gitlab-org--gitlab-foss/config/initializers/rack_attack_logging.rb

# frozen_string_literal: true
#
# Adds logging for all Rack Attack blocks and throttling events.

ActiveSupport::Notifications.subscribe('rack.attack') do |name, start, finish, request_id, req|
  if [:throttle, :blacklist].include? req.env['rack.attack.match_type']
    rack_attack_info = {
      message: 'Rack_Attack',
      env: req.env['rack.attack.match_type'],
      ip: req.ip,
      request_method: req.request_method,
      fullpath: req.fullpath
    }

    if %w(throttle_authenticated_api throttle_authenticated_web).include? req.env['rack.attack.matched']
      user_id = req.env['rack.attack.match_discriminator']
      user = User.find_by(id: user_id)

      rack_attack_info[:user_id] = user_id
      rack_attack_info[:username] = user.username unless user.nil?
    end

    Gitlab::AuthLogger.error(rack_attack_info)
  end
end
Changes RackAttack logger to use structured logs Creates a new filename to register auth logs. This change should allow SRE's queries to make better queries through logging infrastructure. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54528 2019-05-23 20:45:02 -04:00			`# frozen_string_literal: true`
			`#`
Add logging for rack attack events 2016-11-18 13:45:52 -05:00			`# Adds logging for all Rack Attack blocks and throttling events.`

			`ActiveSupport::Notifications.subscribe('rack.attack') do \|name, start, finish, request_id, req\|`
			`if [:throttle, :blacklist].include? req.env['rack.attack.match_type']`
Include user id and username in auth log Fetches user based on the value of 'rack.attack.match_discriminator' Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/62756 2019-07-02 15:48:06 -04:00			`rack_attack_info = {`
Changes RackAttack logger to use structured logs Creates a new filename to register auth logs. This change should allow SRE's queries to make better queries through logging infrastructure. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54528 2019-05-23 20:45:02 -04:00			`message: 'Rack_Attack',`
			`env: req.env['rack.attack.match_type'],`
			`ip: req.ip,`
			`request_method: req.request_method,`
			`fullpath: req.fullpath`
Include user id and username in auth log Fetches user based on the value of 'rack.attack.match_discriminator' Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/62756 2019-07-02 15:48:06 -04:00			`}`

Limit user information to RackAttack throttles rack.attack.match_discriminator is only return on throttle_authenticated_api or throttle_authenticated_web requests, so we're avoiding logging user_id on blacklist requests Follow up of https://gitlab.com/gitlab-org/gitlab-ce/issues/62756 2019-07-08 23:58:49 -04:00			`if %w(throttle_authenticated_api throttle_authenticated_web).include? req.env['rack.attack.matched']`
Include user id and username in auth log Fetches user based on the value of 'rack.attack.match_discriminator' Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/62756 2019-07-02 15:48:06 -04:00			`user_id = req.env['rack.attack.match_discriminator']`
			`user = User.find_by(id: user_id)`

			`rack_attack_info[:user_id] = user_id`
			`rack_attack_info[:username] = user.username unless user.nil?`
			`end`

			`Gitlab::AuthLogger.error(rack_attack_info)`
Add logging for rack attack events 2016-11-18 13:45:52 -05:00			`end`
			`end`