add warn log on rejected email auth validation #1139 (reply in thread)

umputun · Aug 16, 2022 · cb98885 · cb98885
1 parent 7e0445c
commit cb98885
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 4 deletions.
diff --git a/backend/app/rest/api/rest.go b/backend/app/rest/api/rest.go
@@ -228,7 +228,7 @@ func (s *Rest) routes() chi.Router {
 	router.Group(func(r chi.Router) {
 		r.Use(middleware.Timeout(5 * time.Second))
 		r.Use(logInfoWithBody, tollbooth_chi.LimitHandler(tollbooth.NewLimiter(2, nil)), middleware.NoCache)
-		r.Use(validEmaiAuth()) // reject suspicious email logins
+		r.Use(validEmailAuth()) // reject suspicious email logins
 		r.Mount("/auth", authHandler)
 	})
 
@@ -646,9 +646,9 @@ func subscribersOnly(enable bool) func(http.Handler) http.Handler {
 	}
 }
 
-// validEmaiAuth is a middleware for auth endpoints for email method.
+// validEmailAuth is a middleware for auth endpoints for email method.
 // it rejects login request if user, site or email are suspicious
-func validEmaiAuth() func(http.Handler) http.Handler {
+func validEmailAuth() func(http.Handler) http.Handler {
 
 	reUser := regexp.MustCompile(`^[\p{L}\d\s_]{4,64}$`) // matches ui side validation, adding min/max limitation
 	reSite := regexp.MustCompile(`^[a-zA-Z\d\s_]{1,64}$`)
@@ -664,20 +664,23 @@ func validEmaiAuth() func(http.Handler) http.Handler {
 
 			if u := r.URL.Query().Get("user"); u != "" {
 				if !reUser.MatchString(u) {
+					log.Printf("[WARN] suspicious user rejected: %s", u)
 					http.Error(w, "Access denied", http.StatusForbidden)
 					return
 				}
 			}
 
 			if a := r.URL.Query().Get("address"); a != "" {
 				if _, err := mail.ParseAddress(a); err != nil {
+					log.Printf("[WARN] suspicious address rejected: %s", a)
 					http.Error(w, "Access denied", http.StatusForbidden)
 					return
 				}
 			}
 
 			if s := r.URL.Query().Get("site"); s != "" {
 				if !reSite.MatchString(s) {
+					log.Printf("[WARN] suspicious site rejected: %s", s)
 					http.Error(w, "Access denied", http.StatusForbidden)
 					return
 				}

diff --git a/backend/app/rest/api/rest_test.go b/backend/app/rest/api/rest_test.go
@@ -394,7 +394,7 @@ func Test_validEmaiAuth(t *testing.T) {
 		t.Run(strconv.Itoa(i), func(t *testing.T) {
 			req := httptest.NewRequest("GET", "http://example.com"+tt.req, http.NoBody)
 			w := httptest.NewRecorder()
-			h := validEmaiAuth()(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {}))
+			h := validEmailAuth()(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {}))
 			h.ServeHTTP(w, req)
 			resp := w.Result()
 			assert.Equal(t, tt.status, resp.StatusCode)