Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Logins log for Fail2Ban #986

Merged
merged 6 commits into from
Sep 24, 2023
Merged

feat: Logins log for Fail2Ban #986

merged 6 commits into from
Sep 24, 2023

Conversation

berry-13
Copy link
Collaborator

I'm not sure if this is the function that was requested, which is why I welcome ideas on how to improve it. Every time a login fails, the logs are both displayed in the console and saved in the root folder in a file named login-logs.txt #985

logs:

{"level":"error","message":"Passport Local Strategy - Password does not match","parameters":[{"name":"isMatch","value":false}],"timestamp":"2023-09-23T23:24:38.786Z"}
{"level":"error","message":"[Login] [Login failed] [Username: myemail@test.com] [Request-IP: 45.xx.xx.238]","timestamp":"2023-09-23T23:24:38.786Z"}

Change Type

  • New feature (non-breaking change which adds functionality)

Testing

check if the log and the .txt works properly

Test Configuration:

Checklist

  • My code adheres to this project's style guidelines
  • I have performed a self-review of my own code
  • I have commented in any complex areas of my code
  • I have made pertinent documentation changes
  • My changes do not introduce new warnings
  • I have written tests demonstrating that my changes are effective or that my feature works
  • Local unit tests pass with my changes
  • Any changes dependent on mine have been merged and published in downstream modules.

danny-avila
danny-avila requested changes Sep 24, 2023
View reviewed changes
api/strategies/localStrategy.js Outdated Show resolved Hide resolved
package.json Outdated Show resolved Hide resolved
@danny-avila danny-avila linked an issue Sep 24, 2023 that may be closed by this pull request
Enhancement: [Failed] Logins log for Fail2Ban #985
Closed
1 task
@danny-avila danny-avila merged commit 1bf6c25 into danny-avila:main Sep 24, 2023
2 checks passed
@berry-13 berry-13 deleted the login-log branch September 24, 2023 16:35
@XHyperDEVX
Copy link
Contributor

it works, but... the log works if you enter wrong logical data. e.g. username: 123@456.com password: 123456789
but with wrong non logical data, like username: 123 password: 123 [which doesn't work because the username has to be an email and the password has to be min. 8 characters long] it won't be logged! i think that would be important to add.

XHyperDEVX
XHyperDEVX reviewed Sep 24, 2023
View reviewed changes
api/strategies/localStrategy.js Outdated
format: winston.format.combine(winston.format.timestamp(), winston.format.json()),
transports: [
new winston.transports.Console(),
new winston.transports.File({ filename: 'login-logs.log' }),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

here e.g. /logins/login-logs.txt instead of just login-logs.txt
-> for better handling when using logrotate

@berry-13
Copy link
Collaborator Author

I know, I did it on purpose this way! I thought the logs would help you understand if someone wanted to attempt to brute force the password, etc..

@XHyperDEVX
Copy link
Contributor

I know, I did it on purpose this way! I thought the logs would help you understand if someone wanted to attempt to brute force the password, etc..

No, the wish was to make librechat compatible with fail2ban xD

@danny-avila
Copy link
Owner

it works, but... the log works if you enter wrong logical data. e.g. username: 123@456.com password: 123456789 but with wrong non logical data, like username: 123 password: 123 [which doesn't work because the username has to be an email and the password has to be min. 8 characters long] it won't be logged! i think that would be important to add.

this is a good point, it should count as a login fail when the validation fails @berry-13

@berry-13 berry-13 restored the login-log branch September 24, 2023 17:17
@berry-13 berry-13 deleted the login-log branch October 29, 2023 11:03
cnkang pushed a commit to cnkang/LibreChat that referenced this pull request Feb 6, 2024
@berry-13
feat: Logins log for Fail2Ban (danny-avila#986)
501f161 
* login logs and output

* fix(merge)

* fix(wiston) unistall

* fix(winston) installation in api

* fix(logger) new module
jinzishuai pushed a commit to aitok-ai/LibreChat that referenced this pull request May 20, 2024
@berry-13
feat: Logins log for Fail2Ban (danny-avila#986)
b6f559b 
* login logs and output

* fix(merge)

* fix(wiston) unistall

* fix(winston) installation in api

* fix(logger) new module
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@XHyperDEVX XHyperDEVX XHyperDEVX left review comments

@danny-avila danny-avila danny-avila approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Enhancement: [Failed] Logins log for Fail2Ban
3 participants
@berry-13 @XHyperDEVX @danny-avila