From 1879fd2226d210407fbd4ed81a111376407fa78b Mon Sep 17 00:00:00 2001 From: yflory Date: Mon, 19 Feb 2024 18:15:05 +0100 Subject: [PATCH 1/4] Add configurable server option to log user address (off by default) --- config/config.example.js | 15 +++++++++++++++ lib/api.js | 1 + lib/env.js | 1 + lib/historyKeeper.js | 7 +++++++ lib/http-worker.js | 3 +++ lib/rpc.js | 5 +++++ 6 files changed, 32 insertions(+) diff --git a/config/config.example.js b/config/config.example.js index 4e4ddd46e..d6ebb4a50 100644 --- a/config/config.example.js +++ b/config/config.example.js @@ -139,6 +139,21 @@ module.exports = { */ //enforceMFA: false, + /* ===================== + * Privacy + * ===================== */ + + /* Depending on where your instance is hosted, you may be required to log IP + * addresses of the users who make a change to a document. This setting allows you + * to do so. You can configure the logging system below in this config file. + * Setting this value to true will include a log for each websocket connection + * including this connection's unique ID, the user public key and the IP. + * NOTE: this option requires a log level of "info" or below. + * + * defaults to false + */ + //logIP: false, + /* ===================== * Admin * ===================== */ diff --git a/lib/api.js b/lib/api.js index 3aae81c95..838e1633d 100644 --- a/lib/api.js +++ b/lib/api.js @@ -67,6 +67,7 @@ nThen(function (w) { .on('channelMessage', historyKeeper.channelMessage) .on('channelOpen', historyKeeper.channelOpen) .on('sessionClose', historyKeeper.sessionClose) + .on('sessionOpen', historyKeeper.sessionOpen) .on('error', function (error, label, info) { if (!error) { return; } var code = error && (error.code || error.message); diff --git a/lib/env.js b/lib/env.js index 1f95a3beb..8783bf35d 100644 --- a/lib/env.js +++ b/lib/env.js @@ -111,6 +111,7 @@ module.exports.create = function (config) { httpPort: isValidPort(config.httpPort)? config.httpPort: 3000, httpAddress: typeof(config.httpAddress) === 'string'? config.httpAddress: 'localhost', websocketPath: config.externalWebsocketURL, + logIP: config.logIP, OFFLINE_MODE: false, FRESH_KEY: '', diff --git a/lib/historyKeeper.js b/lib/historyKeeper.js index 786b1e50b..6d6ba56e0 100644 --- a/lib/historyKeeper.js +++ b/lib/historyKeeper.js @@ -121,6 +121,13 @@ module.exports.create = function (Env, cb) { reason: reason, }); }, + sessionOpen: function (userId, ip, oo) { + if (!Env.logIP) { return; } + Log.info('USER_CONNECTION', { + userId: userId, + ip: ip, + }); + }, directMessage: function (Server, seq, userId, json) { // netflux-server allows you to register an id with a handler // this handler is invoked every time someone sends a message to that id diff --git a/lib/http-worker.js b/lib/http-worker.js index b4e1f13ad..2ddf19849 100644 --- a/lib/http-worker.js +++ b/lib/http-worker.js @@ -198,6 +198,9 @@ const wsProxy = createProxyMiddleware({ target: proxyTarget.href, ws: true, logLevel: 'error', + onProxyReqWs: function (proxyReq, req, socket, options, head) { + proxyReq.setHeader('X-Real-Ip', req.socket.remoteAddress); + }, logProvider: (p) => { p.error = (data) => { if (/ECONNRESET/.test(data)) { return; } diff --git a/lib/rpc.js b/lib/rpc.js index 0dcc6ec1e..ba1f22b31 100644 --- a/lib/rpc.js +++ b/lib/rpc.js @@ -145,6 +145,8 @@ var rpc = function (Env, Server, userId, data, respond) { var signature = msg.shift(); var publicKey = msg.shift(); + var safeKey = Util.escapeKeyCharacters(publicKey); + var hadSession = Boolean(Env.Sessions[safeKey]); // make sure a user object is initialized in the cookie jar var session; @@ -182,6 +184,9 @@ var rpc = function (Env, Server, userId, data, respond) { if (err) { return void respond("INVALID_SIGNATURE_OR_PUBLIC_KEY"); } + if (command === 'COOKIE' && !hadSession && Env.logIP) { + Env.Log.info('NEW_RPC_SESSION', {userId: userId, publicKey: publicKey}); + } HK.authenticateNetfluxSession(Env, userId, publicKey); return void handleAuthenticatedMessage(Env, publicKey, msg, respond, Server); }); From 447a7e183cb6090ecff532f79f94a4759c2ca3fe Mon Sep 17 00:00:00 2001 From: yflory Date: Thu, 7 Mar 2024 10:58:25 +0100 Subject: [PATCH 2/4] Use latest chainpad-server and its updated events --- lib/historyKeeper.js | 9 ++++++++- package.json | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/lib/historyKeeper.js b/lib/historyKeeper.js index 6d6ba56e0..ad1e0d2cf 100644 --- a/lib/historyKeeper.js +++ b/lib/historyKeeper.js @@ -105,8 +105,15 @@ module.exports.create = function (Env, cb) { cb("ERESTRICTED", allowed); }); }, - sessionClose: function (userId, reason) { + sessionClose: function (userId, reason, ip) { HK.closeNetfluxSession(Env, userId); + if (Env.logIP) { + return void Log.info('USER_DISCONNECTED', { + userId: userId, + reason: reason, + ip: ip, + }); + } if (['BAD_MESSAGE', 'SEND_MESSAGE_FAIL_2'].indexOf(reason) !== -1) { if (reason && reason.code === 'ECONNRESET') { return; } return void Log.error('SESSION_CLOSE_WITH_ERROR', { diff --git a/package.json b/package.json index a3f6a090f..b0460c4d8 100644 --- a/package.json +++ b/package.json @@ -14,7 +14,7 @@ "dependencies": { "@mcrowe/minibloom": "^0.2.0", "chainpad-crypto": "^0.2.5", - "chainpad-server": "^5.1.0", + "chainpad-server": "^5.2.0", "cookie-parser": "^1.4.6", "body-parser": "^1.20.2", "express": "~4.18.2", From b902f281d742cf872e7acd97750050f4aeb9e4ee Mon Sep 17 00:00:00 2001 From: yflory Date: Thu, 7 Mar 2024 12:11:36 +0100 Subject: [PATCH 3/4] Don't log clean websocket disconnections --- lib/historyKeeper.js | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/lib/historyKeeper.js b/lib/historyKeeper.js index ad1e0d2cf..71bf9272e 100644 --- a/lib/historyKeeper.js +++ b/lib/historyKeeper.js @@ -107,11 +107,10 @@ module.exports.create = function (Env, cb) { }, sessionClose: function (userId, reason, ip) { HK.closeNetfluxSession(Env, userId); - if (Env.logIP) { - return void Log.info('USER_DISCONNECTED', { + if (Env.logIP && !['SOCKET_CLOSED', 'INACTIVITY'].includes(reason)) { + return void Log.info('USER_DISCONNECTED_ERROR', { userId: userId, - reason: reason, - ip: ip, + reason: reason }); } if (['BAD_MESSAGE', 'SEND_MESSAGE_FAIL_2'].indexOf(reason) !== -1) { @@ -122,7 +121,7 @@ module.exports.create = function (Env, cb) { }); } - if (['SOCKET_CLOSED', 'SOCKET_ERROR'].indexOf(reason)) { return; } + if (['SOCKET_CLOSED', 'SOCKET_ERROR'].includes(reason)) { return; } Log.verbose('SESSION_CLOSE_ROUTINE', { userId: userId, reason: reason, From 06daba5975ef725a77603e8d53a3dee2a9a39b00 Mon Sep 17 00:00:00 2001 From: yflory Date: Thu, 7 Mar 2024 12:12:02 +0100 Subject: [PATCH 4/4] Update package-lock --- package-lock.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index e08220dcc..57a1051ae 100644 --- a/package-lock.json +++ b/package-lock.json @@ -19,7 +19,7 @@ "chainpad-crypto": "^0.2.5", "chainpad-listmap": "^1.0.0", "chainpad-netflux": "^1.0.0", - "chainpad-server": "^5.1.0", + "chainpad-server": "^5.2.0", "ckeditor": "npm:ckeditor4@~4.22.1", "codemirror": "^5.19.0", "components-font-awesome": "^4.6.3", @@ -1054,9 +1054,9 @@ } }, "node_modules/chainpad-server": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/chainpad-server/-/chainpad-server-5.1.0.tgz", - "integrity": "sha512-BdjgOOLTXXo1EjQ7lURDe7oqsqfQISNvwhILfp3K3diY2K1hxpPLbjYzOSgxNOTADeOAff0xnInR5eUCESVWaQ==", + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/chainpad-server/-/chainpad-server-5.2.0.tgz", + "integrity": "sha512-WFbtzhuB636CAleuqH4e2CqmexNSOjXXE0t1Qd/4DIiHavxMy0/pd7CuOCTNr/MwD0eOd8dNm7/pFkRFL5f74A==", "dependencies": { "nthen": "0.1.8", "pull-stream": "^3.6.9",