Browse Source

feat(server)Log username and IP address on failed login attempt

bo0tzz 2 years ago
parent
commit
95d8f60389

+ 3 - 2
server/apps/immich/src/api-v1/auth/auth.controller.ts

@@ -1,4 +1,4 @@
-import { Body, Controller, Post, Res, UseGuards, ValidationPipe } from '@nestjs/common';
+import { Body, Controller, Post, Res, UseGuards, ValidationPipe, Ip } from '@nestjs/common';
 import { ApiBadRequestResponse, ApiBearerAuth, ApiTags } from '@nestjs/swagger';
 import { AuthUserDto, GetAuthUser } from '../../decorators/auth-user.decorator';
 import { JwtAuthGuard } from '../../modules/immich-jwt/guards/jwt-auth.guard';
@@ -19,9 +19,10 @@ export class AuthController {
   @Post('/login')
   async login(
     @Body(new ValidationPipe({ transform: true })) loginCredential: LoginCredentialDto,
+    @Ip() clientIp: string,
     @Res() response: Response,
   ): Promise<LoginResponseDto> {
-    const loginResponse = await this.authService.login(loginCredential);
+    const loginResponse = await this.authService.login(loginCredential, clientIp);
 
     // Set Cookies
     const accessTokenCookie = this.authService.getCookieWithJwtToken(loginResponse);

+ 2 - 1
server/apps/immich/src/api-v1/auth/auth.service.ts

@@ -50,10 +50,11 @@ export class AuthService {
     return null;
   }
 
-  public async login(loginCredential: LoginCredentialDto): Promise<LoginResponseDto> {
+  public async login(loginCredential: LoginCredentialDto, clientIp: string): Promise<LoginResponseDto> {
     const validatedUser = await this.validateUser(loginCredential);
 
     if (!validatedUser) {
+      Logger.warn(`Failed login attempt for user ${loginCredential.email} from ip address ${clientIp}`)
       throw new BadRequestException('Incorrect email or password');
     }