[Feature Request] Log failed login attempts for fail2ban implementation

hoarder-app#477 added logging of failed logins
kamtschatka · Oct 19, 2024 · 1a65234 · 1a65234
1 parent c4bce80
commit 1a65234
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 3 deletions.
diff --git a/apps/web/server/auth.ts b/apps/web/server/auth.ts
@@ -17,6 +17,7 @@ import {
   verificationTokens,
 } from "@hoarder/db/schema";
 import serverConfig from "@hoarder/shared/config";
+import { authLogger } from "@hoarder/shared/logger";
 import { validatePassword } from "@hoarder/trpc/auth";
 
 type UserRole = "admin" | "user";
@@ -69,6 +70,16 @@ async function isAdmin(email: string): Promise<boolean> {
   return res?.role == "admin";
 }
 
+function logAuthenticationError(
+  user: string,
+  message: string,
+  ip: unknown,
+): void {
+  authLogger.error(
+    `Authentication error. User: "${user}", Message: "${message}", IP-Address: "${ip}"`,
+  );
+}
+
 const providers: Provider[] = [
   CredentialsProvider({
     // The name to display on the sign in form (e.g. "Sign in with...")
@@ -77,17 +88,34 @@ const providers: Provider[] = [
       email: { label: "Email", type: "email", placeholder: "Email" },
       password: { label: "Password", type: "password" },
     },
-    async authorize(credentials) {
+    async authorize(credentials, req) {
       if (!credentials) {
+        logAuthenticationError(
+          "<unknown>",
+          "Credentials missing",
+          req.headers?.["x-forwarded-for"],
+        );
         return null;
       }
 
       try {
-        return await validatePassword(
+        const isValidPassword = await validatePassword(
           credentials?.email,
           credentials?.password,
         );
+        logAuthenticationError(
+          credentials?.email,
+          "Password invalid",
+          req.headers?.["x-forwarded-for"],
+        );
+        return isValidPassword;
       } catch (e) {
+        const error = e as Error;
+        logAuthenticationError(
+          credentials?.email,
+          error.message,
+          req.headers?.["x-forwarded-for"],
+        );
         return null;
       }
     },

diff --git a/apps/workers/crawlerWorker.ts b/apps/workers/crawlerWorker.ts
@@ -436,7 +436,7 @@ async function archiveWebpage(
 
   await execa({
     input: html,
-  })`monolith  - -Ije -t 5 -b ${url} -o ${assetPath}`;
+  })`C:\\Projekte\\hoarder-app\\data\\stuff\\monolith.exe  - -Ije -t 5 -b ${url} -o ${assetPath}`;
 
   const contentType = "text/html";
 

diff --git a/packages/shared/logger.ts b/packages/shared/logger.ts
@@ -15,3 +15,22 @@ const logger = winston.createLogger({
 });
 
 export default logger;
+
+export const authLogger = winston.createLogger({
+  level: "debug",
+  format: winston.format.combine(
+    winston.format.timestamp(),
+    winston.format.printf(
+      (info) => `${info.timestamp} ${info.level}: ${info.message}`,
+    ),
+  ),
+  transports: [
+    new winston.transports.Console(),
+    new winston.transports.File({
+      filename: "failedLogins.log",
+      dirname: serverConfig.dataDir,
+      maxFiles: 2,
+      maxsize: 1024 * 1024,
+    }),
+  ],
+});