Merge pull request from chakflying/chore/auth-logging

Chore: Add logging for failed auth
This commit is contained in:
Louis Lam 2023-06-26 12:54:01 +08:00 committed by GitHub
commit b4b6e07e6b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -2,6 +2,7 @@ const basicAuth = require("express-basic-auth");
const passwordHash = require("./password-hash"); const passwordHash = require("./password-hash");
const { R } = require("redbean-node"); const { R } = require("redbean-node");
const { setting } = require("./util-server"); const { setting } = require("./util-server");
const { log } = require("../src/util");
const { loginRateLimiter, apiRateLimiter } = require("./rate-limiter"); const { loginRateLimiter, apiRateLimiter } = require("./rate-limiter");
const { Settings } = require("./settings"); const { Settings } = require("./settings");
const dayjs = require("dayjs"); const dayjs = require("dayjs");
@ -81,12 +82,16 @@ function apiAuthorizer(username, password, callback) {
apiRateLimiter.pass(null, 0).then((pass) => { apiRateLimiter.pass(null, 0).then((pass) => {
if (pass) { if (pass) {
verifyAPIKey(password).then((valid) => { verifyAPIKey(password).then((valid) => {
if (!valid) {
log.warn("api-auth", "Failed API auth attempt: invalid API Key");
}
callback(null, valid); callback(null, valid);
// Only allow a set number of api requests per minute // Only allow a set number of api requests per minute
// (currently set to 60) // (currently set to 60)
apiRateLimiter.removeTokens(1); apiRateLimiter.removeTokens(1);
}); });
} else { } else {
log.warn("api-auth", "Failed API auth attempt: rate limit exceeded");
callback(null, false); callback(null, false);
} }
}); });
@ -106,10 +111,12 @@ function userAuthorizer(username, password, callback) {
callback(null, user != null); callback(null, user != null);
if (user == null) { if (user == null) {
log.warn("basic-auth", "Failed basic auth attempt: invalid username/password");
loginRateLimiter.removeTokens(1); loginRateLimiter.removeTokens(1);
} }
}); });
} else { } else {
log.warn("basic-auth", "Failed basic auth attempt: rate limit exceeded");
callback(null, false); callback(null, false);
} }
}); });