Increase allowed auth failure attempts, Increase maximum incremental backoff retry interval

docs/releases.md

@@ -11,6 +11,8 @@ and the [ntfy Android app](https://github.com/binwiederhier/ntfy-android/release
 **Bug fixes + maintenance:**
 
 * `ntfy sub --poll --from-config` will now include authentication headers from client.yml (if applicable) ([#658](https://github.com/binwiederhier/ntfy/issues/658), thanks to [@wunter8](https://github.com/wunter8))
+* Increase allowed auth failure attempts per IP address to 30 (no ticket)
+* Web app: Increase maximum incremental backoff retry interval to 2 minutes (no ticket)
 
 **Documentation:**
 

server/config.go

@@ -49,7 +49,7 @@ const (
 	DefaultVisitorEmailLimitReplenish           = time.Hour
 	DefaultVisitorAccountCreationLimitBurst     = 3
 	DefaultVisitorAccountCreationLimitReplenish = 24 * time.Hour
-	DefaultVisitorAuthFailureLimitBurst         = 10
+	DefaultVisitorAuthFailureLimitBurst         = 30
 	DefaultVisitorAuthFailureLimitReplenish     = time.Minute
 	DefaultVisitorAttachmentTotalSizeLimit      = 100 * 1024 * 1024 // 100 MB
 	DefaultVisitorAttachmentDailyBandwidthLimit = 500 * 1024 * 1024 // 500 MB

server/server_test.go

@@ -796,6 +796,7 @@ func TestServer_Auth_Fail_CannotPublish(t *testing.T) {
 
 func TestServer_Auth_Fail_Rate_Limiting(t *testing.T) {
 	c := newTestConfigWithAuthFile(t)
+	c.VisitorAuthFailureLimitBurst = 10
 	s := newTestServer(t, c)
 
 	for i := 0; i < 10; i++ {

web/src/app/Connection.js

@@ -1,6 +1,6 @@
 import {basicAuth, bearerAuth, encodeBase64Url, topicShortUrl, topicUrlWs} from "./utils";
 
-const retryBackoffSeconds = [5, 10, 15, 20, 30];
+const retryBackoffSeconds = [5, 10, 20, 30, 60, 120];
 
 /**
  * A connection contains a single WebSocket connection for one topic. It handles its connection