Martchus
/
syncthing
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

lib/api: Log the remote address on login attempts (#7560) 

This enables usage of the audit log to e.g. automatically block remote
addresses from connecting after repeated login failures.
This commit is contained in:
André Colomb 2021-04-13 10:14:44 +02:00 committed by GitHub
parent f71fcd440a
commit f6df1a760d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lib/api/api_auth.go
View File

@ -29,10 +29,11 @@ var (
sessionsMut = sync.NewMutex()
)
func emitLoginAttempt(success bool, username string, evLogger events.Logger) {
func emitLoginAttempt(success bool, username, address string, evLogger events.Logger) {
evLogger.Log(events.LoginAttempt, map[string]interface{}{
"success": success,
"username": username,
"success": success,
"username": username,
"remoteAddress": address,
})
}
@ -95,7 +96,7 @@ func basicAuthAndSessionMiddleware(cookieName string, guiCfg config.GUIConfigura
}
if !authOk {
emitLoginAttempt(false, username, evLogger)
emitLoginAttempt(false, username, r.RemoteAddr, evLogger)
error()
return
}
@ -110,7 +111,7 @@ func basicAuthAndSessionMiddleware(cookieName string, guiCfg config.GUIConfigura
MaxAge: 0,
})
emitLoginAttempt(true, username, evLogger)
emitLoginAttempt(true, username, r.RemoteAddr, evLogger)
next.ServeHTTP(w, r)
})
}