From f6df1a760d9ef5ded564f95a8bdaac59c404415d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Colomb?= <src@andre.colomb.de>
Date: Tue, 13 Apr 2021 10:14:44 +0200
Subject: [PATCH] lib/api: Log the remote address on login attempts (#7560)

This enables usage of the audit log to e.g. automatically block remote
addresses from connecting after repeated login failures.
---
 lib/api/api_auth.go | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/lib/api/api_auth.go b/lib/api/api_auth.go
index 415cf7b43..82d47a498 100644
--- a/lib/api/api_auth.go
+++ b/lib/api/api_auth.go
@@ -29,10 +29,11 @@ var (
 	sessionsMut = sync.NewMutex()
 )
 
-func emitLoginAttempt(success bool, username string, evLogger events.Logger) {
+func emitLoginAttempt(success bool, username, address string, evLogger events.Logger) {
 	evLogger.Log(events.LoginAttempt, map[string]interface{}{
-		"success":  success,
-		"username": username,
+		"success":       success,
+		"username":      username,
+		"remoteAddress": address,
 	})
 }
 
@@ -95,7 +96,7 @@ func basicAuthAndSessionMiddleware(cookieName string, guiCfg config.GUIConfigura
 		}
 
 		if !authOk {
-			emitLoginAttempt(false, username, evLogger)
+			emitLoginAttempt(false, username, r.RemoteAddr, evLogger)
 			error()
 			return
 		}
@@ -110,7 +111,7 @@ func basicAuthAndSessionMiddleware(cookieName string, guiCfg config.GUIConfigura
 			MaxAge: 0,
 		})
 
-		emitLoginAttempt(true, username, evLogger)
+		emitLoginAttempt(true, username, r.RemoteAddr, evLogger)
 		next.ServeHTTP(w, r)
 	})
 }