mirror of
https://github.com/nodemailer/wildduck.git
synced 2024-09-20 07:16:05 +08:00
Log ip and sess to Graylog
This commit is contained in:
parent
797b7756d7
commit
414962342b
|
@ -1,5 +1,8 @@
|
|||
module.exports = {
|
||||
printWidth: 160,
|
||||
tabWidth: 4,
|
||||
singleQuote: true
|
||||
singleQuote: true,
|
||||
endOfLine: 'lf',
|
||||
trailingComma: 'none',
|
||||
arrowParens: 'avoid'
|
||||
};
|
||||
|
|
32
api.js
32
api.js
|
@ -64,8 +64,10 @@ const serverOptions = {
|
|||
let message = {
|
||||
short_message: 'HTTP [' + req.method + ' ' + path + '] ' + (body.success ? 'OK' : 'FAILED'),
|
||||
|
||||
_ip: req.headers['x-forwarded-for'] || req.connection.remoteAddress,
|
||||
_client_ip: ((req.body && req.body.ip) || (req.query && req.query.ip) || '').toString().substr(0, 40) || '',
|
||||
_remote_ip: req.headers['x-forwarded-for'] || req.connection.remoteAddress,
|
||||
|
||||
_ip: ((req.body && req.body.ip) || (req.query && req.query.ip) || '').toString().substr(0, 40) || '',
|
||||
_sess: ((req.body && req.body.sess) || (req.query && req.query.sess) || '').toString().substr(0, 40) || '',
|
||||
|
||||
_http_route: path,
|
||||
_http_method: req.method,
|
||||
|
@ -81,13 +83,7 @@ const serverOptions = {
|
|||
};
|
||||
|
||||
Object.keys(req.params || {}).forEach(key => {
|
||||
let value =
|
||||
typeof req.params[key] === 'string'
|
||||
? req.params[key]
|
||||
: util
|
||||
.inspect(req.params[key], false, 3)
|
||||
.toString()
|
||||
.trim();
|
||||
let value = typeof req.params[key] === 'string' ? req.params[key] : util.inspect(req.params[key], false, 3).toString().trim();
|
||||
|
||||
if (!value) {
|
||||
return;
|
||||
|
@ -111,13 +107,7 @@ const serverOptions = {
|
|||
if (!body || !['id'].includes(key)) {
|
||||
return;
|
||||
}
|
||||
value =
|
||||
typeof value === 'string'
|
||||
? value
|
||||
: util
|
||||
.inspect(value, false, 3)
|
||||
.toString()
|
||||
.trim();
|
||||
value = typeof value === 'string' ? value : util.inspect(value, false, 3).toString().trim();
|
||||
|
||||
if (value.length > 128) {
|
||||
value = value.substr(0, 128) + '…';
|
||||
|
@ -218,10 +208,7 @@ server.use(
|
|||
tokenRequired = true;
|
||||
if (accessToken && accessToken.length === 40 && /^[a-fA-F0-9]{40}$/.test(accessToken)) {
|
||||
let tokenData;
|
||||
let tokenHash = crypto
|
||||
.createHash('sha256')
|
||||
.update(accessToken)
|
||||
.digest('hex');
|
||||
let tokenHash = crypto.createHash('sha256').update(accessToken).digest('hex');
|
||||
|
||||
try {
|
||||
let key = 'tn:token:' + tokenHash;
|
||||
|
@ -251,10 +238,7 @@ server.use(
|
|||
};
|
||||
}
|
||||
|
||||
let signature = crypto
|
||||
.createHmac('sha256', config.api.accessControl.secret)
|
||||
.update(JSON.stringify(signData))
|
||||
.digest('hex');
|
||||
let signature = crypto.createHmac('sha256', config.api.accessControl.secret).update(JSON.stringify(signData)).digest('hex');
|
||||
|
||||
if (signature !== tokenData.s) {
|
||||
// rogue token or invalidated secret
|
||||
|
|
|
@ -405,7 +405,8 @@ class UserHandler {
|
|||
_username: username,
|
||||
_domain: userDomain,
|
||||
_scope: requiredScope,
|
||||
_ip: meta.ip
|
||||
_ip: meta.ip,
|
||||
_sess: meta.sess
|
||||
});
|
||||
return [false, false];
|
||||
}
|
||||
|
@ -425,7 +426,8 @@ class UserHandler {
|
|||
_username: username,
|
||||
_domain: userDomain,
|
||||
_scope: requiredScope,
|
||||
_ip: meta.ip
|
||||
_ip: meta.ip,
|
||||
_sess: meta.sess
|
||||
});
|
||||
// return as failed auth
|
||||
return [false, false];
|
||||
|
@ -439,7 +441,8 @@ class UserHandler {
|
|||
_username: username,
|
||||
_domain: userDomain,
|
||||
_scope: requiredScope,
|
||||
_ip: meta.ip
|
||||
_ip: meta.ip,
|
||||
_sess: meta.sess
|
||||
});
|
||||
throw rateLimitResponse(rateLimitRes);
|
||||
}
|
||||
|
@ -455,7 +458,8 @@ class UserHandler {
|
|||
_username: username,
|
||||
_domain: userDomain,
|
||||
_scope: requiredScope,
|
||||
_ip: meta.ip
|
||||
_ip: meta.ip,
|
||||
_sess: meta.sess
|
||||
});
|
||||
return [false, false];
|
||||
}
|
||||
|
@ -493,7 +497,8 @@ class UserHandler {
|
|||
_username: username,
|
||||
_domain: userDomain,
|
||||
_scope: requiredScope,
|
||||
_ip: meta.ip
|
||||
_ip: meta.ip,
|
||||
_sess: meta.sess
|
||||
});
|
||||
// return as failed auth
|
||||
return [false, false];
|
||||
|
@ -517,7 +522,8 @@ class UserHandler {
|
|||
_username: username,
|
||||
_domain: userDomain,
|
||||
_scope: requiredScope,
|
||||
_ip: meta.ip
|
||||
_ip: meta.ip,
|
||||
_sess: meta.sess
|
||||
});
|
||||
}
|
||||
|
||||
|
@ -530,7 +536,8 @@ class UserHandler {
|
|||
_username: username,
|
||||
_domain: userDomain,
|
||||
_scope: requiredScope,
|
||||
_ip: meta.ip
|
||||
_ip: meta.ip,
|
||||
_sess: meta.sess
|
||||
});
|
||||
throw rateLimitResponse(rateLimitRes);
|
||||
}
|
||||
|
@ -542,7 +549,8 @@ class UserHandler {
|
|||
_username: username,
|
||||
_domain: userDomain,
|
||||
_scope: requiredScope,
|
||||
_ip: meta.ip
|
||||
_ip: meta.ip,
|
||||
_sess: meta.sess
|
||||
});
|
||||
|
||||
// return as failed auth
|
||||
|
@ -568,7 +576,8 @@ class UserHandler {
|
|||
_domain: userDomain,
|
||||
_user: userData._id,
|
||||
_scope: requiredScope,
|
||||
_ip: meta.ip
|
||||
_ip: meta.ip,
|
||||
_sess: meta.sess
|
||||
});
|
||||
throw err;
|
||||
}
|
||||
|
@ -583,7 +592,8 @@ class UserHandler {
|
|||
_domain: userDomain,
|
||||
_user: userData._id,
|
||||
_scope: requiredScope,
|
||||
_ip: meta.ip
|
||||
_ip: meta.ip,
|
||||
_sess: meta.sess
|
||||
});
|
||||
|
||||
let err = rateLimitResponse(rateLimitRes);
|
||||
|
@ -603,7 +613,8 @@ class UserHandler {
|
|||
_domain: userDomain,
|
||||
_user: userData._id,
|
||||
_scope: requiredScope,
|
||||
_ip: meta.ip
|
||||
_ip: meta.ip,
|
||||
_sess: meta.sess
|
||||
});
|
||||
await this.logAuthEvent(userData._id, meta);
|
||||
return [false, userData._id];
|
||||
|
@ -621,7 +632,8 @@ class UserHandler {
|
|||
_domain: userDomain,
|
||||
_user: userData._id,
|
||||
_scope: requiredScope,
|
||||
_ip: meta.ip
|
||||
_ip: meta.ip,
|
||||
_sess: meta.sess
|
||||
});
|
||||
await this.logAuthEvent(userData._id, meta);
|
||||
return [false, userData._id];
|
||||
|
@ -645,7 +657,8 @@ class UserHandler {
|
|||
_password_type: passwordType,
|
||||
_password_id: passwordId,
|
||||
_scope: requiredScope,
|
||||
_ip: meta.ip
|
||||
_ip: meta.ip,
|
||||
_sess: meta.sess
|
||||
});
|
||||
|
||||
return [authResponse, userData._id];
|
||||
|
@ -951,7 +964,8 @@ class UserHandler {
|
|||
_password_type: passwordType,
|
||||
_password_id: passwordId,
|
||||
_scope: requiredScope,
|
||||
_ip: meta.ip
|
||||
_ip: meta.ip,
|
||||
_sess: meta.sess
|
||||
});
|
||||
|
||||
// increment rate limit counter on failure
|
||||
|
@ -3052,10 +3066,7 @@ class UserHandler {
|
|||
getMailboxes(language, defaults) {
|
||||
defaults = defaults || {};
|
||||
|
||||
let lcode = (language || '')
|
||||
.toLowerCase()
|
||||
.split('_')
|
||||
.shift();
|
||||
let lcode = (language || '').toLowerCase().split('_').shift();
|
||||
|
||||
let translation = lcode && mailboxTranslations.hasOwnProperty(lcode) ? mailboxTranslations[lcode] : mailboxTranslations.en;
|
||||
|
||||
|
@ -3324,10 +3335,7 @@ class UserHandler {
|
|||
}
|
||||
|
||||
async setAuthToken(user, accessToken) {
|
||||
let tokenHash = crypto
|
||||
.createHash('sha256')
|
||||
.update(accessToken)
|
||||
.digest('hex');
|
||||
let tokenHash = crypto.createHash('sha256').update(accessToken).digest('hex');
|
||||
let key = 'tn:token:' + tokenHash;
|
||||
let ttl = config.api.accessControl.tokenTTL || consts.ACCESS_TOKEN_DEFAULT_TTL;
|
||||
|
||||
|
@ -3359,11 +3367,7 @@ class UserHandler {
|
|||
.digest('hex')
|
||||
};
|
||||
|
||||
await this.redis
|
||||
.multi()
|
||||
.hmset(key, tokenData)
|
||||
.expire(key, ttl)
|
||||
.exec();
|
||||
await this.redis.multi().hmset(key, tokenData).expire(key, ttl).exec();
|
||||
|
||||
return accessToken;
|
||||
}
|
||||
|
@ -3383,10 +3387,7 @@ function rateLimitResponse(res) {
|
|||
|
||||
// high collision hash function
|
||||
function getStringSelector(str) {
|
||||
let hash = crypto
|
||||
.createHash('sha1')
|
||||
.update(str)
|
||||
.digest();
|
||||
let hash = crypto.createHash('sha1').update(str).digest();
|
||||
let sum = 0;
|
||||
for (let i = 0, len = hash.length; i < len; i++) {
|
||||
sum += hash[i];
|
||||
|
|
|
@ -45,7 +45,7 @@
|
|||
"humanname": "0.2.2",
|
||||
"iconv-lite": "0.5.1",
|
||||
"ioredfour": "1.0.2-ioredis-02",
|
||||
"ioredis": "4.16.0",
|
||||
"ioredis": "4.16.1",
|
||||
"isemail": "3.2.0",
|
||||
"joi": "14.3.1",
|
||||
"js-yaml": "3.13.1",
|
||||
|
@ -72,7 +72,7 @@
|
|||
"speakeasy": "2.0.0",
|
||||
"u2f": "0.1.3",
|
||||
"utf7": "1.0.2",
|
||||
"uuid": "7.0.2",
|
||||
"uuid": "7.0.3",
|
||||
"wild-config": "1.5.0",
|
||||
"yargs": "15.3.1"
|
||||
},
|
||||
|
|
Loading…
Reference in a new issue