pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-02-25 14:26:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

add failed auth logging

Browse Source
This commit is contained in:
Milo Schwartz
2025-01-27 22:43:32 -05:00
parent fdb1ab4bd9
commit 0bd8217d9e
16 changed files with 175 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
server/routers/badger/exchangeSession.ts
View File

@@ -20,7 +20,8 @@ import { response } from "@server/lib";
const exchangeSessionBodySchema = z.object({
requestToken: z.string(),
host: z.string()
host: z.string(),
requestIp: z.string().optional()
});
export type ExchangeSessionBodySchema = z.infer<
@@ -51,7 +52,9 @@ export async function exchangeSession(
}
try {
const { requestToken, host } = parsedBody.data;
const { requestToken, host, requestIp } = parsedBody.data;
const clientIp = requestIp?.split(":")[0];
const [resource] = await db
.select()
@@ -75,12 +78,22 @@ export async function exchangeSession(
);
if (!requestSession) {
if (config.getRawConfig().app.log_failed_attempts) {
logger.info(
`Exchange token is invalid. Resource ID: ${resource.resourceId}. IP: ${clientIp}.`
);
}
return next(
createHttpError(HttpCode.UNAUTHORIZED, "Invalid request token")
);
}
if (!requestSession.isRequestToken) {
if (config.getRawConfig().app.log_failed_attempts) {
logger.info(
`Exchange token is invalid. Resource ID: ${resource.resourceId}. IP: ${clientIp}.`
);
}
return next(
createHttpError(HttpCode.UNAUTHORIZED, "Invalid request token")
);

30
server/routers/badger/verifySession.ts
View File

@@ -42,7 +42,8 @@ const verifyResourceSessionSchema = z.object({
path: z.string(),
method: z.string(),
accessToken: z.string().optional(),
tls: z.boolean()
tls: z.boolean(),
requestIp: z.string().optional()
});
export type VerifyResourceSessionSchema = z.infer<
@@ -77,9 +78,12 @@ export async function verifyResourceSession(
sessions,
host,
originalRequestURL,
requestIp,
accessToken: token
} = parsedBody.data;
const clientIp = requestIp?.split(":")[0];
const resourceCacheKey = `resource:${host}`;
let resourceData:
| {
@@ -160,6 +164,14 @@ export async function verifyResourceSession(
logger.debug("Access token invalid: " + error);
}
if (!valid) {
if (config.getRawConfig().app.log_failed_attempts) {
logger.info(
`Resource access token is invalid. Resource ID: ${resource.resourceId}. IP: ${clientIp}.`
);
}
}
if (valid && tokenItem) {
validAccessToken = tokenItem;
@@ -174,6 +186,11 @@ export async function verifyResourceSession(
}
if (!sessions) {
if (config.getRawConfig().app.log_failed_attempts) {
logger.info(
`Missing resource sessions. Resource ID: ${resource.resourceId}. IP: ${clientIp}.`
);
}
return notAllowed(res);
}
@@ -200,6 +217,11 @@ export async function verifyResourceSession(
logger.debug(
"Resource not allowed because session is a temporary request token"
);
if (config.getRawConfig().app.log_failed_attempts) {
logger.info(
`Resource session is an exchange token. Resource ID: ${resource.resourceId}. IP: ${clientIp}.`
);
}
return notAllowed(res);
}
@@ -271,6 +293,12 @@ export async function verifyResourceSession(
}
logger.debug("No more auth to check, resource not allowed");
if (config.getRawConfig().app.log_failed_attempts) {
logger.info(
`Resource access not allowed. Resource ID: ${resource.resourceId}. IP: ${clientIp}.`
);
}
return notAllowed(res, redirectUrl);
} catch (e) {
console.error(e);