wekan/server/methods/lockoutSettings.js

import { AccountsLockout } from 'meteor/wekan-accounts-lockout';
import { ReactiveCache } from '/imports/reactiveCache';
import LockoutSettings from '/models/lockoutSettings';

Meteor.methods({
  reloadAccountsLockout() {
    // Check if user has admin rights
    const userId = Meteor.userId();
    if (!userId) {
      throw new Meteor.Error('error-invalid-user', 'Invalid user');
    }
    const user = ReactiveCache.getUser(userId);
    if (!user || !user.isAdmin) {
      throw new Meteor.Error('error-not-allowed', 'Not allowed');
    }

    try {
      // Get configurations from database
      const knownUsersConfig = {
        failuresBeforeLockout: LockoutSettings.findOne('known-failuresBeforeLockout')?.value || 3,
        lockoutPeriod: LockoutSettings.findOne('known-lockoutPeriod')?.value || 60,
        failureWindow: LockoutSettings.findOne('known-failureWindow')?.value || 15
      };

      const unknownUsersConfig = {
        failuresBeforeLockout: LockoutSettings.findOne('unknown-failuresBeforeLockout')?.value || 3,
        lockoutPeriod: LockoutSettings.findOne('unknown-lockoutPeriod')?.value || 60,
        failureWindow: LockoutSettings.findOne('unknown-failureWindow')?.value || 15
      };

      // Initialize the AccountsLockout with configuration
      const accountsLockout = new AccountsLockout({
        knownUsers: knownUsersConfig,
        unknownUsers: unknownUsersConfig,
      });

      // Start the accounts lockout mechanism
      accountsLockout.startup();

      return true;
    } catch (error) {
      console.error('Failed to reload accounts lockout:', error);
      throw new Meteor.Error('error-reloading-settings', 'Error reloading settings');
    }
  }
});
Feature: Added brute force login protection settings to Admin Panel/People/Locked Users. Added filtering of Admin Panel/People/People: All Users/Locked Users Only/Active/Not Active. Added visual indicators: red lock icon for locked users, green check for active users, and red X for inactive users. Added "Unlock All" button to quickly unlock all brute force locked users. Added ability to toggle user active status directly from the People page. Moved lockout settings from environment variables to database so admins can configure the lockout thresholds directly in the UI. Thanks to xet7. 2025-08-05 00:31:43 +03:00			`import { AccountsLockout } from 'meteor/wekan-accounts-lockout';`
			`import { ReactiveCache } from '/imports/reactiveCache';`
			`import LockoutSettings from '/models/lockoutSettings';`

			`Meteor.methods({`
			`reloadAccountsLockout() {`
			`// Check if user has admin rights`
			`const userId = Meteor.userId();`
			`if (!userId) {`
			`throw new Meteor.Error('error-invalid-user', 'Invalid user');`
			`}`
			`const user = ReactiveCache.getUser(userId);`
			`if (!user \|\| !user.isAdmin) {`
			`throw new Meteor.Error('error-not-allowed', 'Not allowed');`
			`}`

			`try {`
			`// Get configurations from database`
			`const knownUsersConfig = {`
			`failuresBeforeLockout: LockoutSettings.findOne('known-failuresBeforeLockout')?.value \|\| 3,`
			`lockoutPeriod: LockoutSettings.findOne('known-lockoutPeriod')?.value \|\| 60,`
			`failureWindow: LockoutSettings.findOne('known-failureWindow')?.value \|\| 15`
			`};`

			`const unknownUsersConfig = {`
			`failuresBeforeLockout: LockoutSettings.findOne('unknown-failuresBeforeLockout')?.value \|\| 3,`
			`lockoutPeriod: LockoutSettings.findOne('unknown-lockoutPeriod')?.value \|\| 60,`
			`failureWindow: LockoutSettings.findOne('unknown-failureWindow')?.value \|\| 15`
			`};`

			`// Initialize the AccountsLockout with configuration`
			`const accountsLockout = new AccountsLockout({`
			`knownUsers: knownUsersConfig,`
			`unknownUsers: unknownUsersConfig,`
			`});`

			`// Start the accounts lockout mechanism`
			`accountsLockout.startup();`

			`return true;`
			`} catch (error) {`
			`console.error('Failed to reload accounts lockout:', error);`
			`throw new Meteor.Error('error-reloading-settings', 'Error reloading settings');`
			`}`
			`}`
			`});`