feat(auth): improve slack messages #281 #287
Conversation
|
Hey @caebwallace Thanks for your contribution. I will take a look and merge it in after my PR. |
|
It looks like a great enhancement! |
|
I use a vps for yet with haproxy as a load balancer + SSL certificate, but could be a good idea to integrate it directly in the docker-compose stack 👍 |
|
Hey @caebwallace I pushed some refactored code to your branch. I managed to use dockerised fail2ban to put in It did ban as per screenshots: And it did add rules to iptrables: However, for some reason, I still can access the frontend. As I am not an expert on the network, I will need some more to dig into why it's not blocking me. I used this docker-image https://github.com/crazy-max/docker-fail2ban |
|
Hi @chrisleekr |
|
Yes, both should be on the same network. |
|
You created the f2b chain and added rules but the chain you have created must be added to the main input chain with accept rule and the packets will hit the f2b chain, reject what it needs and return to the input chain. |
|
I've been thinking about this. There are many traders running the bot with Windows which does not have fail2ban. In that case, this change may not effective to them. So alternatively, I think this would be good to prevent the brute force attack - https://github.com/animir/node-rate-limiter-flexible/wiki/Overall-example#minimal-protection-against-password-brute-force What do you think? |
|
Using a nodejs library instead of a third party app is generally better, because you've a lot of flexibility (you can use already made notification events). |
Sounds good! |
caebwallace
changed the title
|
@chrisleekr as this PR is about improving slack messages, I took the time to study on Apprise as you suggested in @pedrohusky 's pull request, and although it's written in python, it also provides a REST API which can store Keys for more than 60 messaging services, and it deploys in docker container. Then, you can simply remove altogether the slack code from the bot, add this docker container to your compose file and instruct users how to add their keys for what notification services they want to configure. The trivial steps would be: here is the complete information: https://github.com/caronc/apprise-api |
|
Thanks for the suggestion. I think that change will be done later with this issue - #106 |
|
No gf tonight :) |
Yes, I started. I will ask you to review later. |
Auth handler improvements.
Description
Add a visual icon to authentication slack messages (for success or fail) and the client IP.
Generate a log file accessible to the server that log auth attempts and allow to ban hosts that try to brute force auth.
Related Issue
#281
Motivation and Context
As I've installed the bot on a VPS with a protection password, I start to have someone that try to login to the bot.
To avoid that, I've made changes to log auth attempts and make a fail2ban jail to ban bad boys.
How Has This Been Tested?
It's actually installed on my VPS (and works fine)
Extras
I've prepared a configuration variable with the name of the bot, that can be used in the code (instead of typing Binance Trading Bot everytime we need it), in the future be used for all the product and why not be editable from config modal directly.