HoneypotFields

CloudHost/HoneypotFields

Fork 0

Commit Graph

Author	SHA1	Message	Date
Malin	bd5a67b57f	fix: full IPs, top attacked form banner, Bearer token auth on /submit server.js: - Remove maskIP() — store full IPs as submitted (sanitizeIP trims/truncates only) - Add requireToken() middleware with constant-time comparison (timingSafeEqual) using 128-byte padded buffers to prevent length-based timing leaks - API_TOKEN env var — if unset the endpoint stays open (dev mode); set it in prod - /api/v1/submit now requires Authorization: Bearer <token> docker-compose.yml / .env.example: - Expose API_TOKEN env var with clear comment index.html: - Add red-bordered 'MOST ATTACKED FORM (30D)' banner between stats and content grid showing form name, hit count, and % of all 30d blocks - Widen live feed IP column 90px → 130px to fit full IPv4 addresses - Remove 'ALL DATA IS ANONYMISED' from footer (IPs are full now) honeypot-fields.php: - SmartHoneypotAPIClient: add api_token to defaults + send Authorization header - save_api_settings: persist api_token field - Settings tab: add password input for API token with description	2026-03-09 19:26:23 +01:00
Malin	6740180981	feat: centralized API dashboard + Docker container API server (api/): - Node.js + Express + SQLite (better-sqlite3, WAL mode) - POST /api/v1/submit — receive blocks from WP sites (rate limited 30/min/IP) - GET /api/v1/stats — public aggregated stats with 30s cache - GET /api/v1/stream — SSE live feed, pushed every 2s - GET /api/v1/health — health check - IP masking: only first 2 octets stored (192.168.x.x) - UA family detection: curl, Python, Go, bots, Chrome, etc. - docker-compose.yml with named volume for SQLite persistence Dashboard (api/public/index.html): - Hacker/terminal aesthetic: black + matrix green, CRT scanlines - Live stat cards: total blocked, today, 7d, 30d, sites reporting - Canvas 24h activity trend chart with gradient bars - CSS bar charts: form types, bot toolkit, block reasons - Live SSE threat feed with countUp animation and auto-scroll - Top 10 attackers table with frequency bars - Polls /api/v1/stats every 6s, SSE for instant feed updates WordPress plugin (honeypot-fields.php): - SmartHoneypotAPIClient: queue (WP option) + WP-cron batch flush every 5min - log_spam() now enqueues to central API after local DB write - Admin 'Central API' tab: enable toggle, endpoint URL, sync stats, manual flush - Cron properly registered/deregistered on activate/deactivate	2026-03-09 19:21:41 +01:00

Author

SHA1

Message

Date

Malin

bd5a67b57f

fix: full IPs, top attacked form banner, Bearer token auth on /submit

server.js:
- Remove maskIP() — store full IPs as submitted (sanitizeIP trims/truncates only)
- Add requireToken() middleware with constant-time comparison (timingSafeEqual)
  using 128-byte padded buffers to prevent length-based timing leaks
- API_TOKEN env var — if unset the endpoint stays open (dev mode); set it in prod
- /api/v1/submit now requires Authorization: Bearer <token>

docker-compose.yml / .env.example:
- Expose API_TOKEN env var with clear comment

index.html:
- Add red-bordered 'MOST ATTACKED FORM (30D)' banner between stats and content grid
  showing form name, hit count, and % of all 30d blocks
- Widen live feed IP column 90px → 130px to fit full IPv4 addresses
- Remove 'ALL DATA IS ANONYMISED' from footer (IPs are full now)

honeypot-fields.php:
- SmartHoneypotAPIClient: add api_token to defaults + send Authorization header
- save_api_settings: persist api_token field
- Settings tab: add password input for API token with description

2026-03-09 19:26:23 +01:00

Malin

6740180981

feat: centralized API dashboard + Docker container

API server (api/):
- Node.js + Express + SQLite (better-sqlite3, WAL mode)
- POST /api/v1/submit — receive blocks from WP sites (rate limited 30/min/IP)
- GET  /api/v1/stats  — public aggregated stats with 30s cache
- GET  /api/v1/stream — SSE live feed, pushed every 2s
- GET  /api/v1/health — health check
- IP masking: only first 2 octets stored (192.168.x.x)
- UA family detection: curl, Python, Go, bots, Chrome, etc.
- docker-compose.yml with named volume for SQLite persistence

Dashboard (api/public/index.html):
- Hacker/terminal aesthetic: black + matrix green, CRT scanlines
- Live stat cards: total blocked, today, 7d, 30d, sites reporting
- Canvas 24h activity trend chart with gradient bars
- CSS bar charts: form types, bot toolkit, block reasons
- Live SSE threat feed with countUp animation and auto-scroll
- Top 10 attackers table with frequency bars
- Polls /api/v1/stats every 6s, SSE for instant feed updates

WordPress plugin (honeypot-fields.php):
- SmartHoneypotAPIClient: queue (WP option) + WP-cron batch flush every 5min
- log_spam() now enqueues to central API after local DB write
- Admin 'Central API' tab: enable toggle, endpoint URL, sync stats, manual flush
- Cron properly registered/deregistered on activate/deactivate

2026-03-09 19:21:41 +01:00

2 Commits