Merge pull request #7907 from NBKelly/log-ip-address

log ip address on login
mtgred · Jan 7, 2025 · 05f8bf4 · 05f8bf4
2 parents f875820 + 03ef922
commit 05f8bf4
Showing 1 changed file with 12 additions and 3 deletions.
diff --git a/src/clj/web/auth.clj b/src/clj/web/auth.clj
@@ -98,14 +98,23 @@
 (defn login-handler
   [{db :system/db
     auth :system/auth
-    {:keys [username password]} :params}]
-  (let [user (mc/find-one-as-map db "users" {:username username})]
+    {:keys [username password]} :params
+    remote-address :remote-addr
+    headers :headers}]
+  ;; note - if the user is behind a proxy, their IP will be the first on in x-forwarded-for
+  ;; otherwise it will just be the remote-addr key for the request.
+  ;; I'm hoping the nginx reverese proxy plays nice with this...
+  (let [client-ip (if-let [ips (get-in headers ["x-forwarded-for"])]
+                    (-> ips (str/split #",") first)
+                    remote-address)
+        user (mc/find-one-as-map db "users" {:username username})]
     (cond
       (and user (:banned user)) (response 403 {:error (or @banned-msg "Account Locked")})
       (and user (password/check password (:password user)))
       (do (mc/update db "users"
                      {:username username}
-                     {"$set" {:lastConnection (inst/now)}})
+                     {"$set" {:lastConnection (inst/now)
+                              :lastIpAddress (str client-ip)}})
           (assoc (response 200 {:message "ok"})
                  :cookies {"session" (merge {:value (create-token auth user)}
                                             (:cookie auth))}))