Polish for Release (#2314)

2023-10-15 13:39:11 -05:00 · 2023-10-15 13:39:11 -05:00 · 59b950c4bd
commit 59b950c4bd
parent fe4af4b648
54 changed files with 1162 additions and 1056 deletions
--- a/API/Middleware/SecurityMiddleware.cs
+++ b/API/Middleware/SecurityMiddleware.cs
@ -0,0 +1,69 @@
+using System;
+using System.IO;
+using System.Net;
+using System.Text.Json;
+using System.Threading.Tasks;
+using API.Errors;
+using Kavita.Common;
+using Microsoft.AspNetCore.Http;
+using Serilog;
+using ILogger = Serilog.ILogger;
+
+namespace API.Middleware;
+
+public class SecurityEventMiddleware
+{
+    private readonly RequestDelegate _next;
+    private readonly ILogger _logger;
+
+    public SecurityEventMiddleware(RequestDelegate next)
+    {
+        _next = next;
+
+        _logger = new LoggerConfiguration()
+            .MinimumLevel.Debug()
+            .WriteTo.File(Path.Join(Directory.GetCurrentDirectory(), "config/logs/", "security.log"), rollingInterval: RollingInterval.Day)
+            .CreateLogger();
+    }
+
+    public async Task InvokeAsync(HttpContext context)
+    {
+        try
+        {
+            await _next(context);
+        }
+        catch (KavitaUnauthenticatedUserException ex)
+        {
+            var ipAddress = context.Connection.RemoteIpAddress?.ToString();
+            var requestMethod = context.Request.Method;
+            var requestPath = context.Request.Path;
+            var userAgent = context.Request.Headers["User-Agent"];
+            var securityEvent = new
+            {
+                IpAddress = ipAddress,
+                RequestMethod = requestMethod,
+                RequestPath = requestPath,
+                UserAgent = userAgent,
+                CreatedAt = DateTime.Now,
+                CreatedAtUtc = DateTime.UtcNow,
+            };
+            _logger.Information("Unauthorized User attempting to access API. {@Event}", securityEvent);
+            context.Response.ContentType = "application/json";
+            context.Response.StatusCode = (int) HttpStatusCode.Unauthorized;
+
+            const string errorMessage = "Unauthorized";
+
+            var response = new ApiException(context.Response.StatusCode, errorMessage, ex.StackTrace);
+
+            var options = new JsonSerializerOptions
+            {
+                PropertyNamingPolicy =
+                    JsonNamingPolicy.CamelCase
+            };
+
+            var json = JsonSerializer.Serialize(response, options);
+
+            await context.Response.WriteAsync(json);
+        }
+    }
+}