Added auth failure event firing

hahomdal · Oct 23, 2014 · 8f20622 · 8f20622
1 parent 81e4bc2
commit 8f20622
Show file tree

Hide file tree

Showing 6 changed files with 41 additions and 1 deletion.
diff --git a/event_system.go b/event_system.go
@@ -17,6 +17,7 @@ const (
 const (
 	EVENT_QuotaExceeded TykEvent = "QuotaExceeded"
 	EVENT_RateLimitExceeded TykEvent = "RatelimitExceeded"
+	EVENT_AuthFailure TykEvent = "AuthFailure"
 )
 
 // EventMetaDefault is a standard embedded struct to be used with custom event metadata types, gives an interface for
@@ -41,6 +42,14 @@ type EVENT_RateLimitExceededMeta struct {
 	Key string
 }
 
+// EVENT_RateLimitExceededMeta is the metadata structure for a rate limit exceeded event (EVENT_QuotaExceeded)
+type EVENT_AuthFailureMeta struct {
+	EventMetaDefault
+	Path string
+	Origin string
+	Key string
+}
+
 // EventMessage is a standard form to send event data to handlers
 type EventMessage struct {
 	EventType TykEvent

diff --git a/middleware_auth_key.go b/middleware_auth_key.go
@@ -60,6 +60,9 @@ func (k *AuthKey) ProcessRequest(w http.ResponseWriter, r *http.Request, configu
 			"key":    authHeaderValue,
 		}).Info("Attempted access with non-existent key.")
 
+		// Fire Authfailed Event
+		AuthFailed(k.TykMiddleware, r, authHeaderValue)
+
 		return errors.New("Key not authorised"), 403
 	}
 
@@ -71,3 +74,13 @@ func (k *AuthKey) ProcessRequest(w http.ResponseWriter, r *http.Request, configu
 
 	return nil, 200
 }
+
+func AuthFailed (m TykMiddleware, r *http.Request, authHeaderValue string) {
+	go m.FireEvent(EVENT_AuthFailure,
+		EVENT_AuthFailureMeta{
+		EventMetaDefault: EventMetaDefault{Message: "Auth Failure"},
+		Path: r.URL.Path,
+		Origin: r.RemoteAddr,
+		Key: authHeaderValue,
+	})
+}
diff --git a/middleware_basic_auth_check.go b/middleware_basic_auth_check.go
@@ -82,6 +82,10 @@ func (k *BasicAuthKeyIsValid) ProcessRequest(w http.ResponseWriter, r *http.Requ
 			"key":    keyName,
 		}).Info("Attempted access with non-existent user.")
 
+		// Fire Authfailed Event
+		AuthFailed(k.TykMiddleware, r, authHeaderValue)
+
+
 		return errors.New("User not authorised"), 403
 	}
 
@@ -93,6 +97,9 @@ func (k *BasicAuthKeyIsValid) ProcessRequest(w http.ResponseWriter, r *http.Requ
 			"key":    keyName,
 		}).Info("Attempted access with existing user but failed password check.")
 
+		// Fire Authfailed Event
+		AuthFailed(k.TykMiddleware, r, authHeaderValue)
+
 		return errors.New("User not authorised"), 403
 	}
 

diff --git a/middleware_check_HMAC_signature.go b/middleware_check_HMAC_signature.go
@@ -167,6 +167,9 @@ func (hm *HMACMiddleware) ProcessRequest(w http.ResponseWriter, r *http.Request,
 			"origin": r.RemoteAddr,
 		}).Info("Request signature is invalid")
 
+		// Fire Authfailed Event
+		AuthFailed(hm.TykMiddleware, r, keyId)
+
 		return errors.New("Request signature is invalid"), 400
 	}
 

diff --git a/middleware_ip_whitelist.go b/middleware_ip_whitelist.go
@@ -45,17 +45,22 @@ func (i *IPWhiteListMiddleware) ProcessRequest(w http.ResponseWriter, r *http.Re
 		return nil, 200
 	}
 
+	var remoteIP net.IP
+
 	// Enabled, check incoming IP address
 	for _, ip := range(ipConfig.AllowedIPs) {
 		allowedIP := net.ParseIP(ip)
-		remoteIP := net.ParseIP(r.RemoteAddr)
+		remoteIP = net.ParseIP(r.RemoteAddr)
 		// We parse the IP to manage IPv4 and IPv6 easily
 		if allowedIP.String() == remoteIP.String() {
 			// matched, pass through
 			return nil, 200
 		}
 	}
 
+	// Fire Authfailed Event
+	AuthFailed(i.TykMiddleware, r, remoteIP.String())
+
 	// Not matched, fail
 	return errors.New("Access from this IP has been disallowed"), 403
 }

diff --git a/middleware_oauth2_key_exists.go b/middleware_oauth2_key_exists.go
@@ -57,6 +57,9 @@ func (k *Oauth2KeyExists) ProcessRequest(w http.ResponseWriter, r *http.Request,
 			"key":    accessToken,
 		}).Info("Attempted access with non-existent key.")
 
+		// Fire Authfailed Event
+		AuthFailed(k.TykMiddleware, r, accessToken)
+
 		return errors.New("Key not authorised"), 403
 	}