popov/mwitnessing
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tightening local accounts security. added logging

Browse Source
This commit is contained in:
Dobromir Popov
2024-06-03 18:44:13 +03:00
parent 89370bdca9
commit c320822ee5
7 changed files with 16 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
pages/api/auth/[...nextauth].ts
View File

@ -72,10 +72,9 @@ export const authOptions: NextAuthOptions = {
password: { label: "Парола", type: "password" }
},
async authorize(credentials, req) {
const users = [
{ id: "1", name: "admin", email: "admin@example.com", password: "admin123", role: "ADMIN", static: true },
{ id: "2", name: "krasi", email: "krasi@example.com", password: "krasi123", role: "ADMIN", static: true },
{ id: "3", name: "popov", email: "popov@example.com", password: "popov123", role: "ADMIN", static: true }
{ id: "1", name: "admin", email: "admin@example.com", password: process.env.ADMIN_PASSWORD, role: "ADMIN", static: true }
];
const user = users.find(user =>
@ -83,6 +82,11 @@ export const authOptions: NextAuthOptions = {
);
if (user) {
const remoteIP = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
const userAgent = req.headers['user-agent'];
const message = "login form built-in admin account from ip:" + remoteIP + " user-agent:" + userAgent;
console.log(message);
logger.info(message);
return user;
}
else {