-
Notifications
You must be signed in to change notification settings - Fork 56
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
refactor(api): add monitoring on /api/token route
- Loading branch information
Showing
4 changed files
with
83 additions
and
1 deletion.
There are no files selected for viewing
20 changes: 20 additions & 0 deletions
20
api/src/identity-access-management/application/monitor-pre-handlers.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| import { logger } from '../../shared/infrastructure/utils/logger.js'; | ||
| import { generateHash } from '../infrastructure/utils/crypto.js'; | ||
|
|
||
| async function monitorApiTokenRoute(request, h, dependencies = { logger }) { | ||
| const { username, refresh_token, grant_type, scope } = request.payload; | ||
|
|
||
| if (grant_type === 'password') { | ||
| const hash = generateHash(username); | ||
| dependencies.logger.warn({ hash, grant_type, scope }, 'Authentication attempt'); | ||
| } else if (grant_type === 'refresh_token') { | ||
| const hash = generateHash(refresh_token); | ||
| dependencies.logger.warn({ hash, grant_type, scope }, 'Authentication attempt'); | ||
| } else { | ||
| dependencies.logger.warn(request.payload, 'Authentication attempt with unknown method'); | ||
| } | ||
|
|
||
| return true; | ||
| } | ||
|
|
||
| export const monitorPreHandlers = { monitorApiTokenRoute }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
9 changes: 9 additions & 0 deletions
9
api/src/identity-access-management/infrastructure/utils/crypto.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| import crypto from 'node:crypto'; | ||
|
|
||
| export function generateHash(data) { | ||
| if (!data) return null; | ||
|
|
||
| const hash = crypto.createHash('sha256'); | ||
| hash.update(data); | ||
| return hash.digest('hex'); | ||
| } |
52 changes: 52 additions & 0 deletions
52
api/tests/identity-access-management/unit/application/monitor-pre-handlers.test.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| import { monitorPreHandlers } from '../../../../src/identity-access-management/application/monitor-pre-handlers.js'; | ||
| import { generateHash } from '../../../../src/identity-access-management/infrastructure/utils/crypto.js'; | ||
| import { expect, hFake, sinon } from '../../../test-helper.js'; | ||
|
|
||
| describe('Unit | Identity Access Management | Application | monitor-pre-handlers', function () { | ||
| describe('#monitorApiTokenRoute', function () { | ||
| it('logs authentication attempt with grant type password', function () { | ||
| // given | ||
| const username = '[email protected]'; | ||
| const grant_type = 'password'; | ||
| const scope = 'pix-app'; | ||
| const hash = generateHash(username); | ||
| const logger = { warn: sinon.stub() }; | ||
| const request = { payload: { grant_type, username, scope } }; | ||
|
|
||
| // when | ||
| monitorPreHandlers.monitorApiTokenRoute(request, hFake, { logger }); | ||
|
|
||
| // then | ||
| expect(logger.warn).to.have.been.calledWith({ hash, grant_type, scope }, 'Authentication attempt'); | ||
| }); | ||
|
|
||
| it('logs authentication attempt with grant type refresh token', async function () { | ||
| // given | ||
| const refresh_token = '123'; | ||
| const grant_type = 'refresh_token'; | ||
| const scope = 'pix-app'; | ||
| const hash = generateHash(refresh_token); | ||
| const logger = { warn: sinon.stub() }; | ||
| const request = { payload: { grant_type, refresh_token, scope } }; | ||
|
|
||
| // when | ||
| monitorPreHandlers.monitorApiTokenRoute(request, hFake, { logger }); | ||
|
|
||
| // then | ||
| expect(logger.warn).to.have.been.calledWith({ hash, grant_type, scope }, 'Authentication attempt'); | ||
| }); | ||
|
|
||
| it('logs authentication attempt with grant type unknown', async function () { | ||
| // given | ||
| const grant_type = 'unknown'; | ||
| const logger = { warn: sinon.stub() }; | ||
| const request = { payload: { foo: 'bar', grant_type } }; | ||
|
|
||
| // when | ||
| monitorPreHandlers.monitorApiTokenRoute(request, hFake, { logger }); | ||
|
|
||
| // then | ||
| expect(logger.warn).to.have.been.calledWith(request.payload, 'Authentication attempt with unknown method'); | ||
| }); | ||
| }); | ||
| }); |