gitea/opengist
0
0
Fork 0
mirror of https://github.com/thomiceli/opengist.git synced 2025-06-12 13:37:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add warn logs on invalid authentications

Browse Source
This commit is contained in:
Thomas Miceli
2023-04-04 01:16:22 +02:00
parent 8cdcb58e95
commit 746d836b99
5 changed files with 27 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
internal/web/auth.go
View File

@ -1,7 +1,10 @@
package web
import (
"errors"
"github.com/labstack/echo/v4"
"github.com/rs/zerolog/log"
"gorm.io/gorm"
"opengist/internal/config"
"opengist/internal/models"
)
@ -80,6 +83,10 @@ func processLogin(ctx echo.Context) error {
var user *models.User
if user, err = models.GetUserByUsername(dto.Username); err != nil {
if !errors.Is(err, gorm.ErrRecordNotFound) {
return errorRes(500, "Cannot get user", err)
}
log.Warn().Msg("Invalid HTTP authentication attempt from " + ctx.RealIP())
addFlash(ctx, "Invalid credentials", "error")
return redirect(ctx, "/login")
}
@ -88,6 +95,7 @@ func processLogin(ctx echo.Context) error {
if err != nil {
return errorRes(500, "Cannot check for password", err)
}
log.Warn().Msg("Invalid HTTP authentication attempt from " + ctx.RealIP())
addFlash(ctx, "Invalid credentials", "error")
return redirect(ctx, "/login")
}

2
internal/web/git_http.go
View File

@ -6,6 +6,7 @@ import (
"encoding/base64"
"fmt"
"github.com/labstack/echo/v4"
"github.com/rs/zerolog/log"
"net/http"
"opengist/internal/git"
"opengist/internal/models"
@ -84,6 +85,7 @@ func gitHttp(ctx echo.Context) error {
if err != nil {
return errorRes(500, "Cannot verify password", err)
}
log.Warn().Msg("Invalid HTTP authentication attempt from " + ctx.RealIP())
return errorRes(403, "Unauthorized", nil)
}

5
internal/web/run.go
View File

@ -107,11 +107,12 @@ func Start() {
Getter: middleware.MethodFromForm("_method"),
}))
e.Pre(middleware.RemoveTrailingSlash())
e.Use(middleware.CORS())
e.Use(middleware.RequestLoggerWithConfig(middleware.RequestLoggerConfig{
e.Pre(middleware.CORS())
e.Pre(middleware.RequestLoggerWithConfig(middleware.RequestLoggerConfig{
LogURI: true, LogStatus: true, LogMethod: true,
LogValuesFunc: func(ctx echo.Context, v middleware.RequestLoggerValues) error {
log.Info().Str("URI", v.URI).Int("status", v.Status).Str("method", v.Method).
Str("ip", ctx.RealIP()).
Msg("HTTP")
return nil
},