From 76cf1bb0d53c5f394e69860bb1325b0e6a3551bc Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Wed, 30 Apr 2025 18:21:47 +0100
Subject: [PATCH] log IP address for account locks :troll:

---
 admin/http.go | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/admin/http.go b/admin/http.go
index 76eb5f2..245a152 100644
--- a/admin/http.go
+++ b/admin/http.go
@@ -283,7 +283,7 @@ func loginHandler(app *model.AppState) http.Handler {
         err = bcrypt.CompareHashAndPassword([]byte(account.Password), []byte(password))
         if err != nil {
             app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" attempted login with incorrect password. (%s)", account.Username, controller.ResolveIP(app, r))
-            if locked := handleFailedLogin(app, account); locked {
+            if locked := handleFailedLogin(app, account, r); locked {
                 controller.SetSessionError(app.DB, session, "Too many failed attempts. This account is now locked.")
             } else {
                 controller.SetSessionError(app.DB, session, "Invalid username or password.")
@@ -389,7 +389,7 @@ func loginTOTPHandler(app *model.AppState) http.Handler {
         }
         if totpMethod == nil {
             app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" failed login (Incorrect TOTP). (%s)", session.AttemptAccount.Username, controller.ResolveIP(app, r))
-            if locked := handleFailedLogin(app, session.AttemptAccount); locked {
+            if locked := handleFailedLogin(app, session.AttemptAccount, r); locked {
                 controller.SetSessionError(app.DB, session, "Too many failed attempts. This account is now locked.")
                 controller.SetSessionAttemptAccount(app.DB, session, nil)
                 http.Redirect(w, r, "/admin", http.StatusFound)
@@ -514,7 +514,7 @@ func enforceSession(app *model.AppState, next http.Handler) http.Handler {
     })
 }
 
-func handleFailedLogin(app *model.AppState, account *model.Account) bool {
+func handleFailedLogin(app *model.AppState, account *model.Account, r *http.Request) bool {
     locked, err := controller.IncrementAccountFails(app.DB, account.ID)
     if err != nil {
         fmt.Fprintf(
@@ -532,9 +532,10 @@ func handleFailedLogin(app *model.AppState, account *model.Account) bool {
     if locked {
         app.Log.Warn(
             log.TYPE_ACCOUNT,
-            "Account \"%s\" was locked: %d failed login attempts",
+            "Account \"%s\" was locked: %d failed login attempts (IP: %s)",
             account.Username,
             model.MAX_LOGIN_FAIL_ATTEMPTS,
+            controller.ResolveIP(app, r),
         )
     }
     return locked