From 03ef9220762ead9fdfc4e18863a5dbf8a562d79e Mon Sep 17 00:00:00 2001 From: NB Kelly Date: Thu, 2 Jan 2025 17:29:42 +1300 Subject: [PATCH] log ip address on login --- src/clj/web/auth.clj | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/src/clj/web/auth.clj b/src/clj/web/auth.clj index 5c9c567938..e7b40ad71e 100644 --- a/src/clj/web/auth.clj +++ b/src/clj/web/auth.clj @@ -98,14 +98,23 @@ (defn login-handler [{db :system/db auth :system/auth - {:keys [username password]} :params}] - (let [user (mc/find-one-as-map db "users" {:username username})] + {:keys [username password]} :params + remote-address :remote-addr + headers :headers}] + ;; note - if the user is behind a proxy, their IP will be the first on in x-forwarded-for + ;; otherwise it will just be the remote-addr key for the request. + ;; I'm hoping the nginx reverese proxy plays nice with this... + (let [client-ip (if-let [ips (get-in headers ["x-forwarded-for"])] + (-> ips (str/split #",") first) + remote-address) + user (mc/find-one-as-map db "users" {:username username})] (cond (and user (:banned user)) (response 403 {:error (or @banned-msg "Account Locked")}) (and user (password/check password (:password user))) (do (mc/update db "users" {:username username} - {"$set" {:lastConnection (inst/now)}}) + {"$set" {:lastConnection (inst/now) + :lastIpAddress (str client-ip)}}) (assoc (response 200 {:message "ok"}) :cookies {"session" (merge {:value (create-token auth user)} (:cookie auth))}))