From c320822ee5916bdbd9cbdea9fe2996bdd413a7c3 Mon Sep 17 00:00:00 2001
From: Dobromir Popov <dobromir.popov@gateway.one>
Date: Mon, 3 Jun 2024 18:44:13 +0300
Subject: [PATCH] tightening local accounts security. added logging

---
 .env                                   |  1 +
 _deploy/deoloy.azure.production.yml    |  1 +
 _deploy/deoloy.azure.staging.yml       |  1 +
 _doc/ToDo.md                           |  2 ++
 components/PwaManager.tsx              |  3 ++-
 components/PwaManagerNotifications.tsx |  3 ++-
 pages/api/auth/[...nextauth].ts        | 10 +++++++---
 7 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/.env b/.env
index c608057..04278f6 100644
--- a/.env
+++ b/.env
@@ -11,6 +11,7 @@ NODE_ENV=development
 DATABASE=mysql://cart:cartpw@localhost:3306/cart
 # DATABASE=mysql://cart:cartpw@192.168.0.10:3306/cart_dev
 NEXT_PUBLIC_PUBLIC_URL=https://localhost:3003
+ADMIN_PASSWORD=123456
 
 # // owner: dobromir.popov@gmail.com | Специално Свидетелстване София
 # // https://console.cloud.google.com/apis/credentials/oauthclient/926212607479-d3m8hm8f8esp3rf1639prskn445sa01v.apps.googleusercontent.com?project=grand-forge-108716 
diff --git a/_deploy/deoloy.azure.production.yml b/_deploy/deoloy.azure.production.yml
index 025a825..55a11d4 100644
--- a/_deploy/deoloy.azure.production.yml
+++ b/_deploy/deoloy.azure.production.yml
@@ -18,6 +18,7 @@ services:
       - GIT_BRANCH=production
       - GIT_USERNAME=deploy
       - GIT_PASSWORD=L3Kr2R438u4F7
+      - ADMIN_PASSWORD=changeme
     command: sh -c " cd /app && npm install && npm run prod; tail -f /dev/null"
     #command: sh -c " cd /app && tail -f /dev/null"
     tty: true
diff --git a/_deploy/deoloy.azure.staging.yml b/_deploy/deoloy.azure.staging.yml
index d7a5af1..2fad3a5 100644
--- a/_deploy/deoloy.azure.staging.yml
+++ b/_deploy/deoloy.azure.staging.yml
@@ -15,6 +15,7 @@ services:
       - GIT_BRANCH=main
       - GIT_USERNAME=deploy
       - GIT_PASSWORD=L3Kr2R438u4F7
+      - ADMIN_PASSWORD=kolichkisofia2024
     command: sh -c " cd /app && npm install && npx next build && npm run start-env; tail -f /dev/null"
     tty: true
     stdin_open: true
diff --git a/_doc/ToDo.md b/_doc/ToDo.md
index 4a49898..fa13d7e 100644
--- a/_doc/ToDo.md
+++ b/_doc/ToDo.md
@@ -250,6 +250,7 @@ in schedule admin - if a publisher is always pair & family is not in the shift -
 [] invalidate one/all user sessions
 [] log deletions
 [] add user permissions [with logging when used]
+[] ? store sessions in DB ?
 
 
 [] improve reports page(s)
@@ -261,3 +262,4 @@ in schedule admin - if a publisher is always pair & family is not in the shift -
 [] allow blocking of inputs (different from publishing)
 [] user - add createdAt field
 
+[] FIX insecure logins
\ No newline at end of file
diff --git a/components/PwaManager.tsx b/components/PwaManager.tsx
index fd4c86d..5fe808f 100644
--- a/components/PwaManager.tsx
+++ b/components/PwaManager.tsx
@@ -141,7 +141,8 @@ function PwaManager({ subs }) {
                     body: JSON.stringify({ subscription: sub, id: session.user.id })
                 }).then(async response => {
                     if (!response.ok) {
-                        throw new Error('Failed to save subscription data on server.');
+                        //throw new Error('Failed to save subscription data on server.');
+                        console.log('Failed to save subscription data on server.');
                     }
                     else {
                         console.log('Subscription data saved on server.');
diff --git a/components/PwaManagerNotifications.tsx b/components/PwaManagerNotifications.tsx
index 653f66e..8459061 100644
--- a/components/PwaManagerNotifications.tsx
+++ b/components/PwaManagerNotifications.tsx
@@ -102,7 +102,8 @@ function PwaManagerNotifications() {
                 body: JSON.stringify({ subscription: sub, id: session.user.id })
             }).then(async response => {
                 if (!response.ok) {
-                    throw new Error('Failed to save subscription data on server.');
+                    // throw new Error('Failed to save subscription data on server.');
+                    console.log('Failed to save subscription data on server.');
                 }
                 else {
                     console.log('Subscription data saved on server.');
diff --git a/pages/api/auth/[...nextauth].ts b/pages/api/auth/[...nextauth].ts
index 428f78e..2162848 100644
--- a/pages/api/auth/[...nextauth].ts
+++ b/pages/api/auth/[...nextauth].ts
@@ -72,10 +72,9 @@ export const authOptions: NextAuthOptions = {
         password: { label: "Парола", type: "password" }
       },
       async authorize(credentials, req) {
+
         const users = [
-          { id: "1", name: "admin", email: "admin@example.com", password: "admin123", role: "ADMIN", static: true },
-          { id: "2", name: "krasi", email: "krasi@example.com", password: "krasi123", role: "ADMIN", static: true },
-          { id: "3", name: "popov", email: "popov@example.com", password: "popov123", role: "ADMIN", static: true }
+          { id: "1", name: "admin", email: "admin@example.com", password: process.env.ADMIN_PASSWORD, role: "ADMIN", static: true }
         ];
 
         const user = users.find(user =>
@@ -83,6 +82,11 @@ export const authOptions: NextAuthOptions = {
         );
 
         if (user) {
+          const remoteIP = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
+          const userAgent = req.headers['user-agent'];
+          const message = "login form built-in admin account from ip:" + remoteIP + " user-agent:" + userAgent;
+          console.log(message);
+          logger.info(message);
           return user;
         }
         else {