Added support for creating log entries for sessions and pin checks.

c7f07e06 · David Venhoek · Sietse Ringers · 45fbaf01 · c7f07e06 · c7f07e06
Commit c7f07e06 authored Feb 11, 2020 by David Venhoek Committed by Sietse Ringers Dec 11, 2020
--- a/server/keyshareserver/db.go
+++ b/server/keyshareserver/db.go
@@ -2,6 +2,7 @@ package keyshareserver

 import (
 	"database/sql"
+	"encoding/json"
 	"errors"
 	"sync"
 	"time"
@@ -18,6 +19,16 @@ var (
 	ErrInvalidRecord     = errors.New("Invalid record in database")
 )

+type LogEntryType string
+
+const (
+	PinCheckRefused = "PIN_CHECK_REFUSED"
+	PinCheckSucces  = "PIN_CHECK_SUCCES"
+	PinCheckFailed  = "PIN_CHECK_FAILED"
+	PinCheckBlocked = "PIN_CHECK_BLOCKED"
+	IrmaSession     = "IRMA_SESSION"
+)
+
 type KeyshareDB interface {
 	NewUser(user KeyshareUserData) error
 	User(username string) (KeyshareUser, error)
@@ -28,6 +39,7 @@ type KeyshareDB interface {
 	ClearPincheck(user KeyshareUser) error

 	SetSeen(user KeyshareUser) error
+	AddLog(user KeyshareUser, eventType LogEntryType, param interface{}) error
 }

 type KeyshareUser interface {
@@ -116,6 +128,10 @@ func (db *keyshareMemoryDB) SetSeen(user KeyshareUser) error {
 	return nil
 }

+func (db *keyshareMemoryDB) AddLog(user KeyshareUser, eventType LogEntryType, param interface{}) error {
+	return nil
+}
+
 type keysharePostgresDatabase struct {
 	db *sql.DB
 }
@@ -295,3 +311,27 @@ func (db *keysharePostgresDatabase) SetSeen(user KeyshareUser) error {
 	}
 	return nil
 }
+
+func (db *keysharePostgresDatabase) AddLog(user KeyshareUser, eventType LogEntryType, param interface{}) error {
+	userdata, ok := user.(*keysharePostgresUser)
+	if !ok {
+		return ErrInvalidData
+	}
+
+	var encodedParamString *string
+	if param != nil {
+		encodedParam, err := json.Marshal(param)
+		if err != nil {
+			return err
+		}
+		encodedParams := string(encodedParam)
+		encodedParamString = &encodedParams
+	}
+
+	_, err := db.db.Exec("INSERT INTO irma.log_entry_records (time, event, param, user_id) VALUES ($1, $2, $3, $4)",
+		time.Now().Unix(),
+		eventType,
+		encodedParamString,
+		userdata.id)
+	return err
+}
--- a/server/keyshareserver/schema.sql
+++ b/server/keyshareserver/schema.sql
@@ -9,3 +9,14 @@ CREATE TABLE IF NOT EXISTS irma.users
 );
 CREATE UNIQUE INDEX username_index ON irma.users (username);
 GRANT ALL PRIVILEGES ON TABLE irma.users TO irma;
+
+CREATE TABLE IF NOT EXISTS irma.log_entry_records
+(
+    id serial PRIMARY KEY,
+    time bigint,
+    event varchar(256),
+    param text,
+    user_id int
+);
+CREATE INDEX log_entry_records_user_id_index ON irma.log_entry_records (user_id);
+GRANT ALL PRIVILEGES ON TABLE irma.log_entry_records TO irma;
\ No newline at end of file
--- a/server/keyshareserver/server.go
+++ b/server/keyshareserver/server.go
@@ -227,6 +227,14 @@ func (s *Server) handleResponse(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	// Make log entry
+	err = s.db.AddLog(user, IrmaSession, nil)
+	if err != nil {
+		s.conf.Logger.WithField("error", err).Error("Could not add log entry for user")
+		server.WriteError(w, server.ErrorInternal, err.Error())
+		return
+	}
+
 	proofResponse, err := s.core.GenerateResponse(user.Data().Coredata, authorization, sessionData.LastCommitID, challenge, sessionData.LastKeyid)
 	if err != nil {
 		s.conf.Logger.WithField("error", err).Error("Could not generate response for request")
@@ -294,12 +302,30 @@ func (s *Server) handleVerifyPin(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	if !ok {
+		err = s.db.AddLog(user, PinCheckRefused, nil)
+		if err != nil {
+			s.conf.Logger.WithField("error", err).Error("Could not add log entry for user")
+			server.WriteError(w, server.ErrorInternal, err.Error())
+			return
+		}
 		server.WriteJson(w, keysharePinStatus{Status: "error", Message: fmt.Sprintf("%v", wait)})
 		return
 	}
 	jwtt, err := s.core.ValidatePin(user.Data().Coredata, msg.Pin, msg.Username)
 	if err == keysharecore.ErrInvalidPin {
+		err = s.db.AddLog(user, PinCheckFailed, tries)
+		if err != nil {
+			s.conf.Logger.WithField("error", err).Error("Could not add log entry for user")
+			server.WriteError(w, server.ErrorInternal, err.Error())
+			return
+		}
 		if tries == 0 {
+			err = s.db.AddLog(user, PinCheckBlocked, wait)
+			if err != nil {
+				s.conf.Logger.WithField("error", err).Error("Could not add log entry for user")
+				server.WriteError(w, server.ErrorInternal, err.Error())
+				return
+			}
 			server.WriteJson(w, keysharePinStatus{Status: "error", Message: fmt.Sprintf("%v", wait)})
 		} else {
 			server.WriteJson(w, keysharePinStatus{Status: "failure", Message: fmt.Sprintf("%v", tries)})
@@ -321,6 +347,13 @@ func (s *Server) handleVerifyPin(w http.ResponseWriter, r *http.Request) {
 			// Do not send to user
 		}

+		err = s.db.AddLog(user, PinCheckSucces, nil)
+		if err != nil {
+			s.conf.Logger.WithField("error", err).Error("Could not add log entry for user")
+			server.WriteError(w, server.ErrorInternal, err.Error())
+			return
+		}
+
 		server.WriteJson(w, keysharePinStatus{Status: "success", Message: jwtt})
 	}
 }