lock accounts after enough failed login attempts

2025-04-29 11:32:48 +01:00 · 2025-04-29 11:32:48 +01:00 · 1c0e541c89
commit 1c0e541c89
parent 5cc9a1ca76
7 changed files with 153 additions and 13 deletions
--- a/controller/account.go
+++ b/controller/account.go
@ -110,3 +110,26 @@ func DeleteAccount(db *sqlx.DB, accountID string) error {
    _, err := db.Exec("DELETE FROM account WHERE id=$1", accountID)
    return err
 }
+
+func IncrementAccountFails(db *sqlx.DB, accountID string) (bool, error) {
+	failAttempts := 0
+	err := db.Get(&failAttempts, "UPDATE account SET fail_attempts = fail_attempts + 1 WHERE id=$1 RETURNING fail_attempts", accountID)
+	if err != nil { return false, err }
+	locked := false
+	if failAttempts >= model.MAX_LOGIN_FAIL_ATTEMPTS {
+		err = LockAccount(db, accountID)
+		if err != nil { return false, err }
+		locked = true
+	}
+	return locked, err
+}
+
+func LockAccount(db *sqlx.DB, accountID string) error {
+	_, err := db.Exec("UPDATE account SET locked = true WHERE id=$1", accountID)
+	return err
+}
+
+func UnlockAccount(db *sqlx.DB, accountID string) error {
+	_, err := db.Exec("UPDATE account SET locked = false, fail_attempts = 0 WHERE id=$1", accountID)
+	return err
+}
--- a/controller/migrator.go
+++ b/controller/migrator.go
@ -8,7 +8,7 @@ import (
 	"github.com/jmoiron/sqlx"
 )

-const DB_VERSION int = 3
+const DB_VERSION int = 4

 func CheckDBVersionAndMigrate(db *sqlx.DB) {
    db.MustExec("CREATE SCHEMA IF NOT EXISTS arimelody")
@ -45,6 +45,10 @@ func CheckDBVersionAndMigrate(db *sqlx.DB) {
            ApplyMigration(db, "002-audit-logs")
            oldDBVersion = 3

+        case 3:
+            ApplyMigration(db, "003-fail-lock")
+            oldDBVersion = 4
+
        }
    }