Merge pull request #156 from sorokya/limit-password-change

sorokya · Aug 17, 2024 · 4545d55 · 4545d55
2 parents 4a4a323 + 5967010
commit 4545d55
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 0 deletions.
diff --git a/config/PacketRateLimits.ron b/config/PacketRateLimits.ron
@@ -6,6 +6,7 @@
 
 (
   packets: [
+    (family: "Account", action: "Agree", limit: 1000),
     (family: "Attack", action: "Use", limit: 500),
     (family: "Bank", action: "Open", limit: 1000),
     (family: "Barber", action: "Open", limit: 1000),

diff --git a/src/player/player/handlers/account.rs b/src/player/player/handlers/account.rs
@@ -275,7 +275,15 @@ impl Player {
             }
         };
 
+        self.login_attempts += 1;
+
         if !exists {
+            if self.login_attempts >= SETTINGS.server.max_login_attempts {
+                self.close("Too many password change attempts".to_string())
+                    .await;
+                return;
+            }
+
             let _ = self
                 .bus
                 .send(
@@ -328,6 +336,12 @@ impl Player {
         let username: String = row.get("name").unwrap();
         let password_hash: String = row.get("password_hash").unwrap();
         if !validate_password(&username, &agree.old_password, &password_hash) {
+            if self.login_attempts >= SETTINGS.server.max_login_attempts {
+                self.close("Too many password change attempts".to_string())
+                    .await;
+                return;
+            }
+
             let _ = self
                 .bus
                 .send(
@@ -344,6 +358,8 @@ impl Player {
             return;
         }
 
+        self.login_attempts = 0;
+
         let account_id: i32 = row.get("id").unwrap();
 
         let password_hash = generate_password_hash(&username, &agree.new_password);