diff options
Diffstat (limited to 'app/controllers/login.go')
-rw-r--r-- | app/controllers/login.go | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/app/controllers/login.go b/app/controllers/login.go index 603eb20..f59789f 100644 --- a/app/controllers/login.go +++ b/app/controllers/login.go | |||
@@ -13,6 +13,21 @@ import ( | |||
13 | "github.com/go-webauthn/webauthn/protocol" | 13 | "github.com/go-webauthn/webauthn/protocol" |
14 | "github.com/go-webauthn/webauthn/webauthn" | 14 | "github.com/go-webauthn/webauthn/webauthn" |
15 | "github.com/labstack/echo/v4" | 15 | "github.com/labstack/echo/v4" |
16 | "github.com/prometheus/client_golang/prometheus" | ||
17 | "github.com/prometheus/client_golang/prometheus/promauto" | ||
18 | ) | ||
19 | |||
20 | var ( | ||
21 | loginError = promauto.NewCounterVec(prometheus.CounterOpts{ | ||
22 | Namespace: "ssh_proxy", | ||
23 | Name: "login_error", | ||
24 | Help: "Total number of errors during login operation", | ||
25 | }, []string{"type"}) | ||
26 | loginSuccess = promauto.NewCounter(prometheus.CounterOpts{ | ||
27 | Namespace: "ssh_proxy", | ||
28 | Name: "login_success", | ||
29 | Help: "Total number of successful logins", | ||
30 | }) | ||
16 | ) | 31 | ) |
17 | 32 | ||
18 | type LoginController[T app.AppSession] struct { | 33 | type LoginController[T app.AppSession] struct { |
@@ -57,6 +72,7 @@ func (a *LoginController[T]) HandleFinish(c echo.Context) error { | |||
57 | user, err := a.Users.Get(ctx, c.Param("username")) | 72 | user, err := a.Users.Get(ctx, c.Param("username")) |
58 | if err != nil { | 73 | if err != nil { |
59 | a.Logger.Errorf("Error getting user: %s", err) | 74 | a.Logger.Errorf("Error getting user: %s", err) |
75 | loginError.With(prometheus.Labels{"type": "no_user"}).Inc() | ||
60 | return c.NoContent(http.StatusNotFound) | 76 | return c.NoContent(http.StatusNotFound) |
61 | } | 77 | } |
62 | 78 | ||
@@ -76,6 +92,7 @@ func (a *LoginController[T]) HandleFinish(c echo.Context) error { | |||
76 | 92 | ||
77 | if _, err := a.Webauthn.ValidateLogin(user, *s.WebauthnSession, response); err != nil { | 93 | if _, err := a.Webauthn.ValidateLogin(user, *s.WebauthnSession, response); err != nil { |
78 | a.Logger.Errorf("Error validating login: %s", err) | 94 | a.Logger.Errorf("Error validating login: %s", err) |
95 | loginError.With(prometheus.Labels{"type": "webauthn_invalid"}).Inc() | ||
79 | return c.NoContent(http.StatusBadRequest) | 96 | return c.NoContent(http.StatusBadRequest) |
80 | } | 97 | } |
81 | 98 | ||
@@ -96,11 +113,13 @@ func (a *LoginController[T]) HandleFinish(c echo.Context) error { | |||
96 | authSession, err := a.AuthSessions.GetByUserCode(ctx, code.Code) | 113 | authSession, err := a.AuthSessions.GetByUserCode(ctx, code.Code) |
97 | if err != nil { | 114 | if err != nil { |
98 | a.Logger.Errorf("No auth session exists") | 115 | a.Logger.Errorf("No auth session exists") |
116 | loginError.With(prometheus.Labels{"type": "no_session_for_code"}).Inc() | ||
99 | return c.NoContent(http.StatusUnauthorized) | 117 | return c.NoContent(http.StatusUnauthorized) |
100 | } | 118 | } |
101 | 119 | ||
102 | if authSession.AccessCode != "" { | 120 | if authSession.AccessCode != "" { |
103 | a.Logger.Errorf("Session is already authenticated") | 121 | a.Logger.Errorf("Session is already authenticated") |
122 | loginError.With(prometheus.Labels{"type": "already_authenticated"}).Inc() | ||
104 | return c.NoContent(http.StatusUnauthorized) | 123 | return c.NoContent(http.StatusUnauthorized) |
105 | } | 124 | } |
106 | 125 | ||
@@ -113,5 +132,6 @@ func (a *LoginController[T]) HandleFinish(c echo.Context) error { | |||
113 | return c.NoContent(http.StatusInternalServerError) | 132 | return c.NoContent(http.StatusInternalServerError) |
114 | } | 133 | } |
115 | 134 | ||
135 | loginSuccess.Inc() | ||
116 | return c.NoContent(http.StatusOK) | 136 | return c.NoContent(http.StatusOK) |
117 | } | 137 | } |