Reduced Wekan bundle size from 636 MB to 467 MB by deleting all

dependencies of lucasantoniassi:accounts-lockout and including
only required 10 files.

Thank to xet7 !

.meteor/packages

@@ -83,7 +83,6 @@ mquandalle:moment
 msavin:usercache
 # Keep stylus in 1.1.0, because building v2 takes extra 52 minutes.
 coagmano:[email protected]!
-lucasantoniassi:accounts-lockout
 meteorhacks:subs-manager
 meteorhacks:picker
 lamhieu:unblock
@@ -145,3 +144,4 @@ staringatlights:fast-render
 spacebars
 easylogic:summernote
 pascoual:pdfkit
+wekan-accounts-lockout

.meteor/versions

@@ -71,7 +71,6 @@ [email protected]
 [email protected]
 [email protected]
 [email protected]
-lucasantoniassi:[email protected]
 matb33:[email protected]
 matteodem:[email protected]
 mdg:[email protected]
@@ -220,6 +219,7 @@ verron:[email protected]
 [email protected]
 [email protected]
 [email protected]
+[email protected]
 [email protected]
 [email protected]
 [email protected]

packages/wekan-accounts-lockout/CONTRIBUTING.md

@@ -0,0 +1,25 @@
+# Contributing guide
+
+Want to contribute to Accounts-Lockout? Awesome!
+There are many ways you can contribute, see below.
+
+## Opening issues
+
+Open an issue to report bugs or to propose new features.
+
+- Reporting bugs: describe the bug as clearly as you can, including steps to reproduce, what happened and what you were expecting to happen. Also include browser version, OS and other related software's (npm, Node.js, etc) versions when applicable.
+
+- Proposing features: explain the proposed feature, what it should do, why it is useful, how users should use it. Give us as much info as possible so it will be easier to discuss, access and implement the proposed feature. When you're unsure about a certain aspect of the feature, feel free to leave it open for others to discuss and find an appropriate solution.
+
+## Proposing pull requests
+
+Pull requests are very welcome. Note that if you are going to propose drastic changes, be sure to open an issue for discussion first, to make sure that your PR will be accepted before you spend effort coding it.
+
+Fork the Accounts-Lockout repository, clone it locally and create a branch for your proposed bug fix or new feature. Avoid working directly on the master branch.
+
+Implement your bug fix or feature, write tests to cover it and make sure all tests are passing (run a final `npm test` to make sure everything is correct). Then commit your changes, push your bug fix/feature branch to the origin (your forked repo) and open a pull request to the upstream (the repository you originally forked)'s master branch.
+
+## Documentation
+
+Documentation is extremely important and takes a fair deal of time and effort to write and keep updated.
+Please submit any and all improvements you can make to the repository's docs.

packages/wekan-accounts-lockout/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Lucas Antoniassi de Paiva
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

packages/wekan-accounts-lockout/README.md

@@ -0,0 +1,126 @@
+# Meteor - Accounts - Lockout
+
+[![Build Status](https://travis-ci.org/LucasAntoniassi/meteor-accounts-lockout.svg?branch=master)](https://travis-ci.org/LucasAntoniassi/meteor-accounts-lockout)
+[![Codacy Badge](https://api.codacy.com/project/badge/Grade/8ce60fa7e2c24891b9bdfc3b65433d23)](https://www.codacy.com/app/lucasantoniassi/meteor-accounts-lockout?utm_source=github.com&utm_medium=referral&utm_content=LucasAntoniassi/meteor-accounts-lockout&utm_campaign=Badge_Grade)
+[![Code Climate](https://codeclimate.com/github/LucasAntoniassi/meteor-accounts-lockout/badges/gpa.svg)](https://codeclimate.com/github/LucasAntoniassi/meteor-accounts-lockout)
+
+## What it is
+
+Seamless Meteor apps accounts protection from password brute-force attacks.
+Users won't notice it. Hackers shall not pass.
+
+![you-shall-not-pass](https://cloud.githubusercontent.com/assets/3399956/9023729/007dd2a2-38b1-11e5-807a-b81c6ce00c80.jpg)
+
+## Installation
+
+```
+meteor add lucasantoniassi:accounts-lockout
+```
+
+## Usage via ES6 import
+
+```javascript
+// server
+import { AccountsLockout } from 'meteor/lucasantoniassi:accounts-lockout';
+```
+
+## How to use
+
+Default settings:
+
+```javascript
+ "knownUsers": {
+ "failuresBeforeLockout": 3, // positive integer greater than 0
+ "lockoutPeriod": 60, // in seconds
+ "failureWindow": 10 // in seconds
+ },
+ "unknownUsers": {
+ "failuresBeforeLockout": 3, // positive integer greater than 0
+ "lockoutPeriod": 60, // in seconds
+ "failureWindow": 10 // in seconds
+ }
+```
+
+`knownUsers` are users where already belongs to your `Meteor.users` collections,
+these rules are applied if they attempt to login with an incorrect password but a know email.
+
+`unknownUsers` are users where **not** belongs to your `Meteor.users` collections,
+these rules are applied if they attempt to login with a unknown email.
+
+`failuresBeforeLockout` should be a positive integer greater than 0.
+
+`lockoutPeriod` should be in seconds.
+
+`failureWindow` should be in seconds.
+
+If the `default` is nice to you, you can do that.
+
+```javascript
+(new AccountsLockout()).startup();
+```
+
+You can overwrite passing an `object` as argument.
+
+```javascript
+(new AccountsLockout({
+ knownUsers: {
+ failuresBeforeLockout: 3,
+ lockoutPeriod: 60,
+ failureWindow: 15,
+ },
+ unknownUsers: {
+ failuresBeforeLockout: 3,
+ lockoutPeriod: 60,
+ failureWindow: 15,
+ },
+})).startup();
+```
+
+If you prefer, you can pass a `function` as argument.
+
+```javascript
+const knownUsersRules = (user) => {
+ // apply some logic with this user
+ return {
+ failuresBeforeLockout,
+ lockoutPeriod,
+ failureWindow,
+ };
+};
+
+const unknownUsersRules = (connection) => {
+ // apply some logic with this connection
+ return {
+ failuresBeforeLockout,
+ lockoutPeriod,
+ failureWindow,
+ };
+};
+
+(new AccountsLockout({
+ knownUsers: knownUsersRules,
+ unknownUsers: unknownUsersRules,
+})).startup();
+```
+
+If you prefer, you can use `Meteor.settings`. It will overwrite any previous case.
+
+```javascript
+"accounts-lockout": {
+ "knownUsers": {
+ "failuresBeforeLockout": 3,
+ "lockoutPeriod": 60,
+ "failureWindow": 10
+ },
+ "unknownUsers": {
+ "failuresBeforeLockout": 3,
+ "lockoutPeriod": 60,
+ "failureWindow": 10
+ }
+}
+```
+
+## License
+
+This package is open-sourced software licensed under the [MIT license](http:https://opensource.org/licenses/MIT).
+

packages/wekan-accounts-lockout/accounts-lockout.js

@@ -0,0 +1,5 @@
+import AccountsLockout from './src/accountsLockout';
+
+const Name = 'wekan-accounts-lockout';
+
+export { Name, AccountsLockout };

packages/wekan-accounts-lockout/package.js

@@ -0,0 +1,18 @@
+/* global Package */
+
+Package.describe({
+ name: 'wekan-accounts-lockout',
+ version: '1.0.0',
+ summary: 'Meteor package for locking user accounts and stopping brute force attacks',
+ git: 'https://github.com/lucasantoniassi/meteor-accounts-lockout.git',
+ documentation: 'README.md',
+});
+
+Package.onUse((api) => {
+ api.versionsFrom('1.4.2.3');
+ api.use([
+ 'ecmascript',
+ 'accounts-password',
+ ]);
+ api.mainModule('accounts-lockout.js');
+});

packages/wekan-accounts-lockout/package.json

@@ -0,0 +1,4 @@
+{
+ "name": "wekan-accounts-lockout",
+ "private": true
+}

packages/wekan-accounts-lockout/src/accountsLockout.js

@@ -0,0 +1,29 @@
+import KnownUser from './knownUser';
+import UnknownUser from './unknownUser';
+
+class AccountsLockout {
+ constructor({
+ knownUsers = {
+ failuresBeforeLockout: 3,
+ lockoutPeriod: 60,
+ failureWindow: 15,
+ },
+ unknownUsers = {
+ failuresBeforeLockout: 3,
+ lockoutPeriod: 60,
+ failureWindow: 15,
+ },
+ }) {
+ this.settings = {
+ knownUsers,
+ unknownUsers,
+ };
+ }
+
+ startup() {
+ (new KnownUser(this.settings.knownUsers)).startup();
+ (new UnknownUser(this.settings.unknownUsers)).startup();
+ }
+}
+
+export default AccountsLockout;

packages/wekan-accounts-lockout/src/accountsLockoutCollection.js

@@ -0,0 +1,3 @@
+import { Meteor } from 'meteor/meteor';
+
+export default new Meteor.Collection('AccountsLockout.Connections');