Merge pull request #10 from LibreSign/chore/log-unauthorized-accessxz

chore: log unauthorized access
LibreSign · Nov 13, 2024 · d9dfa09 · d9dfa09
2 parents 7c96958 + 21246c4
commit d9dfa09
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -16,6 +16,18 @@ Available features:
 	occ app:enable admin_group_manager
 	occ app:enable groupquota
 	```
+- Allowed IP
+
+	By security, this API only receive requests from a specific IP.
+	- Run a tail with grep to watch by the word "Unauthorized access".
+		```bash
+		tail -f data/nextcloud.log|grep "Unauthorized access"
+		```
+	- Do a request to API endpoint and go back to terminal to check the logs and get the IP.
+	- With the IP, run the follow command:
+		```bash
+		occ config:system:set admin_group_manager_allowed_ip --value <theIdentifiedIp>
+		```
 
 ## Performance improving
 Systemd service

diff --git a/lib/Middleware/InjectionMiddleware.php b/lib/Middleware/InjectionMiddleware.php
@@ -16,12 +16,14 @@
 use OCP\AppFramework\OCS\OCSException;
 use OCP\IConfig;
 use OCP\IRequest;
+use Psr\Log\LoggerInterface;
 
 class InjectionMiddleware extends Middleware {
 
 	public function __construct(
 		private IRequest $request,
 		private IConfig $config,
+		private LoggerInterface $logger,
 	) {
 		$this->request = $request;
 	}
@@ -49,6 +51,7 @@ private function restrictIp(): void {
 		$ip = $this->request->getRemoteAddress();
 		$allowed = $this->config->getSystemValue('admin_group_manager_allowed_ip');
 		if ($allowed !== $ip) {
+			$this->logger->error('Unauthorized access to API', ['IP' => $ip]);
 			throw new OCSException('', Http::STATUS_UNAUTHORIZED);
 		}
 	}