diff options
Diffstat (limited to 'app/controllers/login.go')
| -rw-r--r-- | app/controllers/login.go | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/app/controllers/login.go b/app/controllers/login.go index 603eb20..f59789f 100644 --- a/app/controllers/login.go +++ b/app/controllers/login.go | |||
| @@ -13,6 +13,21 @@ import ( | |||
| 13 | "github.com/go-webauthn/webauthn/protocol" | 13 | "github.com/go-webauthn/webauthn/protocol" |
| 14 | "github.com/go-webauthn/webauthn/webauthn" | 14 | "github.com/go-webauthn/webauthn/webauthn" |
| 15 | "github.com/labstack/echo/v4" | 15 | "github.com/labstack/echo/v4" |
| 16 | "github.com/prometheus/client_golang/prometheus" | ||
| 17 | "github.com/prometheus/client_golang/prometheus/promauto" | ||
| 18 | ) | ||
| 19 | |||
| 20 | var ( | ||
| 21 | loginError = promauto.NewCounterVec(prometheus.CounterOpts{ | ||
| 22 | Namespace: "ssh_proxy", | ||
| 23 | Name: "login_error", | ||
| 24 | Help: "Total number of errors during login operation", | ||
| 25 | }, []string{"type"}) | ||
| 26 | loginSuccess = promauto.NewCounter(prometheus.CounterOpts{ | ||
| 27 | Namespace: "ssh_proxy", | ||
| 28 | Name: "login_success", | ||
| 29 | Help: "Total number of successful logins", | ||
| 30 | }) | ||
| 16 | ) | 31 | ) |
| 17 | 32 | ||
| 18 | type LoginController[T app.AppSession] struct { | 33 | type LoginController[T app.AppSession] struct { |
| @@ -57,6 +72,7 @@ func (a *LoginController[T]) HandleFinish(c echo.Context) error { | |||
| 57 | user, err := a.Users.Get(ctx, c.Param("username")) | 72 | user, err := a.Users.Get(ctx, c.Param("username")) |
| 58 | if err != nil { | 73 | if err != nil { |
| 59 | a.Logger.Errorf("Error getting user: %s", err) | 74 | a.Logger.Errorf("Error getting user: %s", err) |
| 75 | loginError.With(prometheus.Labels{"type": "no_user"}).Inc() | ||
| 60 | return c.NoContent(http.StatusNotFound) | 76 | return c.NoContent(http.StatusNotFound) |
| 61 | } | 77 | } |
| 62 | 78 | ||
| @@ -76,6 +92,7 @@ func (a *LoginController[T]) HandleFinish(c echo.Context) error { | |||
| 76 | 92 | ||
| 77 | if _, err := a.Webauthn.ValidateLogin(user, *s.WebauthnSession, response); err != nil { | 93 | if _, err := a.Webauthn.ValidateLogin(user, *s.WebauthnSession, response); err != nil { |
| 78 | a.Logger.Errorf("Error validating login: %s", err) | 94 | a.Logger.Errorf("Error validating login: %s", err) |
| 95 | loginError.With(prometheus.Labels{"type": "webauthn_invalid"}).Inc() | ||
| 79 | return c.NoContent(http.StatusBadRequest) | 96 | return c.NoContent(http.StatusBadRequest) |
| 80 | } | 97 | } |
| 81 | 98 | ||
| @@ -96,11 +113,13 @@ func (a *LoginController[T]) HandleFinish(c echo.Context) error { | |||
| 96 | authSession, err := a.AuthSessions.GetByUserCode(ctx, code.Code) | 113 | authSession, err := a.AuthSessions.GetByUserCode(ctx, code.Code) |
| 97 | if err != nil { | 114 | if err != nil { |
| 98 | a.Logger.Errorf("No auth session exists") | 115 | a.Logger.Errorf("No auth session exists") |
| 116 | loginError.With(prometheus.Labels{"type": "no_session_for_code"}).Inc() | ||
| 99 | return c.NoContent(http.StatusUnauthorized) | 117 | return c.NoContent(http.StatusUnauthorized) |
| 100 | } | 118 | } |
| 101 | 119 | ||
| 102 | if authSession.AccessCode != "" { | 120 | if authSession.AccessCode != "" { |
| 103 | a.Logger.Errorf("Session is already authenticated") | 121 | a.Logger.Errorf("Session is already authenticated") |
| 122 | loginError.With(prometheus.Labels{"type": "already_authenticated"}).Inc() | ||
| 104 | return c.NoContent(http.StatusUnauthorized) | 123 | return c.NoContent(http.StatusUnauthorized) |
| 105 | } | 124 | } |
| 106 | 125 | ||
| @@ -113,5 +132,6 @@ func (a *LoginController[T]) HandleFinish(c echo.Context) error { | |||
| 113 | return c.NoContent(http.StatusInternalServerError) | 132 | return c.NoContent(http.StatusInternalServerError) |
| 114 | } | 133 | } |
| 115 | 134 | ||
| 135 | loginSuccess.Inc() | ||
| 116 | return c.NoContent(http.StatusOK) | 136 | return c.NoContent(http.StatusOK) |
| 117 | } | 137 | } |