refactor(logs): move to core package (#4586)
This commit is contained in:
Meier Lukas
@@ -3,9 +3,9 @@ import { cookies } from "next/headers";
|
||||
import NextAuth from "next-auth";
|
||||
import Credentials from "next-auth/providers/credentials";
|
||||
|
||||
import { createLogger } from "@homarr/core/infrastructure/logs";
|
||||
import { db } from "@homarr/db";
|
||||
import type { SupportedAuthProvider } from "@homarr/definitions";
|
||||
import { logger } from "@homarr/log";
|
||||
|
||||
import { createAdapter } from "./adapter";
|
||||
import { createSessionCallback } from "./callbacks";
|
||||
@@ -18,6 +18,8 @@ import { OidcProvider } from "./providers/oidc/oidc-provider";
|
||||
import { createRedirectUri } from "./redirect";
|
||||
import { expireDateAfter, generateSessionToken, sessionTokenCookieName } from "./session";
|
||||
|
||||
const logger = createLogger({ module: "authConfiguration" });
|
||||
|
||||
// See why it's unknown in the [...nextauth]/route.ts file
|
||||
export const createConfiguration = (
|
||||
provider: SupportedAuthProvider | "unknown",
|
||||
|
||||
@@ -2,15 +2,17 @@ import { cookies } from "next/headers";
|
||||
import dayjs from "dayjs";
|
||||
import type { NextAuthConfig } from "next-auth";
|
||||
|
||||
import { createLogger } from "@homarr/core/infrastructure/logs";
|
||||
import { and, eq, inArray } from "@homarr/db";
|
||||
import type { Database } from "@homarr/db";
|
||||
import { groupMembers, groups, users } from "@homarr/db/schema";
|
||||
import { colorSchemeCookieKey, everyoneGroup } from "@homarr/definitions";
|
||||
import { logger } from "@homarr/log";
|
||||
|
||||
import { env } from "./env";
|
||||
import { extractProfileName } from "./providers/oidc/oidc-provider";
|
||||
|
||||
const logger = createLogger({ module: "authEvents" });
|
||||
|
||||
export const createSignInEventHandler = (db: Database): Exclude<NextAuthConfig["events"], undefined>["signIn"] => {
|
||||
return async ({ user, profile }) => {
|
||||
logger.debug(`SignIn EventHandler for user: ${JSON.stringify(user)} . profile: ${JSON.stringify(profile)}`);
|
||||
@@ -43,9 +45,11 @@ export const createSignInEventHandler = (db: Database): Exclude<NextAuthConfig["
|
||||
|
||||
if (dbUser.name !== user.name) {
|
||||
await db.update(users).set({ name: user.name }).where(eq(users.id, user.id));
|
||||
logger.info(
|
||||
`Username for user of credentials provider has changed. user=${user.id} old=${dbUser.name} new=${user.name}`,
|
||||
);
|
||||
logger.info("Username for user of credentials provider has changed.", {
|
||||
userId: user.id,
|
||||
oldName: dbUser.name,
|
||||
newName: user.name,
|
||||
});
|
||||
}
|
||||
|
||||
if (profile) {
|
||||
@@ -56,9 +60,11 @@ export const createSignInEventHandler = (db: Database): Exclude<NextAuthConfig["
|
||||
|
||||
if (dbUser.name !== profileUsername) {
|
||||
await db.update(users).set({ name: profileUsername }).where(eq(users.id, user.id));
|
||||
logger.info(
|
||||
`Username for user of oidc provider has changed. user=${user.id} old='${dbUser.name}' new='${profileUsername}'`,
|
||||
);
|
||||
logger.info("Username for user of oidc provider has changed.", {
|
||||
userId: user.id,
|
||||
oldName: dbUser.name,
|
||||
newName: profileUsername,
|
||||
});
|
||||
}
|
||||
|
||||
if (
|
||||
@@ -67,11 +73,13 @@ export const createSignInEventHandler = (db: Database): Exclude<NextAuthConfig["
|
||||
!dbUser.image?.startsWith("data:")
|
||||
) {
|
||||
await db.update(users).set({ image: profile.picture }).where(eq(users.id, user.id));
|
||||
logger.info(`Profile picture for user of oidc provider has changed. user=${user.id}'`);
|
||||
logger.info("Profile picture for user of oidc provider has changed.", {
|
||||
userId: user.id,
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
logger.info(`User '${dbUser.name}' logged in at ${dayjs().format()}`);
|
||||
logger.info("User logged in", { userId: user.id, userName: dbUser.name, timestamp: dayjs().format() });
|
||||
|
||||
// We use a cookie as localStorage is not shared with server (otherwise flickering would occur)
|
||||
(await cookies()).set(colorSchemeCookieKey, dbUser.colorScheme, {
|
||||
@@ -96,7 +104,7 @@ const addUserToEveryoneGroupIfNotMemberAsync = async (db: Database, userId: stri
|
||||
userId,
|
||||
groupId: dbEveryoneGroup.id,
|
||||
});
|
||||
logger.info(`Added user to everyone group. user=${userId}`);
|
||||
logger.info("Added user to everyone group.", { userId });
|
||||
}
|
||||
};
|
||||
|
||||
@@ -118,9 +126,10 @@ const synchronizeGroupsWithExternalForUserAsync = async (db: Database, userId: s
|
||||
);
|
||||
|
||||
if (missingExternalGroupsForUser.length > 0) {
|
||||
logger.debug(
|
||||
`Homarr does not have the user in certain groups. user=${userId} count=${missingExternalGroupsForUser.length}`,
|
||||
);
|
||||
logger.debug("Homarr does not have the user in certain groups.", {
|
||||
user: userId,
|
||||
count: missingExternalGroupsForUser.length,
|
||||
});
|
||||
|
||||
const groupIds = await db.query.groups.findMany({
|
||||
columns: {
|
||||
@@ -129,7 +138,10 @@ const synchronizeGroupsWithExternalForUserAsync = async (db: Database, userId: s
|
||||
where: inArray(groups.name, missingExternalGroupsForUser),
|
||||
});
|
||||
|
||||
logger.debug(`Homarr has found groups in the database user is not in. user=${userId} count=${groupIds.length}`);
|
||||
logger.debug("Homarr has found groups in the database user is not in.", {
|
||||
user: userId,
|
||||
count: groupIds.length,
|
||||
});
|
||||
|
||||
if (groupIds.length > 0) {
|
||||
await db.insert(groupMembers).values(
|
||||
@@ -139,9 +151,9 @@ const synchronizeGroupsWithExternalForUserAsync = async (db: Database, userId: s
|
||||
})),
|
||||
);
|
||||
|
||||
logger.info(`Added user to groups successfully. user=${userId} count=${groupIds.length}`);
|
||||
logger.info("Added user to groups successfully.", { user: userId, count: groupIds.length });
|
||||
} else {
|
||||
logger.debug(`User is already in all groups of Homarr. user=${userId}`);
|
||||
logger.debug("User is already in all groups of Homarr.", { user: userId });
|
||||
}
|
||||
}
|
||||
|
||||
@@ -154,9 +166,10 @@ const synchronizeGroupsWithExternalForUserAsync = async (db: Database, userId: s
|
||||
);
|
||||
|
||||
if (groupsUserIsNoLongerMemberOfExternally.length > 0) {
|
||||
logger.debug(
|
||||
`Homarr has the user in certain groups that LDAP does not have. user=${userId} count=${groupsUserIsNoLongerMemberOfExternally.length}`,
|
||||
);
|
||||
logger.debug("Homarr has the user in certain groups that LDAP does not have.", {
|
||||
user: userId,
|
||||
count: groupsUserIsNoLongerMemberOfExternally.length,
|
||||
});
|
||||
|
||||
await db.delete(groupMembers).where(
|
||||
and(
|
||||
@@ -168,8 +181,9 @@ const synchronizeGroupsWithExternalForUserAsync = async (db: Database, userId: s
|
||||
),
|
||||
);
|
||||
|
||||
logger.info(
|
||||
`Removed user from groups successfully. user=${userId} count=${groupsUserIsNoLongerMemberOfExternally.length}`,
|
||||
);
|
||||
logger.info("Removed user from groups successfully.", {
|
||||
user: userId,
|
||||
count: groupsUserIsNoLongerMemberOfExternally.length,
|
||||
});
|
||||
}
|
||||
};
|
||||
|
||||
@@ -30,7 +30,6 @@
|
||||
"@homarr/core": "workspace:^0.1.0",
|
||||
"@homarr/db": "workspace:^0.1.0",
|
||||
"@homarr/definitions": "workspace:^0.1.0",
|
||||
"@homarr/log": "workspace:^0.1.0",
|
||||
"@homarr/validation": "workspace:^0.1.0",
|
||||
"bcrypt": "^6.0.0",
|
||||
"cookies": "^0.9.1",
|
||||
|
||||
@@ -1,12 +1,14 @@
|
||||
import bcrypt from "bcrypt";
|
||||
import type { z } from "zod/v4";
|
||||
|
||||
import { createLogger } from "@homarr/core/infrastructure/logs";
|
||||
import type { Database } from "@homarr/db";
|
||||
import { and, eq } from "@homarr/db";
|
||||
import { users } from "@homarr/db/schema";
|
||||
import { logger } from "@homarr/log";
|
||||
import type { userSignInSchema } from "@homarr/validation/user";
|
||||
|
||||
const logger = createLogger({ module: "basicAuthorization" });
|
||||
|
||||
export const authorizeWithBasicCredentialsAsync = async (
|
||||
db: Database,
|
||||
credentials: z.infer<typeof userSignInSchema>,
|
||||
@@ -16,19 +18,19 @@ export const authorizeWithBasicCredentialsAsync = async (
|
||||
});
|
||||
|
||||
if (!user?.password) {
|
||||
logger.info(`user ${credentials.name} was not found`);
|
||||
logger.info("User not found", { userName: credentials.name });
|
||||
return null;
|
||||
}
|
||||
|
||||
logger.info(`user ${user.name} is trying to log in. checking password...`);
|
||||
logger.info("User is trying to log in. Checking password...", { userName: user.name });
|
||||
const isValidPassword = await bcrypt.compare(credentials.password, user.password);
|
||||
|
||||
if (!isValidPassword) {
|
||||
logger.warn(`password for user ${user.name} was incorrect`);
|
||||
logger.warn("Password for user was incorrect", { userName: user.name });
|
||||
return null;
|
||||
}
|
||||
|
||||
logger.info(`user ${user.name} successfully authorized`);
|
||||
logger.info("User successfully authorized", { userName: user.name });
|
||||
|
||||
return {
|
||||
id: user.id,
|
||||
|
||||
@@ -1,21 +1,23 @@
|
||||
import { CredentialsSignin } from "@auth/core/errors";
|
||||
import { z } from "zod/v4";
|
||||
|
||||
import { createId, extractErrorMessage } from "@homarr/common";
|
||||
import { createId } from "@homarr/common";
|
||||
import { createLogger } from "@homarr/core/infrastructure/logs";
|
||||
import type { Database, InferInsertModel } from "@homarr/db";
|
||||
import { and, eq } from "@homarr/db";
|
||||
import { users } from "@homarr/db/schema";
|
||||
import { logger } from "@homarr/log";
|
||||
import type { ldapSignInSchema } from "@homarr/validation/user";
|
||||
|
||||
import { env } from "../../../env";
|
||||
import { LdapClient } from "../ldap-client";
|
||||
|
||||
const logger = createLogger({ module: "ldapAuthorization" });
|
||||
|
||||
export const authorizeWithLdapCredentialsAsync = async (
|
||||
db: Database,
|
||||
credentials: z.infer<typeof ldapSignInSchema>,
|
||||
) => {
|
||||
logger.info(`user ${credentials.name} is trying to log in using LDAP. Connecting to LDAP server...`);
|
||||
logger.info("User is trying to log in using LDAP. Connecting to LDAP server...", { userName: credentials.name });
|
||||
const client = new LdapClient();
|
||||
await client
|
||||
.bindAsync({
|
||||
@@ -23,8 +25,7 @@ export const authorizeWithLdapCredentialsAsync = async (
|
||||
password: env.AUTH_LDAP_BIND_PASSWORD,
|
||||
})
|
||||
.catch((error) => {
|
||||
logger.error(`Failed to connect to LDAP server ${extractErrorMessage(error)}`);
|
||||
throw new CredentialsSignin();
|
||||
throw new CredentialsSignin("Failed to connect to LDAP server", { cause: error });
|
||||
});
|
||||
|
||||
logger.info("Connected to LDAP server. Searching for user...");
|
||||
@@ -48,21 +49,21 @@ export const authorizeWithLdapCredentialsAsync = async (
|
||||
});
|
||||
|
||||
if (!ldapUser) {
|
||||
logger.warn(`User ${credentials.name} not found in LDAP`);
|
||||
throw new CredentialsSignin();
|
||||
throw new CredentialsSignin(`User not found in LDAP username="${credentials.name}"`);
|
||||
}
|
||||
|
||||
// Validate email
|
||||
const mailResult = await z.string().email().safeParseAsync(ldapUser[env.AUTH_LDAP_USER_MAIL_ATTRIBUTE]);
|
||||
|
||||
if (!mailResult.success) {
|
||||
logger.error(
|
||||
`User ${credentials.name} found but with invalid or non-existing Email. Not Supported: "${ldapUser[env.AUTH_LDAP_USER_MAIL_ATTRIBUTE]}"`,
|
||||
);
|
||||
throw new CredentialsSignin();
|
||||
logger.error("User found in LDAP but with invalid or non-existing Email", {
|
||||
userName: credentials.name,
|
||||
emailValue: ldapUser[env.AUTH_LDAP_USER_MAIL_ATTRIBUTE],
|
||||
});
|
||||
throw new CredentialsSignin("User found in LDAP but with invalid or non-existing Email");
|
||||
}
|
||||
|
||||
logger.info(`User ${credentials.name} found in LDAP. Logging in...`);
|
||||
logger.info("User found in LDAP. Logging in...", { userName: credentials.name });
|
||||
|
||||
// Bind with user credentials to check if the password is correct
|
||||
const userClient = new LdapClient();
|
||||
@@ -72,12 +73,12 @@ export const authorizeWithLdapCredentialsAsync = async (
|
||||
password: credentials.password,
|
||||
})
|
||||
.catch(() => {
|
||||
logger.warn(`Wrong credentials for user ${credentials.name}`);
|
||||
logger.warn("Wrong credentials for user", { userName: credentials.name });
|
||||
throw new CredentialsSignin();
|
||||
});
|
||||
await userClient.disconnectAsync();
|
||||
|
||||
logger.info(`User ${credentials.name} logged in successfully, retrieving user groups...`);
|
||||
logger.info("User credentials are correct. Retrieving user groups...", { userName: credentials.name });
|
||||
|
||||
const userGroups = await client
|
||||
.searchAsync({
|
||||
@@ -93,7 +94,7 @@ export const authorizeWithLdapCredentialsAsync = async (
|
||||
})
|
||||
.then((entries) => entries.map((entry) => entry.cn).filter((group): group is string => group !== undefined));
|
||||
|
||||
logger.info(`Found ${userGroups.length} groups for user ${credentials.name}.`);
|
||||
logger.info("User groups retrieved", { userName: credentials.name, groups: userGroups.length });
|
||||
|
||||
await client.disconnectAsync();
|
||||
|
||||
@@ -111,7 +112,7 @@ export const authorizeWithLdapCredentialsAsync = async (
|
||||
});
|
||||
|
||||
if (!user) {
|
||||
logger.info(`User ${credentials.name} not found in the database. Creating...`);
|
||||
logger.info("User not found in the database. Creating...", { userName: credentials.name });
|
||||
|
||||
const insertUser = {
|
||||
id: createId(),
|
||||
@@ -126,7 +127,7 @@ export const authorizeWithLdapCredentialsAsync = async (
|
||||
|
||||
user = insertUser;
|
||||
|
||||
logger.info(`User ${credentials.name} created successfully.`);
|
||||
logger.info("User created successfully", { userName: credentials.name });
|
||||
}
|
||||
|
||||
return {
|
||||
|
||||
Reference in New Issue
Block a user