diff options
Diffstat (limited to 'internal/api/middleware.go')
| -rw-r--r-- | internal/api/middleware.go | 57 |
1 files changed, 46 insertions, 11 deletions
diff --git a/internal/api/middleware.go b/internal/api/middleware.go index 73c96f5e..eeadc3a0 100644 --- a/internal/api/middleware.go +++ b/internal/api/middleware.go @@ -5,11 +5,11 @@ package api // import "miniflux.app/v2/internal/api" import ( "context" + "log/slog" "net/http" "miniflux.app/v2/internal/http/request" "miniflux.app/v2/internal/http/response/json" - "miniflux.app/v2/internal/logger" "miniflux.app/v2/internal/storage" ) @@ -40,25 +40,37 @@ func (m *middleware) apiKeyAuth(next http.Handler) http.Handler { token := r.Header.Get("X-Auth-Token") if token == "" { - logger.Debug("[API][TokenAuth] [ClientIP=%s] No API Key provided, go to the next middleware", clientIP) + slog.Debug("[API] Skipped API token authentication because no API Key has been provided", + slog.String("client_ip", clientIP), + slog.String("user_agent", r.UserAgent()), + ) next.ServeHTTP(w, r) return } user, err := m.store.UserByAPIKey(token) if err != nil { - logger.Error("[API][TokenAuth] %v", err) json.ServerError(w, r, err) return } if user == nil { - logger.Error("[API][TokenAuth] [ClientIP=%s] No user found with the given API key", clientIP) + slog.Warn("[API] No user found with the provided API key", + slog.Bool("authentication_failed", true), + slog.String("client_ip", clientIP), + slog.String("user_agent", r.UserAgent()), + ) json.Unauthorized(w, r) return } - logger.Info("[API][TokenAuth] [ClientIP=%s] User authenticated: %s", clientIP, user.Username) + slog.Info("[API] User authenticated successfully with the API Token Authentication", + slog.Bool("authentication_successful", true), + slog.String("client_ip", clientIP), + slog.String("user_agent", r.UserAgent()), + slog.String("username", user.Username), + ) + m.store.SetLastLogin(user.ID) m.store.SetAPIKeyUsedTimestamp(user.ID, token) @@ -84,37 +96,60 @@ func (m *middleware) basicAuth(next http.Handler) http.Handler { clientIP := request.ClientIP(r) username, password, authOK := r.BasicAuth() if !authOK { - logger.Debug("[API][BasicAuth] [ClientIP=%s] No authentication headers sent", clientIP) + slog.Warn("[API] No Basic HTTP Authentication header sent with the request", + slog.Bool("authentication_failed", true), + slog.String("client_ip", clientIP), + slog.String("user_agent", r.UserAgent()), + ) json.Unauthorized(w, r) return } if username == "" || password == "" { - logger.Error("[API][BasicAuth] [ClientIP=%s] Empty username or password", clientIP) + slog.Warn("[API] Empty username or password provided during Basic HTTP Authentication", + slog.Bool("authentication_failed", true), + slog.String("client_ip", clientIP), + slog.String("user_agent", r.UserAgent()), + ) json.Unauthorized(w, r) return } if err := m.store.CheckPassword(username, password); err != nil { - logger.Error("[API][BasicAuth] [ClientIP=%s] Invalid username or password: %s", clientIP, username) + slog.Warn("[API] Invalid username or password provided during Basic HTTP Authentication", + slog.Bool("authentication_failed", true), + slog.String("client_ip", clientIP), + slog.String("user_agent", r.UserAgent()), + slog.String("username", username), + ) json.Unauthorized(w, r) return } user, err := m.store.UserByUsername(username) if err != nil { - logger.Error("[API][BasicAuth] %v", err) json.ServerError(w, r, err) return } if user == nil { - logger.Error("[API][BasicAuth] [ClientIP=%s] User not found: %s", clientIP, username) + slog.Warn("[API] User not found while using Basic HTTP Authentication", + slog.Bool("authentication_failed", true), + slog.String("client_ip", clientIP), + slog.String("user_agent", r.UserAgent()), + slog.String("username", username), + ) json.Unauthorized(w, r) return } - logger.Info("[API][BasicAuth] [ClientIP=%s] User authenticated: %s", clientIP, username) + slog.Info("[API] User authenticated successfully with the Basic HTTP Authentication", + slog.Bool("authentication_successful", true), + slog.String("client_ip", clientIP), + slog.String("user_agent", r.UserAgent()), + slog.String("username", username), + ) + m.store.SetLastLogin(user.ID) ctx := r.Context() |