diff options
Diffstat (limited to 'apps/web/server')
| -rw-r--r-- | apps/web/server/api/client.ts | 29 | ||||
| -rw-r--r-- | apps/web/server/auth.ts | 11 |
2 files changed, 35 insertions, 5 deletions
diff --git a/apps/web/server/api/client.ts b/apps/web/server/api/client.ts index 6a0a8909..fb2d84bc 100644 --- a/apps/web/server/api/client.ts +++ b/apps/web/server/api/client.ts @@ -1,4 +1,6 @@ +import { headers } from "next/headers"; import { getServerAuthSession } from "@/server/auth"; +import requestIp from "request-ip"; import { db } from "@hoarder/db"; import { Context, createCallerFactory } from "@hoarder/trpc"; @@ -8,25 +10,46 @@ import { appRouter } from "@hoarder/trpc/routers/_app"; export async function createContextFromRequest(req: Request) { // TODO: This is a hack until we offer a proper REST API instead of the trpc based one. // Check if the request has an Authorization token, if it does, assume that API key authentication is requested. + const ip = requestIp.getClientIp({ + headers: Object.fromEntries(req.headers.entries()), + }); const authorizationHeader = req.headers.get("Authorization"); if (authorizationHeader && authorizationHeader.startsWith("Bearer ")) { const token = authorizationHeader.split(" ")[1]; try { const user = await authenticateApiKey(token); - return { user, db }; + return { + user, + db, + req: { + ip, + }, + }; } catch (e) { // Fallthrough to cookie-based auth } } - return createContext(); + return createContext(db, ip); } -export const createContext = async (database?: typeof db): Promise<Context> => { +export const createContext = async ( + database?: typeof db, + ip?: string | null, +): Promise<Context> => { const session = await getServerAuthSession(); + if (ip === undefined) { + const hdrs = headers(); + ip = requestIp.getClientIp({ + headers: Object.fromEntries(hdrs.entries()), + }); + } return { user: session?.user ?? null, db: database ?? db, + req: { + ip, + }, }; }; diff --git a/apps/web/server/auth.ts b/apps/web/server/auth.ts index 042be1ae..ee226743 100644 --- a/apps/web/server/auth.ts +++ b/apps/web/server/auth.ts @@ -8,6 +8,7 @@ import NextAuth, { } from "next-auth"; import CredentialsProvider from "next-auth/providers/credentials"; import { Provider } from "next-auth/providers/index"; +import requestIp from "request-ip"; import { db } from "@hoarder/db"; import { @@ -17,7 +18,7 @@ import { verificationTokens, } from "@hoarder/db/schema"; import serverConfig from "@hoarder/shared/config"; -import { validatePassword } from "@hoarder/trpc/auth"; +import { logAuthenticationError, validatePassword } from "@hoarder/trpc/auth"; type UserRole = "admin" | "user"; @@ -77,7 +78,7 @@ const providers: Provider[] = [ email: { label: "Email", type: "email", placeholder: "Email" }, password: { label: "Password", type: "password" }, }, - async authorize(credentials) { + async authorize(credentials, req) { if (!credentials) { return null; } @@ -88,6 +89,12 @@ const providers: Provider[] = [ credentials?.password, ); } catch (e) { + const error = e as Error; + logAuthenticationError( + credentials?.email, + error.message, + requestIp.getClientIp({ headers: req.headers }), + ); return null; } }, |