Added bad login throttling.

1 files changed, 12 insertions, 3 deletions

diff --git a/html.c b/html.c
index f2b1252..8c00961 100644
--- a/html.c
+++ b/html.c
@@ -29,9 +29,18 @@ int login(snac *snac, const xs_dict *headers)
         xs *l1 = xs_split_n(s2, ":", 1);
 
         if (xs_list_len(l1) == 2) {
-            logged_in = check_password(
-                xs_list_get(l1, 0), xs_list_get(l1, 1),
-                xs_dict_get(snac->config, "passwd"));
+            const char *user = xs_list_get(l1, 0);
+            const char *pwd  = xs_list_get(l1, 1);
+            const char *addr = xs_or(xs_dict_get(headers, "remote-addr"),
+                                     xs_dict_get(headers, "x-forwarded-for"));
+
+            if (badlogin_check(user, addr)) {
+                logged_in = check_password(user, pwd,
+                    xs_dict_get(snac->config, "passwd"));
+
+                if (!logged_in)
+                    badlogin_inc(user, addr);
+            }
         }
     }