Commit c7f07e06 authored by David Venhoek's avatar David Venhoek Committed by Sietse Ringers
Browse files

Added support for creating log entries for sessions and pin checks.

parent 45fbaf01
......@@ -2,6 +2,7 @@ package keyshareserver
import (
"database/sql"
"encoding/json"
"errors"
"sync"
"time"
......@@ -18,6 +19,16 @@ var (
ErrInvalidRecord = errors.New("Invalid record in database")
)
type LogEntryType string
const (
PinCheckRefused = "PIN_CHECK_REFUSED"
PinCheckSucces = "PIN_CHECK_SUCCES"
PinCheckFailed = "PIN_CHECK_FAILED"
PinCheckBlocked = "PIN_CHECK_BLOCKED"
IrmaSession = "IRMA_SESSION"
)
type KeyshareDB interface {
NewUser(user KeyshareUserData) error
User(username string) (KeyshareUser, error)
......@@ -28,6 +39,7 @@ type KeyshareDB interface {
ClearPincheck(user KeyshareUser) error
SetSeen(user KeyshareUser) error
AddLog(user KeyshareUser, eventType LogEntryType, param interface{}) error
}
type KeyshareUser interface {
......@@ -116,6 +128,10 @@ func (db *keyshareMemoryDB) SetSeen(user KeyshareUser) error {
return nil
}
func (db *keyshareMemoryDB) AddLog(user KeyshareUser, eventType LogEntryType, param interface{}) error {
return nil
}
type keysharePostgresDatabase struct {
db *sql.DB
}
......@@ -295,3 +311,27 @@ func (db *keysharePostgresDatabase) SetSeen(user KeyshareUser) error {
}
return nil
}
func (db *keysharePostgresDatabase) AddLog(user KeyshareUser, eventType LogEntryType, param interface{}) error {
userdata, ok := user.(*keysharePostgresUser)
if !ok {
return ErrInvalidData
}
var encodedParamString *string
if param != nil {
encodedParam, err := json.Marshal(param)
if err != nil {
return err
}
encodedParams := string(encodedParam)
encodedParamString = &encodedParams
}
_, err := db.db.Exec("INSERT INTO irma.log_entry_records (time, event, param, user_id) VALUES ($1, $2, $3, $4)",
time.Now().Unix(),
eventType,
encodedParamString,
userdata.id)
return err
}
......@@ -9,3 +9,14 @@ CREATE TABLE IF NOT EXISTS irma.users
);
CREATE UNIQUE INDEX username_index ON irma.users (username);
GRANT ALL PRIVILEGES ON TABLE irma.users TO irma;
CREATE TABLE IF NOT EXISTS irma.log_entry_records
(
id serial PRIMARY KEY,
time bigint,
event varchar(256),
param text,
user_id int
);
CREATE INDEX log_entry_records_user_id_index ON irma.log_entry_records (user_id);
GRANT ALL PRIVILEGES ON TABLE irma.log_entry_records TO irma;
\ No newline at end of file
......@@ -227,6 +227,14 @@ func (s *Server) handleResponse(w http.ResponseWriter, r *http.Request) {
return
}
// Make log entry
err = s.db.AddLog(user, IrmaSession, nil)
if err != nil {
s.conf.Logger.WithField("error", err).Error("Could not add log entry for user")
server.WriteError(w, server.ErrorInternal, err.Error())
return
}
proofResponse, err := s.core.GenerateResponse(user.Data().Coredata, authorization, sessionData.LastCommitID, challenge, sessionData.LastKeyid)
if err != nil {
s.conf.Logger.WithField("error", err).Error("Could not generate response for request")
......@@ -294,12 +302,30 @@ func (s *Server) handleVerifyPin(w http.ResponseWriter, r *http.Request) {
return
}
if !ok {
err = s.db.AddLog(user, PinCheckRefused, nil)
if err != nil {
s.conf.Logger.WithField("error", err).Error("Could not add log entry for user")
server.WriteError(w, server.ErrorInternal, err.Error())
return
}
server.WriteJson(w, keysharePinStatus{Status: "error", Message: fmt.Sprintf("%v", wait)})
return
}
jwtt, err := s.core.ValidatePin(user.Data().Coredata, msg.Pin, msg.Username)
if err == keysharecore.ErrInvalidPin {
err = s.db.AddLog(user, PinCheckFailed, tries)
if err != nil {
s.conf.Logger.WithField("error", err).Error("Could not add log entry for user")
server.WriteError(w, server.ErrorInternal, err.Error())
return
}
if tries == 0 {
err = s.db.AddLog(user, PinCheckBlocked, wait)
if err != nil {
s.conf.Logger.WithField("error", err).Error("Could not add log entry for user")
server.WriteError(w, server.ErrorInternal, err.Error())
return
}
server.WriteJson(w, keysharePinStatus{Status: "error", Message: fmt.Sprintf("%v", wait)})
} else {
server.WriteJson(w, keysharePinStatus{Status: "failure", Message: fmt.Sprintf("%v", tries)})
......@@ -321,6 +347,13 @@ func (s *Server) handleVerifyPin(w http.ResponseWriter, r *http.Request) {
// Do not send to user
}
err = s.db.AddLog(user, PinCheckSucces, nil)
if err != nil {
s.conf.Logger.WithField("error", err).Error("Could not add log entry for user")
server.WriteError(w, server.ErrorInternal, err.Error())
return
}
server.WriteJson(w, keysharePinStatus{Status: "success", Message: jwtt})
}
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment