borg/drone-detector
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix jwt-token

Browse Source
This commit is contained in:
Alexander Borg
2025-09-24 04:57:07 +02:00
parent 02ce9d343b
commit 6c28330af3
6 changed files with 772 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
server/routes/user.js
View File

@@ -391,9 +391,14 @@ router.get('/', authenticateToken, requireRole(['admin']), async (req, res) => {
* Called by multi-tenant auth middleware
*/
async function loginLocal(req, res, next) {
const securityLogger = require('../services/securityLogService');
try {
// Validate required fields
if (!req.body.username || !req.body.password) {
// Log validation failure
await securityLogger.logFailedLogin(req, req.body.username || 'unknown', 'Missing credentials');
return res.status(400).json({
success: false,
message: 'Validation error for field' +
@@ -444,6 +449,10 @@ async function loginLocal(req, res, next) {
if (!user) {
console.log(`❌ Authentication failed for "${username}" in tenant "${req.tenant?.id}" - User not found`);
// Log failed login attempt
await securityLogger.logFailedLogin(req, username, 'User not found');
return res.status(401).json({
success: false,
message: 'Invalid credentials'
@@ -452,6 +461,10 @@ async function loginLocal(req, res, next) {
if (!user.is_active) {
console.log(`❌ Authentication failed for "${username}" in tenant "${req.tenant?.id}" - Account is inactive`);
// Log failed login attempt
await securityLogger.logFailedLogin(req, username, 'Account is inactive');
return res.status(401).json({
success: false,
message: 'Account is inactive'
@@ -462,6 +475,10 @@ async function loginLocal(req, res, next) {
if (!passwordMatch) {
console.log(`❌ Authentication failed for "${username}" in tenant "${req.tenant?.id}" - Invalid password`);
// Log failed login attempt
await securityLogger.logFailedLogin(req, username, 'Invalid password');
return res.status(401).json({
success: false,
message: 'Invalid credentials'
@@ -470,6 +487,13 @@ async function loginLocal(req, res, next) {
console.log(`✅ Authentication successful for "${username}" in tenant "${req.tenant?.id}"`);
// Check if this IP had recent failed attempts
const clientIP = securityLogger.getRealClientIP(req) || securityLogger.getClientIP(req);
const hadRecentFailures = securityLogger.hadRecentFailedAttempts(clientIP);
// Log successful login
await securityLogger.logSuccessfulLogin(req, user, hadRecentFailures);
// Update last login
await user.update({ last_login: new Date() });