Winsomnia/MireaBackend
1
0
Fork 0
Code Pull Requests Actions Projects Releases Activity

feat: improve logging
All checks were successful
.NET Test Pipeline / build-and-test (push) Successful in 1m12s
Details
Build and Deploy Docker Container / build-and-deploy (push) Successful in 2m11s
Details

Browse Source
This commit is contained in:
Polianin Nikita 2024-12-23 07:48:28 +03:00
parent 053f01eec1
commit 5ff8744a55
3 changed files with 26 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Endpoint/Configuration/Core/Startup/LoggerConfiguration.cs
View File

@ -65,7 +65,10 @@ public static class LoggerConfiguration
return app.Use(async (context, next) =>
{
var traceId = Activity.Current?.Id ?? context.TraceIdentifier;
using (LogContext.PushProperty("TraceId", traceId))
using (LogContext.PushProperty("UserAgent", context.Request.Headers.UserAgent.ToString()))
using (LogContext.PushProperty("RemoteIPAddress", context.Connection.RemoteIpAddress?.ToString()))
{
await next();
}

15
Security/Services/AuthService.cs
View File

@ -63,19 +63,16 @@ public class AuthService(ICacheService cache, IAccessToken accessTokenService, I
if (countFailedLogin > 5)
{
logger.LogWarning(
"Multiple unsuccessful login attempts for user ID {UserId} from IP {UserIp}. Attempt count: {AttemptNumber}.",
"Multiple unsuccessful login attempts for user ID {UserId}. Attempt count: {AttemptNumber}.",
user.Id,
requestContext.Ip,
countFailedLogin);
throw new SecurityException("Too many unsuccessful login attempts. Please try again later.");
}
logger.LogInformation(
"Login attempt failed for user ID {UserId}. IP: {UserIp}, User-Agent: {UserAgent}, Fingerprint: {Fingerprint}. Attempt count: {AttemptNumber}.",
"Login attempt failed for user ID {UserId}. Fingerprint: {Fingerprint}. Attempt count: {AttemptNumber}.",
user.Id,
requestContext.Ip,
requestContext.UserAgent,
requestContext.Fingerprint,
countFailedLogin);
@ -100,10 +97,8 @@ public class AuthService(ICacheService cache, IAccessToken accessTokenService, I
cookieOptions.SetCookie(context, CookieNames.RefreshToken, authToken.RefreshToken, DateTime.UtcNow.Add(Lifetime));
logger.LogInformation(
"Login successful for user ID {UserId}. IP: {UserIp}, User-Agent: {UserAgent}, Fingerprint: {Fingerprint}.",
"Login successful for user ID {UserId}. Fingerprint: {Fingerprint}.",
authToken.UserId,
authToken.Ip,
authToken.UserAgent,
authToken.Fingerprint);
}
@ -184,10 +179,8 @@ public class AuthService(ICacheService cache, IAccessToken accessTokenService, I
cookieOptions.DropCookie(context, CookieNames.AccessToken);
cookieOptions.DropCookie(context, CookieNames.RefreshToken);
logger.LogWarning("Token validation failed for user ID {UserId}. IP: {UserIp}, User-Agent: {UserAgent}, Fingerprint: {Fingerprint}. Reason: {Reason}.",
logger.LogWarning("Token validation failed for user ID {UserId}. Fingerprint: {Fingerprint}. Reason: {Reason}.",
authToken.UserId,
authToken.Ip,
authToken.UserAgent,
authToken.Fingerprint,
authToken.RefreshToken != requestContext.RefreshToken ?
$"Cached refresh token '{authToken.RefreshToken}' does not match the provided refresh token '{requestContext.RefreshToken}'" :

28
Security/Services/OAuthService.cs
View File

@ -110,21 +110,25 @@ public class OAuthService(ILogger<OAuthService> logger, Dictionary<OAuthProvider
{
var (clientId, _) = providers[provider];
var requestInfo = new RequestContextInfo(context, cookieOptions);
var state = GetHmacString(requestInfo, secretKey);
var redirectUrl = $"?client_id={clientId}" +
"&response_type=code" +
$"&redirect_uri={redirectUri}" +
$"&scope={ProviderData[provider].Scope}" +
$"&state={GetHmacString(new RequestContextInfo(context, cookieOptions), secretKey)}_{Enum.GetName(provider)}";
$"&state={state}_{Enum.GetName(provider)}";
logger.LogInformation("Redirecting user Fingerprint: {Fingerprint} to OAuth provider {Provider} with state: {State}",
requestInfo.Fingerprint,
provider,
state);
return new Uri(ProviderData[provider].RedirectUrl + redirectUrl);
}
public (OAuthProvider Provider, Uri Redirect)[] GetAvailableProviders(string redirectUri)
{
return [.. providers.Select(x => (x.Key, new Uri(redirectUri.TrimEnd('/') + "/?provider=" + (int)x.Key)))];
}
public (OAuthProvider Provider, Uri Redirect)[] GetAvailableProviders(string redirectUri) =>
[.. providers.Select(x => (x.Key, new Uri(redirectUri.TrimEnd('/') + "/?provider=" + (int)x.Key)))];
public async Task<(OAuthProvider provider, OAuthUser User)> LoginOAuth(HttpContext context, CookieOptionsParameters cookieOptions, string redirectUrl, string code, string state, CancellationToken cancellation = default)
{
@ -139,11 +143,17 @@ public class OAuthService(ILogger<OAuthService> logger, Dictionary<OAuthProvider
}
var secretStateData = string.Join("_", partsState.SkipLast(1));
var secretData = GetHmacString(new RequestContextInfo(context, cookieOptions), secretKey);
var requestInfo = new RequestContextInfo(context, cookieOptions);
var secretData = GetHmacString(requestInfo, secretKey);
if (secretData != secretStateData)
{
logger.LogWarning("Fingerprint mismatch. Possible CSRF attack detected.");
logger.LogWarning(
"Fingerprint mismatch. Possible CSRF attack detected. Fingerprint: {Fingerprint}, State: {State}, ExpectedState: {ExpectedState}",
requestInfo.Fingerprint,
secretData,
secretStateData
);
throw new SecurityException("Suspicious activity detected. Please try again.");
}
@ -154,7 +164,7 @@ public class OAuthService(ILogger<OAuthService> logger, Dictionary<OAuthProvider
}
catch (Exception ex)
{
logger.LogWarning(ex, "Failed to exchange authorization code for tokens with provider {Provider}", provider);
logger.LogWarning(ex, "Failed to exchange code for access token with provider {Provider}. State: {State}", provider, state);
}
if (accessToken == null)