From 26ead17e4c3682a93f64cca646b291b7ce6b195d Mon Sep 17 00:00:00 2001 From: nsfisis Date: Fri, 20 Feb 2026 21:58:17 +0900 Subject: feat(auth): add structured logging for login success and failure Add ClientIPMiddleware to extract client IP into context.Context, enabling structured log output with username, IP, and failure reason for login attempts. Change failed login log level from Error to Warn as authentication failures are expected events. Co-Authored-By: Claude Opus 4.6 --- backend/api/auth_middleware.go | 21 +++++++++++++++++++++ backend/api/handler.go | 6 +++++- 2 files changed, 26 insertions(+), 1 deletion(-) (limited to 'backend/api') diff --git a/backend/api/auth_middleware.go b/backend/api/auth_middleware.go index 94ef4e4..f2a3987 100644 --- a/backend/api/auth_middleware.go +++ b/backend/api/auth_middleware.go @@ -47,3 +47,24 @@ func GetUserFromContext(ctx context.Context) (*db.User, bool) { func SetUserInContext(ctx context.Context, user *db.User) context.Context { return context.WithValue(ctx, userContextKey{}, user) } + +type clientIPContextKey struct{} + +// ClientIPMiddleware extracts the client IP from echo.Context.RealIP() +// and stores it in the request's context.Context so that handlers +// receiving only context.Context (via generated code) can access it. +func ClientIPMiddleware() echo.MiddlewareFunc { + return func(next echo.HandlerFunc) echo.HandlerFunc { + return func(c echo.Context) error { + ip := c.RealIP() + ctx := context.WithValue(c.Request().Context(), clientIPContextKey{}, ip) + c.SetRequest(c.Request().WithContext(ctx)) + return next(c) + } + } +} + +func GetClientIPFromContext(ctx context.Context) string { + ip, _ := ctx.Value(clientIPContextKey{}).(string) + return ip +} diff --git a/backend/api/handler.go b/backend/api/handler.go index 74ffcf8..4105efc 100644 --- a/backend/api/handler.go +++ b/backend/api/handler.go @@ -51,9 +51,11 @@ func (r postLoginCookieResponse) VisitPostLoginResponse(w http.ResponseWriter) e func (h *Handler) PostLogin(ctx context.Context, request PostLoginRequestObject) (PostLoginResponseObject, error) { username := request.Body.Username password := request.Body.Password + ip := GetClientIPFromContext(ctx) + userID, err := h.auth.Login(ctx, username, password) if err != nil { - slog.Error("login failed", "error", err) + slog.Warn("login failed", "username", username, "ip", ip, "reason", err.Error()) var msg string if errors.Is(err, auth.ErrForteeLoginTimeout) { msg = "ログインに失敗しました" @@ -87,6 +89,8 @@ func (h *Handler) PostLogin(ctx context.Context, request PostLoginRequestObject) return nil, echo.NewHTTPError(http.StatusInternalServerError, err.Error()) } + slog.Info("login succeeded", "username", username, "user_id", dbUser.UserID, "ip", ip) + return postLoginCookieResponse{ cookie: http.Cookie{ Name: "albatross_session", -- cgit v1.3.1