feature: Log authentication failures to support fail2ban. Fixes #477 (#569)

* How do I set the variable "user" or "system" for AI inference #262
changed from system to user

* [Feature Request] Log failed login attempts for fail2ban implementation
#477
added logging of failed logins

* [Feature Request] Log failed login attempts for fail2ban implementation #477
added more logging for extension related logins

* Propagte IP to trpc

---------

Co-authored-by: Your Name <you@example.com>

1 files changed, 9 insertions, 2 deletions

diff --git a/apps/web/server/auth.ts b/apps/web/server/auth.ts
index 042be1ae..ee226743 100644
--- a/apps/web/server/auth.ts
+++ b/apps/web/server/auth.ts
@@ -8,6 +8,7 @@ import NextAuth, {
 } from "next-auth";
 import CredentialsProvider from "next-auth/providers/credentials";
 import { Provider } from "next-auth/providers/index";
+import requestIp from "request-ip";
 
 import { db } from "@hoarder/db";
 import {
@@ -17,7 +18,7 @@ import {
   verificationTokens,
 } from "@hoarder/db/schema";
 import serverConfig from "@hoarder/shared/config";
-import { validatePassword } from "@hoarder/trpc/auth";
+import { logAuthenticationError, validatePassword } from "@hoarder/trpc/auth";
 
 type UserRole = "admin" | "user";
 
@@ -77,7 +78,7 @@ const providers: Provider[] = [
       email: { label: "Email", type: "email", placeholder: "Email" },
       password: { label: "Password", type: "password" },
     },
-    async authorize(credentials) {
+    async authorize(credentials, req) {
       if (!credentials) {
         return null;
       }
@@ -88,6 +89,12 @@ const providers: Provider[] = [
           credentials?.password,
         );
       } catch (e) {
+        const error = e as Error;
+        logAuthenticationError(
+          credentials?.email,
+          error.message,
+          requestIp.getClientIp({ headers: req.headers }),
+        );
         return null;
       }
     },