From aae62aae08c7581822db0318dba21782d613b4bb Mon Sep 17 00:00:00 2001 From: dzaikos Date: Sat, 25 Aug 2018 16:59:17 -0400 Subject: [PATCH] Added remote client IP to API login failure error message. Addresses #205 Changed error level reporting on API login failure to Error from Info to match the web login reporting. --- middleware/basic_auth.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/middleware/basic_auth.go b/middleware/basic_auth.go index c02913fa..9c3d8daa 100644 --- a/middleware/basic_auth.go +++ b/middleware/basic_auth.go @@ -8,6 +8,7 @@ import ( "context" "net/http" + "miniflux.app/http/request" "miniflux.app/http/response/json" "miniflux.app/logger" ) @@ -17,6 +18,8 @@ func (m *Middleware) BasicAuth(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`) + remoteAddr := request.RealIP(r) + username, password, authOK := r.BasicAuth() if !authOK { logger.Debug("[Middleware:BasicAuth] No authentication headers sent") @@ -25,7 +28,7 @@ func (m *Middleware) BasicAuth(next http.Handler) http.Handler { } if err := m.store.CheckPassword(username, password); err != nil { - logger.Info("[Middleware:BasicAuth] Invalid username or password: %s", username) + logger.Error("[Middleware:BasicAuth] [Remote=%v] Invalid username or password: %s", remoteAddr, username) json.Unauthorized(w) return } @@ -38,7 +41,7 @@ func (m *Middleware) BasicAuth(next http.Handler) http.Handler { } if user == nil { - logger.Info("[Middleware:BasicAuth] User not found: %s", username) + logger.Error("[Middleware:BasicAuth] [Remote=%v] User not found: %s", remoteAddr, username) json.Unauthorized(w) return }