feat(server)Log username and IP address on failed login attempt

2024-11-24 08:52:28 +02:00 · 2022-10-21 18:04:01 +02:00 · 2022-10-21 18:04:01 +02:00 · 95d8f60389
commit 95d8f60389
parent 1ec7122381
2 changed files with 5 additions and 3 deletions
--- a/server/apps/immich/src/api-v1/auth/auth.controller.ts
+++ b/server/apps/immich/src/api-v1/auth/auth.controller.ts
@ -1,4 +1,4 @@
-import { Body, Controller, Post, Res, UseGuards, ValidationPipe } from '@nestjs/common';
+import { Body, Controller, Post, Res, UseGuards, ValidationPipe, Ip } from '@nestjs/common';
 import { ApiBadRequestResponse, ApiBearerAuth, ApiTags } from '@nestjs/swagger';
 import { AuthUserDto, GetAuthUser } from '../../decorators/auth-user.decorator';
 import { JwtAuthGuard } from '../../modules/immich-jwt/guards/jwt-auth.guard';
@ -19,9 +19,10 @@ export class AuthController {
  @Post('/login')
  async login(
    @Body(new ValidationPipe({ transform: true })) loginCredential: LoginCredentialDto,
+    @Ip() clientIp: string,
    @Res() response: Response,
  ): Promise<LoginResponseDto> {
-    const loginResponse = await this.authService.login(loginCredential);
+    const loginResponse = await this.authService.login(loginCredential, clientIp);

    // Set Cookies
    const accessTokenCookie = this.authService.getCookieWithJwtToken(loginResponse);
--- a/server/apps/immich/src/api-v1/auth/auth.service.ts
+++ b/server/apps/immich/src/api-v1/auth/auth.service.ts
@ -50,10 +50,11 @@ export class AuthService {
    return null;
  }

-  public async login(loginCredential: LoginCredentialDto): Promise<LoginResponseDto> {
+  public async login(loginCredential: LoginCredentialDto, clientIp: string): Promise<LoginResponseDto> {
    const validatedUser = await this.validateUser(loginCredential);

    if (!validatedUser) {
+      Logger.warn(`Failed login attempt for user ${loginCredential.email} from ip address ${clientIp}`)
      throw new BadRequestException('Incorrect email or password');
    }