += 1;
@ -1819,3 +1860,9 @@ struct ConnAuditResponse {
    ret: bool,
    action: String,
 }
+
+pub enum AlarmAuditType {
+    IpWhiltelist = 0,
+    ManyWrongPassword = 1,
+    FrequentAttempt = 2,
+}