From bfbe059505f5dba9e43bf86fb8910373aa880228 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20K=C3=B6ssler?= <info@timokoessler.de>
Date: Tue, 16 Jan 2024 12:24:28 +0100
Subject: [PATCH] Log IP address on failed login attempts

---
 src/pages/api/auth/login.ts | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/pages/api/auth/login.ts b/src/pages/api/auth/login.ts
index e1007b3c..6dba9faa 100644
--- a/src/pages/api/auth/login.ts
+++ b/src/pages/api/auth/login.ts
@@ -16,8 +16,10 @@ import {
 import { getUserByUsername } from 'queries';
 import * as yup from 'yup';
 import { ROLES } from 'lib/constants';
+import { getIpAddress } from 'lib/detect';
 
 const log = debug('umami:auth');
+const logFailed = debug('umami:auth:failed');
 
 export interface LoginRequestBody {
   username: string;
@@ -68,6 +70,7 @@ export default async (
     }
 
     log('Login failed:', { username, user });
+    logFailed(`Login from ip ${getIpAddress(req)} failed.`);
 
     return unauthorized(res, 'message.incorrect-username-password');
   }