1
0
Fork 0
mirror of https://github.com/immich-app/immich.git synced 2025-01-07 20:36:48 +01:00

feat(server)Log username and IP address on failed login attempt

This commit is contained in:
bo0tzz 2022-10-21 18:04:01 +02:00 committed by GitHub
parent 1ec7122381
commit 95d8f60389
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 3 deletions

View file

@ -1,4 +1,4 @@
import { Body, Controller, Post, Res, UseGuards, ValidationPipe } from '@nestjs/common'; import { Body, Controller, Post, Res, UseGuards, ValidationPipe, Ip } from '@nestjs/common';
import { ApiBadRequestResponse, ApiBearerAuth, ApiTags } from '@nestjs/swagger'; import { ApiBadRequestResponse, ApiBearerAuth, ApiTags } from '@nestjs/swagger';
import { AuthUserDto, GetAuthUser } from '../../decorators/auth-user.decorator'; import { AuthUserDto, GetAuthUser } from '../../decorators/auth-user.decorator';
import { JwtAuthGuard } from '../../modules/immich-jwt/guards/jwt-auth.guard'; import { JwtAuthGuard } from '../../modules/immich-jwt/guards/jwt-auth.guard';
@ -19,9 +19,10 @@ export class AuthController {
@Post('/login') @Post('/login')
async login( async login(
@Body(new ValidationPipe({ transform: true })) loginCredential: LoginCredentialDto, @Body(new ValidationPipe({ transform: true })) loginCredential: LoginCredentialDto,
@Ip() clientIp: string,
@Res() response: Response, @Res() response: Response,
): Promise<LoginResponseDto> { ): Promise<LoginResponseDto> {
const loginResponse = await this.authService.login(loginCredential); const loginResponse = await this.authService.login(loginCredential, clientIp);
// Set Cookies // Set Cookies
const accessTokenCookie = this.authService.getCookieWithJwtToken(loginResponse); const accessTokenCookie = this.authService.getCookieWithJwtToken(loginResponse);

View file

@ -50,10 +50,11 @@ export class AuthService {
return null; return null;
} }
public async login(loginCredential: LoginCredentialDto): Promise<LoginResponseDto> { public async login(loginCredential: LoginCredentialDto, clientIp: string): Promise<LoginResponseDto> {
const validatedUser = await this.validateUser(loginCredential); const validatedUser = await this.validateUser(loginCredential);
if (!validatedUser) { if (!validatedUser) {
Logger.warn(`Failed login attempt for user ${loginCredential.email} from ip address ${clientIp}`)
throw new BadRequestException('Incorrect email or password'); throw new BadRequestException('Incorrect email or password');
} }