* auth: improve logging
Write info log messages for login attempts (both successful and not)
This commit is contained in:
parent
c9a6e4e018
commit
b03b36e47e
33
home/auth.go
33
home/auth.go
|
@ -146,18 +146,21 @@ func (a *Auth) loadSessions() {
|
||||||
|
|
||||||
// store session data in file
|
// store session data in file
|
||||||
func (a *Auth) addSession(data []byte, s *session) {
|
func (a *Auth) addSession(data []byte, s *session) {
|
||||||
|
name := hex.EncodeToString(data)
|
||||||
a.lock.Lock()
|
a.lock.Lock()
|
||||||
a.sessions[hex.EncodeToString(data)] = s
|
a.sessions[name] = s
|
||||||
a.lock.Unlock()
|
a.lock.Unlock()
|
||||||
a.storeSession(data, s)
|
if a.storeSession(data, s) {
|
||||||
|
log.Info("Auth: created session %s: expire=%d", name, s.expire)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// store session data in file
|
// store session data in file
|
||||||
func (a *Auth) storeSession(data []byte, s *session) {
|
func (a *Auth) storeSession(data []byte, s *session) bool {
|
||||||
tx, err := a.db.Begin(true)
|
tx, err := a.db.Begin(true)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error("Auth: bbolt.Begin: %s", err)
|
log.Error("Auth: bbolt.Begin: %s", err)
|
||||||
return
|
return false
|
||||||
}
|
}
|
||||||
defer func() {
|
defer func() {
|
||||||
_ = tx.Rollback()
|
_ = tx.Rollback()
|
||||||
|
@ -166,21 +169,20 @@ func (a *Auth) storeSession(data []byte, s *session) {
|
||||||
bkt, err := tx.CreateBucketIfNotExists(bucketName())
|
bkt, err := tx.CreateBucketIfNotExists(bucketName())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error("Auth: bbolt.CreateBucketIfNotExists: %s", err)
|
log.Error("Auth: bbolt.CreateBucketIfNotExists: %s", err)
|
||||||
return
|
return false
|
||||||
}
|
}
|
||||||
err = bkt.Put(data, s.serialize())
|
err = bkt.Put(data, s.serialize())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error("Auth: bbolt.Put: %s", err)
|
log.Error("Auth: bbolt.Put: %s", err)
|
||||||
return
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
err = tx.Commit()
|
err = tx.Commit()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error("Auth: bbolt.Commit: %s", err)
|
log.Error("Auth: bbolt.Commit: %s", err)
|
||||||
return
|
return false
|
||||||
}
|
}
|
||||||
|
return true
|
||||||
log.Debug("Auth: stored session in DB")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// remove session from file
|
// remove session from file
|
||||||
|
@ -245,7 +247,9 @@ func (a *Auth) CheckSession(sess string) int {
|
||||||
|
|
||||||
if update {
|
if update {
|
||||||
key, _ := hex.DecodeString(sess)
|
key, _ := hex.DecodeString(sess)
|
||||||
a.storeSession(key, s)
|
if a.storeSession(key, s) {
|
||||||
|
log.Debug("Auth: updated session %s: expire=%d", sess, s.expire)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0
|
return 0
|
||||||
|
@ -303,8 +307,9 @@ func handleLogin(w http.ResponseWriter, r *http.Request) {
|
||||||
|
|
||||||
cookie := config.auth.httpCookie(req)
|
cookie := config.auth.httpCookie(req)
|
||||||
if len(cookie) == 0 {
|
if len(cookie) == 0 {
|
||||||
|
log.Info("Auth: invalid user name or password: name='%s'", req.Name)
|
||||||
time.Sleep(1 * time.Second)
|
time.Sleep(1 * time.Second)
|
||||||
httpError(w, http.StatusBadRequest, "invalid login or password")
|
http.Error(w, "invalid user name or password", http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -366,7 +371,7 @@ func optionalAuth(handler func(http.ResponseWriter, *http.Request)) func(http.Re
|
||||||
w.WriteHeader(http.StatusFound)
|
w.WriteHeader(http.StatusFound)
|
||||||
return
|
return
|
||||||
} else if r < 0 {
|
} else if r < 0 {
|
||||||
log.Debug("Auth: invalid cookie value: %s", cookie)
|
log.Info("Auth: invalid cookie value: %s", cookie)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -383,7 +388,7 @@ func optionalAuth(handler func(http.ResponseWriter, *http.Request)) func(http.Re
|
||||||
if r == 0 {
|
if r == 0 {
|
||||||
ok = true
|
ok = true
|
||||||
} else if r < 0 {
|
} else if r < 0 {
|
||||||
log.Debug("Auth: invalid cookie value: %s", cookie)
|
log.Info("Auth: invalid cookie value: %s", cookie)
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
// there's no Cookie, check Basic authentication
|
// there's no Cookie, check Basic authentication
|
||||||
|
@ -392,6 +397,8 @@ func optionalAuth(handler func(http.ResponseWriter, *http.Request)) func(http.Re
|
||||||
u := config.auth.UserFind(user, pass)
|
u := config.auth.UserFind(user, pass)
|
||||||
if len(u.Name) != 0 {
|
if len(u.Name) != 0 {
|
||||||
ok = true
|
ok = true
|
||||||
|
} else {
|
||||||
|
log.Info("Auth: invalid Basic Authorization value")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue