* auth: improve logging

Write info log messages for login attempts (both successful and not)
This commit is contained in:
Simon Zolin 2019-11-12 14:24:27 +03:00
parent c9a6e4e018
commit b03b36e47e
1 changed files with 20 additions and 13 deletions

View File

@ -146,18 +146,21 @@ func (a *Auth) loadSessions() {
// store session data in file // store session data in file
func (a *Auth) addSession(data []byte, s *session) { func (a *Auth) addSession(data []byte, s *session) {
name := hex.EncodeToString(data)
a.lock.Lock() a.lock.Lock()
a.sessions[hex.EncodeToString(data)] = s a.sessions[name] = s
a.lock.Unlock() a.lock.Unlock()
a.storeSession(data, s) if a.storeSession(data, s) {
log.Info("Auth: created session %s: expire=%d", name, s.expire)
}
} }
// store session data in file // store session data in file
func (a *Auth) storeSession(data []byte, s *session) { func (a *Auth) storeSession(data []byte, s *session) bool {
tx, err := a.db.Begin(true) tx, err := a.db.Begin(true)
if err != nil { if err != nil {
log.Error("Auth: bbolt.Begin: %s", err) log.Error("Auth: bbolt.Begin: %s", err)
return return false
} }
defer func() { defer func() {
_ = tx.Rollback() _ = tx.Rollback()
@ -166,21 +169,20 @@ func (a *Auth) storeSession(data []byte, s *session) {
bkt, err := tx.CreateBucketIfNotExists(bucketName()) bkt, err := tx.CreateBucketIfNotExists(bucketName())
if err != nil { if err != nil {
log.Error("Auth: bbolt.CreateBucketIfNotExists: %s", err) log.Error("Auth: bbolt.CreateBucketIfNotExists: %s", err)
return return false
} }
err = bkt.Put(data, s.serialize()) err = bkt.Put(data, s.serialize())
if err != nil { if err != nil {
log.Error("Auth: bbolt.Put: %s", err) log.Error("Auth: bbolt.Put: %s", err)
return return false
} }
err = tx.Commit() err = tx.Commit()
if err != nil { if err != nil {
log.Error("Auth: bbolt.Commit: %s", err) log.Error("Auth: bbolt.Commit: %s", err)
return return false
} }
return true
log.Debug("Auth: stored session in DB")
} }
// remove session from file // remove session from file
@ -245,7 +247,9 @@ func (a *Auth) CheckSession(sess string) int {
if update { if update {
key, _ := hex.DecodeString(sess) key, _ := hex.DecodeString(sess)
a.storeSession(key, s) if a.storeSession(key, s) {
log.Debug("Auth: updated session %s: expire=%d", sess, s.expire)
}
} }
return 0 return 0
@ -303,8 +307,9 @@ func handleLogin(w http.ResponseWriter, r *http.Request) {
cookie := config.auth.httpCookie(req) cookie := config.auth.httpCookie(req)
if len(cookie) == 0 { if len(cookie) == 0 {
log.Info("Auth: invalid user name or password: name='%s'", req.Name)
time.Sleep(1 * time.Second) time.Sleep(1 * time.Second)
httpError(w, http.StatusBadRequest, "invalid login or password") http.Error(w, "invalid user name or password", http.StatusBadRequest)
return return
} }
@ -366,7 +371,7 @@ func optionalAuth(handler func(http.ResponseWriter, *http.Request)) func(http.Re
w.WriteHeader(http.StatusFound) w.WriteHeader(http.StatusFound)
return return
} else if r < 0 { } else if r < 0 {
log.Debug("Auth: invalid cookie value: %s", cookie) log.Info("Auth: invalid cookie value: %s", cookie)
} }
} }
@ -383,7 +388,7 @@ func optionalAuth(handler func(http.ResponseWriter, *http.Request)) func(http.Re
if r == 0 { if r == 0 {
ok = true ok = true
} else if r < 0 { } else if r < 0 {
log.Debug("Auth: invalid cookie value: %s", cookie) log.Info("Auth: invalid cookie value: %s", cookie)
} }
} else { } else {
// there's no Cookie, check Basic authentication // there's no Cookie, check Basic authentication
@ -392,6 +397,8 @@ func optionalAuth(handler func(http.ResponseWriter, *http.Request)) func(http.Re
u := config.auth.UserFind(user, pass) u := config.auth.UserFind(user, pass)
if len(u.Name) != 0 { if len(u.Name) != 0 {
ok = true ok = true
} else {
log.Info("Auth: invalid Basic Authorization value")
} }
} }
} }