From 414962342b9bac179a42646af92134a4cd6a38dc Mon Sep 17 00:00:00 2001 From: Andris Reinman Date: Wed, 8 Apr 2020 11:57:48 +0300 Subject: [PATCH] Log ip and sess to Graylog --- .prettierrc.js | 5 +++- api.js | 32 ++++++----------------- lib/user-handler.js | 63 +++++++++++++++++++++++---------------------- package.json | 4 +-- 4 files changed, 46 insertions(+), 58 deletions(-) diff --git a/.prettierrc.js b/.prettierrc.js index 566518a..3f83654 100644 --- a/.prettierrc.js +++ b/.prettierrc.js @@ -1,5 +1,8 @@ module.exports = { printWidth: 160, tabWidth: 4, - singleQuote: true + singleQuote: true, + endOfLine: 'lf', + trailingComma: 'none', + arrowParens: 'avoid' }; diff --git a/api.js b/api.js index be7af5b..d82198b 100644 --- a/api.js +++ b/api.js @@ -64,8 +64,10 @@ const serverOptions = { let message = { short_message: 'HTTP [' + req.method + ' ' + path + '] ' + (body.success ? 'OK' : 'FAILED'), - _ip: req.headers['x-forwarded-for'] || req.connection.remoteAddress, - _client_ip: ((req.body && req.body.ip) || (req.query && req.query.ip) || '').toString().substr(0, 40) || '', + _remote_ip: req.headers['x-forwarded-for'] || req.connection.remoteAddress, + + _ip: ((req.body && req.body.ip) || (req.query && req.query.ip) || '').toString().substr(0, 40) || '', + _sess: ((req.body && req.body.sess) || (req.query && req.query.sess) || '').toString().substr(0, 40) || '', _http_route: path, _http_method: req.method, @@ -81,13 +83,7 @@ const serverOptions = { }; Object.keys(req.params || {}).forEach(key => { - let value = - typeof req.params[key] === 'string' - ? req.params[key] - : util - .inspect(req.params[key], false, 3) - .toString() - .trim(); + let value = typeof req.params[key] === 'string' ? req.params[key] : util.inspect(req.params[key], false, 3).toString().trim(); if (!value) { return; @@ -111,13 +107,7 @@ const serverOptions = { if (!body || !['id'].includes(key)) { return; } - value = - typeof value === 'string' - ? value - : util - .inspect(value, false, 3) - .toString() - .trim(); + value = typeof value === 'string' ? value : util.inspect(value, false, 3).toString().trim(); if (value.length > 128) { value = value.substr(0, 128) + '…'; @@ -218,10 +208,7 @@ server.use( tokenRequired = true; if (accessToken && accessToken.length === 40 && /^[a-fA-F0-9]{40}$/.test(accessToken)) { let tokenData; - let tokenHash = crypto - .createHash('sha256') - .update(accessToken) - .digest('hex'); + let tokenHash = crypto.createHash('sha256').update(accessToken).digest('hex'); try { let key = 'tn:token:' + tokenHash; @@ -251,10 +238,7 @@ server.use( }; } - let signature = crypto - .createHmac('sha256', config.api.accessControl.secret) - .update(JSON.stringify(signData)) - .digest('hex'); + let signature = crypto.createHmac('sha256', config.api.accessControl.secret).update(JSON.stringify(signData)).digest('hex'); if (signature !== tokenData.s) { // rogue token or invalidated secret diff --git a/lib/user-handler.js b/lib/user-handler.js index ce8efc6..dd86930 100644 --- a/lib/user-handler.js +++ b/lib/user-handler.js @@ -405,7 +405,8 @@ class UserHandler { _username: username, _domain: userDomain, _scope: requiredScope, - _ip: meta.ip + _ip: meta.ip, + _sess: meta.sess }); return [false, false]; } @@ -425,7 +426,8 @@ class UserHandler { _username: username, _domain: userDomain, _scope: requiredScope, - _ip: meta.ip + _ip: meta.ip, + _sess: meta.sess }); // return as failed auth return [false, false]; @@ -439,7 +441,8 @@ class UserHandler { _username: username, _domain: userDomain, _scope: requiredScope, - _ip: meta.ip + _ip: meta.ip, + _sess: meta.sess }); throw rateLimitResponse(rateLimitRes); } @@ -455,7 +458,8 @@ class UserHandler { _username: username, _domain: userDomain, _scope: requiredScope, - _ip: meta.ip + _ip: meta.ip, + _sess: meta.sess }); return [false, false]; } @@ -493,7 +497,8 @@ class UserHandler { _username: username, _domain: userDomain, _scope: requiredScope, - _ip: meta.ip + _ip: meta.ip, + _sess: meta.sess }); // return as failed auth return [false, false]; @@ -517,7 +522,8 @@ class UserHandler { _username: username, _domain: userDomain, _scope: requiredScope, - _ip: meta.ip + _ip: meta.ip, + _sess: meta.sess }); } @@ -530,7 +536,8 @@ class UserHandler { _username: username, _domain: userDomain, _scope: requiredScope, - _ip: meta.ip + _ip: meta.ip, + _sess: meta.sess }); throw rateLimitResponse(rateLimitRes); } @@ -542,7 +549,8 @@ class UserHandler { _username: username, _domain: userDomain, _scope: requiredScope, - _ip: meta.ip + _ip: meta.ip, + _sess: meta.sess }); // return as failed auth @@ -568,7 +576,8 @@ class UserHandler { _domain: userDomain, _user: userData._id, _scope: requiredScope, - _ip: meta.ip + _ip: meta.ip, + _sess: meta.sess }); throw err; } @@ -583,7 +592,8 @@ class UserHandler { _domain: userDomain, _user: userData._id, _scope: requiredScope, - _ip: meta.ip + _ip: meta.ip, + _sess: meta.sess }); let err = rateLimitResponse(rateLimitRes); @@ -603,7 +613,8 @@ class UserHandler { _domain: userDomain, _user: userData._id, _scope: requiredScope, - _ip: meta.ip + _ip: meta.ip, + _sess: meta.sess }); await this.logAuthEvent(userData._id, meta); return [false, userData._id]; @@ -621,7 +632,8 @@ class UserHandler { _domain: userDomain, _user: userData._id, _scope: requiredScope, - _ip: meta.ip + _ip: meta.ip, + _sess: meta.sess }); await this.logAuthEvent(userData._id, meta); return [false, userData._id]; @@ -645,7 +657,8 @@ class UserHandler { _password_type: passwordType, _password_id: passwordId, _scope: requiredScope, - _ip: meta.ip + _ip: meta.ip, + _sess: meta.sess }); return [authResponse, userData._id]; @@ -951,7 +964,8 @@ class UserHandler { _password_type: passwordType, _password_id: passwordId, _scope: requiredScope, - _ip: meta.ip + _ip: meta.ip, + _sess: meta.sess }); // increment rate limit counter on failure @@ -3052,10 +3066,7 @@ class UserHandler { getMailboxes(language, defaults) { defaults = defaults || {}; - let lcode = (language || '') - .toLowerCase() - .split('_') - .shift(); + let lcode = (language || '').toLowerCase().split('_').shift(); let translation = lcode && mailboxTranslations.hasOwnProperty(lcode) ? mailboxTranslations[lcode] : mailboxTranslations.en; @@ -3324,10 +3335,7 @@ class UserHandler { } async setAuthToken(user, accessToken) { - let tokenHash = crypto - .createHash('sha256') - .update(accessToken) - .digest('hex'); + let tokenHash = crypto.createHash('sha256').update(accessToken).digest('hex'); let key = 'tn:token:' + tokenHash; let ttl = config.api.accessControl.tokenTTL || consts.ACCESS_TOKEN_DEFAULT_TTL; @@ -3359,11 +3367,7 @@ class UserHandler { .digest('hex') }; - await this.redis - .multi() - .hmset(key, tokenData) - .expire(key, ttl) - .exec(); + await this.redis.multi().hmset(key, tokenData).expire(key, ttl).exec(); return accessToken; } @@ -3383,10 +3387,7 @@ function rateLimitResponse(res) { // high collision hash function function getStringSelector(str) { - let hash = crypto - .createHash('sha1') - .update(str) - .digest(); + let hash = crypto.createHash('sha1').update(str).digest(); let sum = 0; for (let i = 0, len = hash.length; i < len; i++) { sum += hash[i]; diff --git a/package.json b/package.json index 9d893ad..3171a21 100644 --- a/package.json +++ b/package.json @@ -45,7 +45,7 @@ "humanname": "0.2.2", "iconv-lite": "0.5.1", "ioredfour": "1.0.2-ioredis-02", - "ioredis": "4.16.0", + "ioredis": "4.16.1", "isemail": "3.2.0", "joi": "14.3.1", "js-yaml": "3.13.1", @@ -72,7 +72,7 @@ "speakeasy": "2.0.0", "u2f": "0.1.3", "utf7": "1.0.2", - "uuid": "7.0.2", + "uuid": "7.0.3", "wild-config": "1.5.0", "yargs": "15.3.1" },