Skip to content

Commit 72d3ab3

Browse files
committed
WIP for #713
1 parent 7a5a1c4 commit 72d3ab3

2 files changed

Lines changed: 41 additions & 17 deletions

File tree

server/src/main/java/invite/api/DefaultErrorController.java

Lines changed: 41 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,13 +15,15 @@
1515
import org.springframework.http.HttpStatus;
1616
import org.springframework.http.ResponseEntity;
1717
import org.springframework.security.access.AccessDeniedException;
18+
import org.springframework.util.StringUtils;
1819
import org.springframework.web.bind.annotation.RequestMapping;
1920
import org.springframework.web.bind.annotation.ResponseStatus;
2021
import org.springframework.web.bind.annotation.RestController;
2122
import org.springframework.web.context.request.ServletWebRequest;
2223
import org.springframework.web.context.request.WebRequest;
2324
import org.springframework.web.servlet.resource.NoResourceFoundException;
2425

26+
import java.util.Base64;
2527
import java.util.Map;
2628

2729
import static org.springframework.http.HttpStatus.*;
@@ -56,8 +58,14 @@ public ResponseEntity<Map<String, Object>> error(HttpServletRequest request) {
5658
HttpStatus statusCode;
5759

5860
if (error == null) {
59-
statusCode = result.containsKey("status") && (int) result.get("status") != 999 ?
60-
HttpStatus.valueOf((int) result.get("status")) : INTERNAL_SERVER_ERROR;
61+
if ("Unauthorized".equalsIgnoreCase((String) result.get("error"))) {
62+
statusCode = HttpStatus.UNAUTHORIZED;
63+
this.handleAuthorizationException(request, result);
64+
} else {
65+
statusCode = result.containsKey("status") && (int) result.get("status") != 999 ?
66+
HttpStatus.valueOf((int) result.get("status")) : INTERNAL_SERVER_ERROR;
67+
68+
}
6169
} else {
6270
if (!(error instanceof NotFoundException || error instanceof NoResourceFoundException)) {
6371
boolean logStackTrace = !(error instanceof UserRestrictionException || error instanceof invite.exception.RemoteException);
@@ -75,4 +83,35 @@ public ResponseEntity<Map<String, Object>> error(HttpServletRequest request) {
7583
return ResponseEntity.status(statusCode).body(result);
7684
}
7785

86+
private void handleAuthorizationException(HttpServletRequest request, Map<String, Object> result) {
87+
String remoteIp = request.getHeader("X-Forwarded-For");
88+
if (StringUtils.hasText(remoteIp)) {
89+
remoteIp = remoteIp.split(",")[0].trim(); // first entry is the originating client
90+
} else {
91+
remoteIp = request.getRemoteAddr();
92+
}
93+
94+
String username = null;
95+
String authHeader = request.getHeader("Authorization");
96+
if (StringUtils.hasText(authHeader) && authHeader.startsWith("Basic ")) {
97+
String encoded = authHeader.substring(6);
98+
String decoded = new String(Base64.getDecoder().decode(encoded));
99+
username = decoded.split(":", 2)[0];
100+
}
101+
102+
String method = request.getMethod();
103+
String fullPath;
104+
if (result.containsKey("path")) {
105+
fullPath = (String) result.get("path");
106+
} else {
107+
String path = request.getRequestURI();
108+
String query = request.getQueryString();
109+
fullPath = query != null ? path + "?" + query : path;
110+
}
111+
112+
LOG.warn(String.format("Authentication error: ip=%s, user=%s, method=%s, path=%s",
113+
remoteIp, username, method, fullPath
114+
));
115+
}
116+
78117
}

server/src/main/resources/application.yml

Lines changed: 0 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,19 +1,4 @@
11
---
2-
logging:
3-
level:
4-
root: WARN
5-
com.zaxxer.hikari: ERROR
6-
org.mariadb.jdbc.message.server: ERROR
7-
org.springframework.security: INFO
8-
invite: DEBUG
9-
net.javacrumbs.shedlock: DEBUG
10-
# sql: DEBUG
11-
# org.hibernate.type.descriptor.sql.BasicBinder: TRACE
12-
# org.hibernate.orm.jdbc.bind: TRACE
13-
threshold:
14-
# console: TRACE
15-
console: WARN
16-
172
server:
183
port: 8888
194
error:

0 commit comments

Comments
 (0)