Add auth failure logging

2025-03-06 12:10:32 -05:00 · 2018-12-26 19:02:59 -05:00 · 2018-12-26 19:02:59 -05:00 · 19d8d026fe
commit 19d8d026fe
parent 6d6768a849
7 changed files with 24 additions and 5 deletions
--- a/app/routes/api/auth.js
+++ b/app/routes/api/auth.js
@ -1,6 +1,7 @@
 const express = require('express');
 const router = express.Router();
 const config = require('config');
+const fs = require('fs').promises;

 const ModelPath = '../../models/';
 const User = require(ModelPath + 'User.js');
@ -33,8 +34,11 @@ const login = (user, req) => {
 const validateInvite = wrap(async (req, res, next) => {
    const invite = await Invite.findOne({code: req.body.invite}).catch(next);

-    if (!invite)
+    if (!invite) {
+        // Log failure
+        await fs.appendFile('auth.log', `${new Date().toISOString()} register ${req.connection.remoteAddress}`);
        return res.status(422).json({message: 'Invalid invite code.'});
+    }

    if (invite.used)
        return res.status(422).json({message: 'Invite already used.'});
@ -92,8 +96,11 @@ const loginProps = [
 router.post('/login', bodyVerifier(loginProps), canonicalizeRequest, wrap(async (req, res, next) => {
    // Authenticate
    const user = await authenticate(req, res, next);
-    if (!user)
+    if (!user) {
+        // Log failure
+        await fs.appendFile('auth.log', `${new Date().toISOString()} login ${req.connection.remoteAddress}`);
        return res.status(401).json({'message': 'Unauthorized.'});
+    }

    // Create session
    await login(user, req);
--- a/app/util/auth.js
+++ b/app/util/auth.js
@ -2,6 +2,7 @@ const ModelPath = '../models/';
 const Key = require(ModelPath + 'Key.js');
 const User = require(ModelPath + 'User.js');

+const fs = require('fs').promises;
 const wrap = require('./wrap.js');
 const verifyScope = require('./verifyScope.js');

@ -30,6 +31,9 @@ const checkKey = async (req, scope, status) => {
                req.key = key.key;
                status.permission = true;
            }
+        } else {
+            // Log failure
+            await fs.appendFile('auth.log', `${new Date().toISOString()} key ${req.connection.remoteAddress}`);
        }
    }
 };
--- a/config/default.json
+++ b/config/default.json
@ -2,7 +2,8 @@
  "Server": {
    "port": 4433,
    "hostname": "https://shimapan.rocks",
-    "tls": true
+    "tls": true,
+    "trustProxy": []
  },
  "Database": {
    "host": "mongodb://localhost:27017/shimapan"
--- a/config/dev.json
+++ b/config/dev.json
@ -2,7 +2,8 @@
  "Server": {
    "port": 8080,
    "hostname": "http://localhost:8080",
-    "tls": false
+    "tls": false,
+    "trustProxy": []
  },
  "Database": {
    "host": "mongodb://localhost:27017/shimapan-dev"
--- a/config/test.json
+++ b/config/test.json
@ -2,7 +2,8 @@
  "Server": {
    "port": 8080,
    "hostname": "http://localhost:8080",
-    "tls": false
+    "tls": false,
+    "trustProxy": []
  },
  "Database": {
    "host": "mongodb://localhost:27017/shimapan-test"
--- a/extra/shimapan.filter
+++ b/extra/shimapan.filter
@ -0,0 +1,3 @@
+[Definition]
+failregex = \w <HOST>
+ignoreregex =
--- a/server.js
+++ b/server.js
@ -70,6 +70,8 @@ app.use((err, req, res, next) => {
    res.status(500).json({'message': 'Internal server error.'});
 });

+app.set('trust proxy', config.get('Server.trustProxy'));
+
 // Start app
 const port = config.get('Server.port');