nodemailer/wildduck
1
1
Fork 0
mirror of https://github.com/nodemailer/wildduck.git synced 2024-09-20 07:16:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

Log ip and sess to Graylog

Browse source
This commit is contained in:
Andris Reinman 2020-04-08 11:57:48 +03:00
parent 797b7756d7
commit 414962342b
4 changed files with 46 additions and 58 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.prettierrc.js
View file

@ -1,5 +1,8 @@
module.exports = {
printWidth: 160,
tabWidth: 4,
singleQuote: true
singleQuote: true,
endOfLine: 'lf',
trailingComma: 'none',
arrowParens: 'avoid'
};

32
api.js
View file

@ -64,8 +64,10 @@ const serverOptions = {
let message = {
short_message: 'HTTP [' + req.method + ' ' + path + '] ' + (body.success ? 'OK' : 'FAILED'),
_ip: req.headers['x-forwarded-for'] || req.connection.remoteAddress,
_client_ip: ((req.body && req.body.ip) || (req.query && req.query.ip) || '').toString().substr(0, 40) || '',
_remote_ip: req.headers['x-forwarded-for'] || req.connection.remoteAddress,
_ip: ((req.body && req.body.ip) || (req.query && req.query.ip) || '').toString().substr(0, 40) || '',
_sess: ((req.body && req.body.sess) || (req.query && req.query.sess) || '').toString().substr(0, 40) || '',
_http_route: path,
_http_method: req.method,
@ -81,13 +83,7 @@ const serverOptions = {
};
Object.keys(req.params || {}).forEach(key => {
let value =
typeof req.params[key] === 'string'
? req.params[key]
: util
.inspect(req.params[key], false, 3)
.toString()
.trim();
let value = typeof req.params[key] === 'string' ? req.params[key] : util.inspect(req.params[key], false, 3).toString().trim();
if (!value) {
return;
@ -111,13 +107,7 @@ const serverOptions = {
if (!body || !['id'].includes(key)) {
return;
}
value =
typeof value === 'string'
? value
: util
.inspect(value, false, 3)
.toString()
.trim();
value = typeof value === 'string' ? value : util.inspect(value, false, 3).toString().trim();
if (value.length > 128) {
value = value.substr(0, 128) + '…';
@ -218,10 +208,7 @@ server.use(
tokenRequired = true;
if (accessToken && accessToken.length === 40 && /^[a-fA-F0-9]{40}$/.test(accessToken)) {
let tokenData;
let tokenHash = crypto
.createHash('sha256')
.update(accessToken)
.digest('hex');
let tokenHash = crypto.createHash('sha256').update(accessToken).digest('hex');
try {
let key = 'tn:token:' + tokenHash;
@ -251,10 +238,7 @@ server.use(
};
}
let signature = crypto
.createHmac('sha256', config.api.accessControl.secret)
.update(JSON.stringify(signData))
.digest('hex');
let signature = crypto.createHmac('sha256', config.api.accessControl.secret).update(JSON.stringify(signData)).digest('hex');
if (signature !== tokenData.s) {
// rogue token or invalidated secret

63
lib/user-handler.js
View file

@ -405,7 +405,8 @@ class UserHandler {
_username: username,
_domain: userDomain,
_scope: requiredScope,
_ip: meta.ip
_ip: meta.ip,
_sess: meta.sess
});
return [false, false];
}
@ -425,7 +426,8 @@ class UserHandler {
_username: username,
_domain: userDomain,
_scope: requiredScope,
_ip: meta.ip
_ip: meta.ip,
_sess: meta.sess
});
// return as failed auth
return [false, false];
@ -439,7 +441,8 @@ class UserHandler {
_username: username,
_domain: userDomain,
_scope: requiredScope,
_ip: meta.ip
_ip: meta.ip,
_sess: meta.sess
});
throw rateLimitResponse(rateLimitRes);
}
@ -455,7 +458,8 @@ class UserHandler {
_username: username,
_domain: userDomain,
_scope: requiredScope,
_ip: meta.ip
_ip: meta.ip,
_sess: meta.sess
});
return [false, false];
}
@ -493,7 +497,8 @@ class UserHandler {
_username: username,
_domain: userDomain,
_scope: requiredScope,
_ip: meta.ip
_ip: meta.ip,
_sess: meta.sess
});
// return as failed auth
return [false, false];
@ -517,7 +522,8 @@ class UserHandler {
_username: username,
_domain: userDomain,
_scope: requiredScope,
_ip: meta.ip
_ip: meta.ip,
_sess: meta.sess
});
}
@ -530,7 +536,8 @@ class UserHandler {
_username: username,
_domain: userDomain,
_scope: requiredScope,
_ip: meta.ip
_ip: meta.ip,
_sess: meta.sess
});
throw rateLimitResponse(rateLimitRes);
}
@ -542,7 +549,8 @@ class UserHandler {
_username: username,
_domain: userDomain,
_scope: requiredScope,
_ip: meta.ip
_ip: meta.ip,
_sess: meta.sess
});
// return as failed auth
@ -568,7 +576,8 @@ class UserHandler {
_domain: userDomain,
_user: userData._id,
_scope: requiredScope,
_ip: meta.ip
_ip: meta.ip,
_sess: meta.sess
});
throw err;
}
@ -583,7 +592,8 @@ class UserHandler {
_domain: userDomain,
_user: userData._id,
_scope: requiredScope,
_ip: meta.ip
_ip: meta.ip,
_sess: meta.sess
});
let err = rateLimitResponse(rateLimitRes);
@ -603,7 +613,8 @@ class UserHandler {
_domain: userDomain,
_user: userData._id,
_scope: requiredScope,
_ip: meta.ip
_ip: meta.ip,
_sess: meta.sess
});
await this.logAuthEvent(userData._id, meta);
return [false, userData._id];
@ -621,7 +632,8 @@ class UserHandler {
_domain: userDomain,
_user: userData._id,
_scope: requiredScope,
_ip: meta.ip
_ip: meta.ip,
_sess: meta.sess
});
await this.logAuthEvent(userData._id, meta);
return [false, userData._id];
@ -645,7 +657,8 @@ class UserHandler {
_password_type: passwordType,
_password_id: passwordId,
_scope: requiredScope,
_ip: meta.ip
_ip: meta.ip,
_sess: meta.sess
});
return [authResponse, userData._id];
@ -951,7 +964,8 @@ class UserHandler {
_password_type: passwordType,
_password_id: passwordId,
_scope: requiredScope,
_ip: meta.ip
_ip: meta.ip,
_sess: meta.sess
});
// increment rate limit counter on failure
@ -3052,10 +3066,7 @@ class UserHandler {
getMailboxes(language, defaults) {
defaults = defaults || {};
let lcode = (language || '')
.toLowerCase()
.split('_')
.shift();
let lcode = (language || '').toLowerCase().split('_').shift();
let translation = lcode && mailboxTranslations.hasOwnProperty(lcode) ? mailboxTranslations[lcode] : mailboxTranslations.en;
@ -3324,10 +3335,7 @@ class UserHandler {
}
async setAuthToken(user, accessToken) {
let tokenHash = crypto
.createHash('sha256')
.update(accessToken)
.digest('hex');
let tokenHash = crypto.createHash('sha256').update(accessToken).digest('hex');
let key = 'tn:token:' + tokenHash;
let ttl = config.api.accessControl.tokenTTL || consts.ACCESS_TOKEN_DEFAULT_TTL;
@ -3359,11 +3367,7 @@ class UserHandler {
.digest('hex')
};
await this.redis
.multi()
.hmset(key, tokenData)
.expire(key, ttl)
.exec();
await this.redis.multi().hmset(key, tokenData).expire(key, ttl).exec();
return accessToken;
}
@ -3383,10 +3387,7 @@ function rateLimitResponse(res) {
// high collision hash function
function getStringSelector(str) {
let hash = crypto
.createHash('sha1')
.update(str)
.digest();
let hash = crypto.createHash('sha1').update(str).digest();
let sum = 0;
for (let i = 0, len = hash.length; i < len; i++) {
sum += hash[i];

4
package.json
View file

@ -45,7 +45,7 @@
"humanname": "0.2.2",
"iconv-lite": "0.5.1",
"ioredfour": "1.0.2-ioredis-02",
"ioredis": "4.16.0",
"ioredis": "4.16.1",
"isemail": "3.2.0",
"joi": "14.3.1",
"js-yaml": "3.13.1",
@ -72,7 +72,7 @@
"speakeasy": "2.0.0",
"u2f": "0.1.3",
"utf7": "1.0.2",
"uuid": "7.0.2",
"uuid": "7.0.3",
"wild-config": "1.5.0",
"yargs": "15.3.1"
},