popov/mwitnessing
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tightening local accounts security. added logging

Browse Source
This commit is contained in:
Dobromir Popov
2024-06-03 18:44:13 +03:00
parent 89370bdca9
commit c320822ee5
7 changed files with 16 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.env
View File

@ -11,6 +11,7 @@ NODE_ENV=development
DATABASE=mysql://cart:cartpw@localhost:3306/cart DATABASE=mysql://cart:cartpw@localhost:3306/cart
# DATABASE=mysql://cart:cartpw@192.168.0.10:3306/cart_dev # DATABASE=mysql://cart:cartpw@192.168.0.10:3306/cart_dev
NEXT_PUBLIC_PUBLIC_URL=https://localhost:3003 NEXT_PUBLIC_PUBLIC_URL=https://localhost:3003
ADMIN_PASSWORD=123456
# // owner: dobromir.popov@gmail.com | Специално Свидетелстване София # // owner: dobromir.popov@gmail.com | Специално Свидетелстване София
# // https://console.cloud.google.com/apis/credentials/oauthclient/926212607479-d3m8hm8f8esp3rf1639prskn445sa01v.apps.googleusercontent.com?project=grand-forge-108716 # // https://console.cloud.google.com/apis/credentials/oauthclient/926212607479-d3m8hm8f8esp3rf1639prskn445sa01v.apps.googleusercontent.com?project=grand-forge-108716

1
_deploy/deoloy.azure.production.yml
View File

@ -18,6 +18,7 @@ services:
- GIT_BRANCH=production - GIT_BRANCH=production
- GIT_USERNAME=deploy - GIT_USERNAME=deploy
- GIT_PASSWORD=L3Kr2R438u4F7 - GIT_PASSWORD=L3Kr2R438u4F7
- ADMIN_PASSWORD=changeme
command: sh -c " cd /app && npm install && npm run prod; tail -f /dev/null" command: sh -c " cd /app && npm install && npm run prod; tail -f /dev/null"
#command: sh -c " cd /app && tail -f /dev/null" #command: sh -c " cd /app && tail -f /dev/null"
tty: true tty: true

1
_deploy/deoloy.azure.staging.yml
View File

@ -15,6 +15,7 @@ services:
- GIT_BRANCH=main - GIT_BRANCH=main
- GIT_USERNAME=deploy - GIT_USERNAME=deploy
- GIT_PASSWORD=L3Kr2R438u4F7 - GIT_PASSWORD=L3Kr2R438u4F7
- ADMIN_PASSWORD=kolichkisofia2024
command: sh -c " cd /app && npm install && npx next build && npm run start-env; tail -f /dev/null" command: sh -c " cd /app && npm install && npx next build && npm run start-env; tail -f /dev/null"
tty: true tty: true
stdin_open: true stdin_open: true

2
_doc/ToDo.md
View File

@ -250,6 +250,7 @@ in schedule admin - if a publisher is always pair & family is not in the shift -
[] invalidate one/all user sessions [] invalidate one/all user sessions
[] log deletions [] log deletions
[] add user permissions [with logging when used] [] add user permissions [with logging when used]
[] ? store sessions in DB ?
[] improve reports page(s) [] improve reports page(s)
@ -261,3 +262,4 @@ in schedule admin - if a publisher is always pair & family is not in the shift -
[] allow blocking of inputs (different from publishing) [] allow blocking of inputs (different from publishing)
[] user - add createdAt field [] user - add createdAt field
[] FIX insecure logins

3
components/PwaManager.tsx
View File

@ -141,7 +141,8 @@ function PwaManager({ subs }) {
body: JSON.stringify({ subscription: sub, id: session.user.id }) body: JSON.stringify({ subscription: sub, id: session.user.id })
}).then(async response => { }).then(async response => {
if (!response.ok) { if (!response.ok) {
throw new Error('Failed to save subscription data on server.'); //throw new Error('Failed to save subscription data on server.');
console.log('Failed to save subscription data on server.');
} }
else { else {
console.log('Subscription data saved on server.'); console.log('Subscription data saved on server.');

3
components/PwaManagerNotifications.tsx
View File

@ -102,7 +102,8 @@ function PwaManagerNotifications() {
body: JSON.stringify({ subscription: sub, id: session.user.id }) body: JSON.stringify({ subscription: sub, id: session.user.id })
}).then(async response => { }).then(async response => {
if (!response.ok) { if (!response.ok) {
throw new Error('Failed to save subscription data on server.'); // throw new Error('Failed to save subscription data on server.');
console.log('Failed to save subscription data on server.');
} }
else { else {
console.log('Subscription data saved on server.'); console.log('Subscription data saved on server.');

10
pages/api/auth/[...nextauth].ts
View File

@ -72,10 +72,9 @@ export const authOptions: NextAuthOptions = {
password: { label: "Парола", type: "password" } password: { label: "Парола", type: "password" }
}, },
async authorize(credentials, req) { async authorize(credentials, req) {
const users = [ const users = [
{ id: "1", name: "admin", email: "admin@example.com", password: "admin123", role: "ADMIN", static: true }, { id: "1", name: "admin", email: "admin@example.com", password: process.env.ADMIN_PASSWORD, role: "ADMIN", static: true }
{ id: "2", name: "krasi", email: "krasi@example.com", password: "krasi123", role: "ADMIN", static: true },
{ id: "3", name: "popov", email: "popov@example.com", password: "popov123", role: "ADMIN", static: true }
]; ];
const user = users.find(user => const user = users.find(user =>
@ -83,6 +82,11 @@ export const authOptions: NextAuthOptions = {
); );
if (user) { if (user) {
const remoteIP = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
const userAgent = req.headers['user-agent'];
const message = "login form built-in admin account from ip:" + remoteIP + " user-agent:" + userAgent;
console.log(message);
logger.info(message);
return user; return user;
} }
else { else {