From 19d8d026fedd2fbfc2f5258f8e93b58faf46be53 Mon Sep 17 00:00:00 2001 From: Jack Foltz Date: Wed, 26 Dec 2018 19:02:59 -0500 Subject: [PATCH] Add auth failure logging --- app/routes/api/auth.js | 11 +++++++++-- app/util/auth.js | 4 ++++ config/default.json | 3 ++- config/dev.json | 3 ++- config/test.json | 3 ++- extra/shimapan.filter | 3 +++ server.js | 2 ++ 7 files changed, 24 insertions(+), 5 deletions(-) create mode 100644 extra/shimapan.filter diff --git a/app/routes/api/auth.js b/app/routes/api/auth.js index 75f1356..38f8308 100644 --- a/app/routes/api/auth.js +++ b/app/routes/api/auth.js @@ -1,6 +1,7 @@ const express = require('express'); const router = express.Router(); const config = require('config'); +const fs = require('fs').promises; const ModelPath = '../../models/'; const User = require(ModelPath + 'User.js'); @@ -33,8 +34,11 @@ const login = (user, req) => { const validateInvite = wrap(async (req, res, next) => { const invite = await Invite.findOne({code: req.body.invite}).catch(next); - if (!invite) + if (!invite) { + // Log failure + await fs.appendFile('auth.log', `${new Date().toISOString()} register ${req.connection.remoteAddress}`); return res.status(422).json({message: 'Invalid invite code.'}); + } if (invite.used) return res.status(422).json({message: 'Invite already used.'}); @@ -92,8 +96,11 @@ const loginProps = [ router.post('/login', bodyVerifier(loginProps), canonicalizeRequest, wrap(async (req, res, next) => { // Authenticate const user = await authenticate(req, res, next); - if (!user) + if (!user) { + // Log failure + await fs.appendFile('auth.log', `${new Date().toISOString()} login ${req.connection.remoteAddress}`); return res.status(401).json({'message': 'Unauthorized.'}); + } // Create session await login(user, req); diff --git a/app/util/auth.js b/app/util/auth.js index b27f836..40d1dd4 100644 --- a/app/util/auth.js +++ b/app/util/auth.js @@ -2,6 +2,7 @@ const ModelPath = '../models/'; const Key = require(ModelPath + 'Key.js'); const User = require(ModelPath + 'User.js'); +const fs = require('fs').promises; const wrap = require('./wrap.js'); const verifyScope = require('./verifyScope.js'); @@ -30,6 +31,9 @@ const checkKey = async (req, scope, status) => { req.key = key.key; status.permission = true; } + } else { + // Log failure + await fs.appendFile('auth.log', `${new Date().toISOString()} key ${req.connection.remoteAddress}`); } } }; diff --git a/config/default.json b/config/default.json index 5d4d63b..5d2d758 100644 --- a/config/default.json +++ b/config/default.json @@ -2,7 +2,8 @@ "Server": { "port": 4433, "hostname": "https://shimapan.rocks", - "tls": true + "tls": true, + "trustProxy": [] }, "Database": { "host": "mongodb://localhost:27017/shimapan" diff --git a/config/dev.json b/config/dev.json index ae2bf0c..953995e 100644 --- a/config/dev.json +++ b/config/dev.json @@ -2,7 +2,8 @@ "Server": { "port": 8080, "hostname": "http://localhost:8080", - "tls": false + "tls": false, + "trustProxy": [] }, "Database": { "host": "mongodb://localhost:27017/shimapan-dev" diff --git a/config/test.json b/config/test.json index 4f32322..4597e23 100644 --- a/config/test.json +++ b/config/test.json @@ -2,7 +2,8 @@ "Server": { "port": 8080, "hostname": "http://localhost:8080", - "tls": false + "tls": false, + "trustProxy": [] }, "Database": { "host": "mongodb://localhost:27017/shimapan-test" diff --git a/extra/shimapan.filter b/extra/shimapan.filter new file mode 100644 index 0000000..e87fff3 --- /dev/null +++ b/extra/shimapan.filter @@ -0,0 +1,3 @@ +[Definition] +failregex = \w +ignoreregex = diff --git a/server.js b/server.js index 7f5942b..3a94d28 100755 --- a/server.js +++ b/server.js @@ -70,6 +70,8 @@ app.use((err, req, res, next) => { res.status(500).json({'message': 'Internal server error.'}); }); +app.set('trust proxy', config.get('Server.trustProxy')); + // Start app const port = config.get('Server.port');