[Prod] Add instrumentation to login attempts

2023-10-10 17:00:59 +02:00 · 2023-10-10 17:00:59 +02:00 · e3256bb313
commit e3256bb313
parent 728a8caa60
2 changed files with 8 additions and 1 deletions
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -5,15 +5,18 @@ class SessionsController < ApplicationController

  def create
    if RateLimiter.check_limit("login:#{request.remote_ip}", 15, 12.hours)
+      DanbooruLogger.add_attributes("user.login" => "rate_limited")
      return redirect_to(new_session_path, :notice => "Username/Password was incorrect")
    end
    session_creator = SessionCreator.new(session, cookies, params[:name], params[:password], request.remote_ip, params[:remember], request.ssl?)

    if session_creator.authenticate
      url = params[:url] if params[:url] && params[:url].start_with?("/") && !params[:url].start_with?("//")
+      DanbooruLogger.add_attributes("user.login" => "success")
      redirect_to(url || posts_path, :notice => "You are now logged in")
    else
      RateLimiter.hit("login:#{request.remote_ip}", 6.hours)
+      DanbooruLogger.add_attributes("user.login" => "fail")
      redirect_to(new_session_path, :notice => "Username/Password was incorrect")
    end
  end
--- a/app/logical/danbooru_logger.rb
+++ b/app/logical/danbooru_logger.rb
@ -13,8 +13,12 @@ class DanbooruLogger
  end

  def self.initialize(user, remote_ip)
+    add_attributes("user.id" => user.id, "user.name" => user.name, "user.ip" => remote_ip)
+  end
+
+  def self.add_attributes(**)
    return unless defined?(::NewRelic)

-    ::NewRelic::Agent.add_custom_attributes({ "user.id" => user.id, "user.name" => user.name, "user.ip" => remote_ip })
+    ::NewRelic::Agent.add_custom_attributes(**)
  end
 end