cronekorkn/left4me
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
left4me/l4d2web/routes
History
mwiegand bbb2b983bc
harden(l4d2web): per-username login rate limit alongside per-IP 
A 20-attempts-per-60s budget keyed by IP doesn't slow a distributed brute force that rotates source IPs. Add a parallel per-username bucket with the same threshold so a single account can't burn through more than 20 failed logins/min regardless of where they come from. Empty usernames aren't bucketed (would DoS the anonymous 401 path). Successful login clears both buckets.
2026-05-14 22:26:20 +02:00
..
__init__.py chore(l4d2): flatten component layout 2026-05-05 23:47:06 +02:00
auth_routes.py harden(l4d2web): per-username login rate limit alongside per-IP 2026-05-14 22:26:20 +02:00
blueprint_routes.py feat(l4d2-web): blueprint rename moves to footer modal — matches overlay/server pattern 2026-05-09 01:37:29 +02:00
console_routes.py refactor(l4d2-web): tighten console route limit test and dedupe is_error 2026-05-14 21:35:22 +02:00
files_routes.py secure(l4d2web): block non-admin writes on system overlays; last-admin guard on deactivate 2026-05-14 22:24:19 +02:00
job_routes.py feat(l4d2-web): managed global map overlays with daily refresh 2026-05-08 08:05:14 +02:00
log_routes.py feat(l4d2-web): server identity by id, name as display label 2026-05-08 19:22:09 +02:00
overlay_routes.py feat(files-overlay): user-managed file content as a third overlay type 2026-05-09 18:59:32 +02:00
page_routes.py secure(l4d2web): block non-admin writes on system overlays; last-admin guard on deactivate 2026-05-14 22:24:19 +02:00
profile_routes.py profile: happy-path + cross-session invalidation tests 2026-05-11 21:58:26 +02:00
server_routes.py feat(l4d2-web): accept hostname on server update, default empty on create 2026-05-13 14:29:53 +02:00
workshop_routes.py workshop_routes: narrow refresh's steam exception handler 2026-05-11 23:08:41 +02:00