mirror of
https://github.com/idanoo/autobrr
synced 2025-07-23 16:59:12 +00:00
feat(http): log invalid login attempts (#587)
This commit is contained in:
ze0s
GitHub
parent
0c04c669c7
commit
e6c48a5228
5 changed files with 35 additions and 10 deletions
|
|
@ -114,6 +114,7 @@ func main() {
|
||||||
|
|
||||||
go func() {
|
go func() {
|
||||||
httpServer := http.NewServer(
|
httpServer := http.NewServer(
|
||||||
|
log,
|
||||||
cfg.Config,
|
cfg.Config,
|
||||||
serverEvents,
|
serverEvents,
|
||||||
db,
|
db,
|
||||||
|
|
|
||||||
|
|
@ -2,14 +2,14 @@ package auth
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"errors"
|
|
||||||
|
|
||||||
"github.com/autobrr/autobrr/internal/logger"
|
|
||||||
"github.com/rs/zerolog"
|
|
||||||
|
|
||||||
"github.com/autobrr/autobrr/internal/domain"
|
"github.com/autobrr/autobrr/internal/domain"
|
||||||
|
"github.com/autobrr/autobrr/internal/logger"
|
||||||
"github.com/autobrr/autobrr/internal/user"
|
"github.com/autobrr/autobrr/internal/user"
|
||||||
"github.com/autobrr/autobrr/pkg/argon2id"
|
"github.com/autobrr/autobrr/pkg/argon2id"
|
||||||
|
|
||||||
|
"github.com/pkg/errors"
|
||||||
|
"github.com/rs/zerolog"
|
||||||
)
|
)
|
||||||
|
|
||||||
type Service interface {
|
type Service interface {
|
||||||
|
|
@ -47,7 +47,7 @@ func (s *service) Login(ctx context.Context, username, password string) (*domain
|
||||||
}
|
}
|
||||||
|
|
||||||
if u == nil {
|
if u == nil {
|
||||||
return nil, errors.New("bad credentials")
|
return nil, errors.Errorf("invalid login: %s", username)
|
||||||
}
|
}
|
||||||
|
|
||||||
// compare password from request and the saved password
|
// compare password from request and the saved password
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,7 @@ package database
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"database/sql"
|
||||||
|
|
||||||
"github.com/autobrr/autobrr/internal/domain"
|
"github.com/autobrr/autobrr/internal/domain"
|
||||||
"github.com/autobrr/autobrr/internal/logger"
|
"github.com/autobrr/autobrr/internal/logger"
|
||||||
|
|
@ -63,6 +64,10 @@ func (r *UserRepo) FindByUsername(ctx context.Context, username string) (*domain
|
||||||
var user domain.User
|
var user domain.User
|
||||||
|
|
||||||
if err := row.Scan(&user.ID, &user.Username, &user.Password); err != nil {
|
if err := row.Scan(&user.ID, &user.Username, &user.Password); err != nil {
|
||||||
|
if err == sql.ErrNoRows {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
|
||||||
return nil, errors.Wrap(err, "error scanning row")
|
return nil, errors.Wrap(err, "error scanning row")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -5,10 +5,11 @@ import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
|
"github.com/autobrr/autobrr/internal/domain"
|
||||||
|
|
||||||
"github.com/go-chi/chi/v5"
|
"github.com/go-chi/chi/v5"
|
||||||
"github.com/gorilla/sessions"
|
"github.com/gorilla/sessions"
|
||||||
|
"github.com/rs/zerolog"
|
||||||
"github.com/autobrr/autobrr/internal/domain"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
type authService interface {
|
type authService interface {
|
||||||
|
|
@ -18,6 +19,7 @@ type authService interface {
|
||||||
}
|
}
|
||||||
|
|
||||||
type authHandler struct {
|
type authHandler struct {
|
||||||
|
log zerolog.Logger
|
||||||
encoder encoder
|
encoder encoder
|
||||||
config *domain.Config
|
config *domain.Config
|
||||||
service authService
|
service authService
|
||||||
|
|
@ -25,8 +27,9 @@ type authHandler struct {
|
||||||
cookieStore *sessions.CookieStore
|
cookieStore *sessions.CookieStore
|
||||||
}
|
}
|
||||||
|
|
||||||
func newAuthHandler(encoder encoder, config *domain.Config, cookieStore *sessions.CookieStore, service authService) *authHandler {
|
func newAuthHandler(encoder encoder, log zerolog.Logger, config *domain.Config, cookieStore *sessions.CookieStore, service authService) *authHandler {
|
||||||
return &authHandler{
|
return &authHandler{
|
||||||
|
log: log,
|
||||||
encoder: encoder,
|
encoder: encoder,
|
||||||
config: config,
|
config: config,
|
||||||
service: service,
|
service: service,
|
||||||
|
|
@ -72,6 +75,7 @@ func (h authHandler) login(w http.ResponseWriter, r *http.Request) {
|
||||||
|
|
||||||
_, err := h.service.Login(ctx, data.Username, data.Password)
|
_, err := h.service.Login(ctx, data.Username, data.Password)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
h.log.Error().Err(err).Msgf("invalid login [%s] from: %s", ReadUserIP(r))
|
||||||
h.encoder.StatusResponse(ctx, w, nil, http.StatusUnauthorized)
|
h.encoder.StatusResponse(ctx, w, nil, http.StatusUnauthorized)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -155,3 +159,14 @@ func (h authHandler) validate(w http.ResponseWriter, r *http.Request) {
|
||||||
// send empty response as ok
|
// send empty response as ok
|
||||||
h.encoder.StatusResponse(ctx, w, nil, http.StatusNoContent)
|
h.encoder.StatusResponse(ctx, w, nil, http.StatusNoContent)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func ReadUserIP(r *http.Request) string {
|
||||||
|
IPAddress := r.Header.Get("X-Real-Ip")
|
||||||
|
if IPAddress == "" {
|
||||||
|
IPAddress = r.Header.Get("X-Forwarded-For")
|
||||||
|
}
|
||||||
|
if IPAddress == "" {
|
||||||
|
IPAddress = r.RemoteAddr
|
||||||
|
}
|
||||||
|
return IPAddress
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@ import (
|
||||||
|
|
||||||
"github.com/autobrr/autobrr/internal/database"
|
"github.com/autobrr/autobrr/internal/database"
|
||||||
"github.com/autobrr/autobrr/internal/domain"
|
"github.com/autobrr/autobrr/internal/domain"
|
||||||
|
"github.com/autobrr/autobrr/internal/logger"
|
||||||
"github.com/autobrr/autobrr/web"
|
"github.com/autobrr/autobrr/web"
|
||||||
|
|
||||||
"github.com/go-chi/chi/v5"
|
"github.com/go-chi/chi/v5"
|
||||||
|
|
@ -15,9 +16,11 @@ import (
|
||||||
"github.com/gorilla/sessions"
|
"github.com/gorilla/sessions"
|
||||||
"github.com/r3labs/sse/v2"
|
"github.com/r3labs/sse/v2"
|
||||||
"github.com/rs/cors"
|
"github.com/rs/cors"
|
||||||
|
"github.com/rs/zerolog"
|
||||||
)
|
)
|
||||||
|
|
||||||
type Server struct {
|
type Server struct {
|
||||||
|
log zerolog.Logger
|
||||||
sse *sse.Server
|
sse *sse.Server
|
||||||
db *database.DB
|
db *database.DB
|
||||||
|
|
||||||
|
|
@ -40,8 +43,9 @@ type Server struct {
|
||||||
releaseService releaseService
|
releaseService releaseService
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewServer(config *domain.Config, sse *sse.Server, db *database.DB, version string, commit string, date string, actionService actionService, apiService apikeyService, authService authService, downloadClientSvc downloadClientService, filterSvc filterService, feedSvc feedService, indexerSvc indexerService, ircSvc ircService, notificationSvc notificationService, releaseSvc releaseService) Server {
|
func NewServer(log logger.Logger, config *domain.Config, sse *sse.Server, db *database.DB, version string, commit string, date string, actionService actionService, apiService apikeyService, authService authService, downloadClientSvc downloadClientService, filterSvc filterService, feedSvc feedService, indexerSvc indexerService, ircSvc ircService, notificationSvc notificationService, releaseSvc releaseService) Server {
|
||||||
return Server{
|
return Server{
|
||||||
|
log: log.With().Str("module", "http").Logger(),
|
||||||
config: config,
|
config: config,
|
||||||
sse: sse,
|
sse: sse,
|
||||||
db: db,
|
db: db,
|
||||||
|
|
@ -109,7 +113,7 @@ func (s Server) Handler() http.Handler {
|
||||||
fileSystem.ServeHTTP(w, r)
|
fileSystem.ServeHTTP(w, r)
|
||||||
})
|
})
|
||||||
|
|
||||||
r.Route("/api/auth", newAuthHandler(encoder, s.config, s.cookieStore, s.authService).Routes)
|
r.Route("/api/auth", newAuthHandler(encoder, s.log, s.config, s.cookieStore, s.authService).Routes)
|
||||||
r.Route("/api/healthz", newHealthHandler(encoder, s.db).Routes)
|
r.Route("/api/healthz", newHealthHandler(encoder, s.db).Routes)
|
||||||
|
|
||||||
r.Group(func(r chi.Router) {
|
r.Group(func(r chi.Router) {
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue