2 files changed, 26 insertions, 1 deletions

diff --git a/backend/api/auth_middleware.go b/backend/api/auth_middleware.go
index 94ef4e4..f2a3987 100644
--- a/backend/api/auth_middleware.go
+++ b/backend/api/auth_middleware.go
@@ -47,3 +47,24 @@ func GetUserFromContext(ctx context.Context) (*db.User, bool) {
 func SetUserInContext(ctx context.Context, user *db.User) context.Context {
 	return context.WithValue(ctx, userContextKey{}, user)
 }
+
+type clientIPContextKey struct{}
+
+// ClientIPMiddleware extracts the client IP from echo.Context.RealIP()
+// and stores it in the request's context.Context so that handlers
+// receiving only context.Context (via generated code) can access it.
+func ClientIPMiddleware() echo.MiddlewareFunc {
+	return func(next echo.HandlerFunc) echo.HandlerFunc {
+		return func(c echo.Context) error {
+			ip := c.RealIP()
+			ctx := context.WithValue(c.Request().Context(), clientIPContextKey{}, ip)
+			c.SetRequest(c.Request().WithContext(ctx))
+			return next(c)
+		}
+	}
+}
+
+func GetClientIPFromContext(ctx context.Context) string {
+	ip, _ := ctx.Value(clientIPContextKey{}).(string)
+	return ip
+}
diff --git a/backend/api/handler.go b/backend/api/handler.go
index 74ffcf8..4105efc 100644
--- a/backend/api/handler.go
+++ b/backend/api/handler.go
@@ -51,9 +51,11 @@ func (r postLoginCookieResponse) VisitPostLoginResponse(w http.ResponseWriter) e
 func (h *Handler) PostLogin(ctx context.Context, request PostLoginRequestObject) (PostLoginResponseObject, error) {
 	username := request.Body.Username
 	password := request.Body.Password
+	ip := GetClientIPFromContext(ctx)
+
 	userID, err := h.auth.Login(ctx, username, password)
 	if err != nil {
-		slog.Error("login failed", "error", err)
+		slog.Warn("login failed", "username", username, "ip", ip, "reason", err.Error())
 		var msg string
 		if errors.Is(err, auth.ErrForteeLoginTimeout) {
 			msg = "ログインに失敗しました"
@@ -87,6 +89,8 @@ func (h *Handler) PostLogin(ctx context.Context, request PostLoginRequestObject)
 		return nil, echo.NewHTTPError(http.StatusInternalServerError, err.Error())
 	}
 
+	slog.Info("login succeeded", "username", username, "user_id", dbUser.UserID, "ip", ip)
+
 	return postLoginCookieResponse{
 		cookie: http.Cookie{
 			Name:     "albatross_session",