Throttle login attempts and lock admin actions to privileged sessions

2025-11-04 00:00:22 +01:00
parent a4cd8e992f
commit ad0225a16e
12 changed files with 374 additions and 203 deletions
--- a/app/(dashboard)/settings/SettingsClient.tsx
+++ b/app/(dashboard)/settings/SettingsClient.tsx
@@ -1,8 +1,8 @@
 "use client";

 import { useFormState } from "react-dom";
-import { Alert, Box, Button, Card, CardContent, Stack, TextField, Typography } from "@mui/material";
-import type { CloudflareSettings, GeneralSettings } from "@/src/lib/settings";
+import { Alert, Box, Button, Card, CardContent, Checkbox, FormControlLabel, Stack, TextField, Typography } from "@mui/material";
+import type { GeneralSettings } from "@/src/lib/settings";
 import {
  updateCloudflareSettingsAction,
  updateGeneralSettingsAction
@@ -10,7 +10,11 @@ import {

 type Props = {
  general: GeneralSettings | null;
-  cloudflare: CloudflareSettings | null;
+  cloudflare: {
+    hasToken: boolean;
+    zoneId?: string;
+    accountId?: string;
+  };
 };

 export default function SettingsClient({ general, cloudflare }: Props) {
@@ -68,15 +72,32 @@ export default function SettingsClient({ general, cloudflare }: Props) {
          <Typography color="text.secondary" variant="body2" sx={{ mb: 2 }}>
            Configure a Cloudflare API token with Zone.DNS Edit permissions to enable DNS-01 challenges for wildcard certificates.
          </Typography>
+          {cloudflare.hasToken && (
+            <Alert severity="info">
+              A Cloudflare API token is already configured. Leave the token field blank to keep it, or select “Remove existing token” to delete it.
+            </Alert>
+          )}
          <Stack component="form" action={cloudflareFormAction} spacing={2}>
            {cloudflareState?.message && (
              <Alert severity={cloudflareState.success ? "success" : "warning"}>
                {cloudflareState.message}
              </Alert>
            )}
-            <TextField name="apiToken" label="API token" defaultValue={cloudflare?.apiToken ?? ""} fullWidth />
-            <TextField name="zoneId" label="Zone ID" defaultValue={cloudflare?.zoneId ?? ""} fullWidth />
-            <TextField name="accountId" label="Account ID" defaultValue={cloudflare?.accountId ?? ""} fullWidth />
+            <TextField
+              name="apiToken"
+              label="API token"
+              type="password"
+              autoComplete="new-password"
+              placeholder="Enter new token"
+              fullWidth
+            />
+            <FormControlLabel
+              control={<Checkbox name="clearToken" />}
+              label="Remove existing token"
+              disabled={!cloudflare.hasToken}
+            />
+            <TextField name="zoneId" label="Zone ID" defaultValue={cloudflare.zoneId ?? ""} fullWidth />
+            <TextField name="accountId" label="Account ID" defaultValue={cloudflare.accountId ?? ""} fullWidth />
            <Box sx={{ display: "flex", justifyContent: "flex-end" }}>
              <Button type="submit" variant="contained">
                Save Cloudflare settings