From 892fb6410c80892f54931e0a4a0cc6b92e175395 Mon Sep 17 00:00:00 2001
From: advplyr <advplyr@protonmail.com>
Date: Thu, 17 Nov 2022 18:04:11 -0600
Subject: [PATCH] Update:Add client ip address in server log for failed auth
 attempts #1172

---
 server/Auth.js | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/server/Auth.js b/server/Auth.js
index a8fd043e..416289c0 100644
--- a/server/Auth.js
+++ b/server/Auth.js
@@ -1,5 +1,6 @@
 const bcrypt = require('./libs/bcryptjs')
 const jwt = require('./libs/jsonwebtoken')
+const requestIp = require('./libs/requestIp')
 const Logger = require('./Logger')
 
 class Auth {
@@ -125,14 +126,16 @@ class Auth {
   }
 
   async login(req, res, feeds) {
+    const ipAddress = requestIp.getClientIp(req)
     var username = (req.body.username || '').toLowerCase()
     var password = req.body.password || ''
 
     var user = this.users.find(u => u.username.toLowerCase() === username)
 
     if (!user || !user.isActive) {
-      Logger.debug(`[Auth] Failed login attempt ${req.rateLimit.current} of ${req.rateLimit.limit}`)
+      Logger.warn(`[Auth] Failed login attempt ${req.rateLimit.current} of ${req.rateLimit.limit} from ${ipAddress}`)
       if (req.rateLimit.remaining <= 2) {
+        Logger.error(`[Auth] Failed login attempt for username ${username} from ip ${ipAddress}. Attempts: ${req.rateLimit.current}`)
         return res.status(401).send(`Invalid user or password (${req.rateLimit.remaining === 0 ? '1 attempt remaining' : `${req.rateLimit.remaining + 1} attempts remaining`})`)
       }
       return res.status(401).send('Invalid user or password')
@@ -152,9 +155,9 @@ class Auth {
     if (compare) {
       res.json(this.getUserLoginResponsePayload(user, feeds))
     } else {
-      Logger.debug(`[Auth] Failed login attempt ${req.rateLimit.current} of ${req.rateLimit.limit}`)
+      Logger.warn(`[Auth] Failed login attempt ${req.rateLimit.current} of ${req.rateLimit.limit} from ${ipAddress}`)
       if (req.rateLimit.remaining <= 2) {
-        Logger.error(`[Auth] Failed login attempt for user ${user.username}. Attempts: ${req.rateLimit.current}`)
+        Logger.error(`[Auth] Failed login attempt for user ${user.username} from ip ${ipAddress}. Attempts: ${req.rateLimit.current}`)
         return res.status(401).send(`Invalid user or password (${req.rateLimit.remaining === 0 ? '1 attempt remaining' : `${req.rateLimit.remaining + 1} attempts remaining`})`)
       }
       return res.status(401).send('Invalid user or password')