From 0debc6b415baa466245901fb52c009d09ef3ba15 Mon Sep 17 00:00:00 2001
From: kamtschatka <simon.schatka@gmx.at>
Date: Sat, 19 Oct 2024 22:24:26 +0200
Subject: feature: Log authentication failures to support fail2ban. Fixes #477
 (#569)

* How do I set the variable "user" or "system" for AI inference #262
changed from system to user

* [Feature Request] Log failed login attempts for fail2ban implementation
#477
added logging of failed logins

* [Feature Request] Log failed login attempts for fail2ban implementation #477
added more logging for extension related logins

* Propagte IP to trpc

---------

Co-authored-by: Your Name <you@example.com>
---
 packages/trpc/routers/apiKeys.ts | 27 ++++++++++++++++++++-------
 1 file changed, 20 insertions(+), 7 deletions(-)

(limited to 'packages/trpc/routers')

diff --git a/packages/trpc/routers/apiKeys.ts b/packages/trpc/routers/apiKeys.ts
index b7468dd2..c55dc095 100644
--- a/packages/trpc/routers/apiKeys.ts
+++ b/packages/trpc/routers/apiKeys.ts
@@ -5,7 +5,12 @@ import { z } from "zod";
 import { apiKeys } from "@hoarder/db/schema";
 import serverConfig from "@hoarder/shared/config";
 
-import { authenticateApiKey, generateApiKey, validatePassword } from "../auth";
+import {
+  authenticateApiKey,
+  generateApiKey,
+  logAuthenticationError,
+  validatePassword,
+} from "../auth";
 import { authedProcedure, publicProcedure, router } from "../index";
 
 const zApiKeySchema = z.object({
@@ -73,7 +78,7 @@ export const apiKeysAppRouter = router({
       }),
     )
     .output(zApiKeySchema)
-    .mutation(async ({ input }) => {
+    .mutation(async ({ input, ctx }) => {
       let user;
       // Special handling as otherwise the extension would show "username or password is wrong"
       if (serverConfig.auth.disablePasswordAuth) {
@@ -85,6 +90,8 @@ export const apiKeysAppRouter = router({
       try {
         user = await validatePassword(input.email, input.password);
       } catch (e) {
+        const error = e as Error;
+        logAuthenticationError(input.email, error.message, ctx.req.ip);
         throw new TRPCError({ code: "UNAUTHORIZED" });
       }
       return await generateApiKey(input.keyName, user.id);
@@ -92,10 +99,16 @@ export const apiKeysAppRouter = router({
   validate: publicProcedure
     .input(z.object({ apiKey: z.string() }))
     .output(z.object({ success: z.boolean() }))
-    .mutation(async ({ input }) => {
-      await authenticateApiKey(input.apiKey); // Throws if the key is invalid
-      return {
-        success: true,
-      };
+    .mutation(async ({ input, ctx }) => {
+      try {
+        await authenticateApiKey(input.apiKey); // Throws if the key is invalid
+        return {
+          success: true,
+        };
+      } catch (e) {
+        const error = e as Error;
+        logAuthenticationError("<unknown>", error.message, ctx.req.ip);
+        throw e;
+      }
     }),
 });
-- 
cgit v1.2.3-70-g09d2