levelled up logging, albeit with a bit of verbosity...
This commit is contained in:
user
@@ -3,13 +3,13 @@ import { FlowExecCtx } from "@core/flow.execution.context";
|
||||
import { UserRepository } from "@domains/user/repository";
|
||||
import { getRedisInstance, Redis } from "@pkg/keystore";
|
||||
import { TwofaRepository } from "./repository";
|
||||
import { logDomainEvent } from "@pkg/logger";
|
||||
import { auth } from "../auth/config.base";
|
||||
import type { TwoFaSession } from "./data";
|
||||
import { User } from "@domains/user/data";
|
||||
import { settings } from "@core/settings";
|
||||
import { type Err } from "@pkg/result";
|
||||
import { twofaErrors } from "./errors";
|
||||
import { logger } from "@pkg/logger";
|
||||
import { db } from "@pkg/db";
|
||||
|
||||
export class TwofaController {
|
||||
@@ -33,7 +33,13 @@ export class TwofaController {
|
||||
|
||||
isUserBanned(fctx: FlowExecCtx, userId: string) {
|
||||
return this.userRepo.isUserBanned(fctx, userId).orElse((error) => {
|
||||
logger.error("Error checking user ban status:", error);
|
||||
logDomainEvent({
|
||||
level: "error",
|
||||
event: "security.twofa.user_ban_check.failed",
|
||||
fctx,
|
||||
error,
|
||||
meta: { userId },
|
||||
});
|
||||
return okAsync(false);
|
||||
});
|
||||
}
|
||||
@@ -58,19 +64,34 @@ export class TwofaController {
|
||||
code: string,
|
||||
headers: Headers,
|
||||
) {
|
||||
const startedAt = Date.now();
|
||||
logDomainEvent({
|
||||
event: "security.twofa.verify_and_enable.started",
|
||||
fctx,
|
||||
meta: { userId: user.id },
|
||||
});
|
||||
|
||||
return this.is2faEnabled(fctx, user.id)
|
||||
.andThen((enabled) => {
|
||||
if (enabled) {
|
||||
logDomainEvent({
|
||||
level: "warn",
|
||||
event: "security.twofa.verify_and_enable.failed",
|
||||
fctx,
|
||||
durationMs: Date.now() - startedAt,
|
||||
error: {
|
||||
code: "ALREADY_ENABLED",
|
||||
message: "2FA already enabled",
|
||||
},
|
||||
meta: { userId: user.id },
|
||||
});
|
||||
return errAsync(twofaErrors.alreadyEnabled(fctx));
|
||||
}
|
||||
return okAsync(undefined);
|
||||
})
|
||||
.andThen(() => {
|
||||
logger.info(`Verifying 2fa for ${user.id} : ${code}`, {
|
||||
flowId: fctx.flowId,
|
||||
});
|
||||
return this.twofaRepo.verifyAndEnable2FA(fctx, user.id, code);
|
||||
})
|
||||
.andThen(() =>
|
||||
this.twofaRepo.verifyAndEnable2FA(fctx, user.id, code),
|
||||
)
|
||||
.andThen((verified) => {
|
||||
if (verified) {
|
||||
return ResultAsync.combine([
|
||||
@@ -82,8 +103,27 @@ export class TwofaController {
|
||||
fctx,
|
||||
user.id,
|
||||
),
|
||||
]).map(() => true);
|
||||
]).map(() => {
|
||||
logDomainEvent({
|
||||
event: "security.twofa.verify_and_enable.succeeded",
|
||||
fctx,
|
||||
durationMs: Date.now() - startedAt,
|
||||
meta: { userId: user.id },
|
||||
});
|
||||
return true;
|
||||
});
|
||||
}
|
||||
logDomainEvent({
|
||||
level: "warn",
|
||||
event: "security.twofa.verify_and_enable.failed",
|
||||
fctx,
|
||||
durationMs: Date.now() - startedAt,
|
||||
error: {
|
||||
code: "INVALID_CODE",
|
||||
message: "2FA code verification failed",
|
||||
},
|
||||
meta: { userId: user.id },
|
||||
});
|
||||
return okAsync(verified);
|
||||
});
|
||||
}
|
||||
@@ -169,7 +209,12 @@ export class TwofaController {
|
||||
)
|
||||
.map(() => undefined)
|
||||
.orElse((error) => {
|
||||
logger.error("Error marking initial 2FA as complete:", error);
|
||||
logDomainEvent({
|
||||
level: "error",
|
||||
event: "security.twofa.mark_initial_verification.failed",
|
||||
fctx: { flowId: crypto.randomUUID() },
|
||||
error,
|
||||
});
|
||||
return okAsync(undefined);
|
||||
});
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user