gitlab-org--gitlab-foss/config/initializers/rack_attack_logging.rb

# frozen_string_literal: true
#
# Adds logging for all Rack Attack blocks and throttling events.

ActiveSupport::Notifications.subscribe(/rack_attack/) do |name, start, finish, request_id, payload|
  req = payload[:request]

  if [:throttle, :blocklist].include? req.env['rack.attack.match_type']
    rack_attack_info = {
      message: 'Rack_Attack',
      env: req.env['rack.attack.match_type'],
      remote_ip: req.ip,
      request_method: req.request_method,
      path: req.fullpath
    }

    throttles_with_user_information = [
      :throttle_authenticated_api,
      :throttle_authenticated_web,
      :throttle_authenticated_protected_paths_api,
      :throttle_authenticated_protected_paths_web
    ]

    if throttles_with_user_information.include? req.env['rack.attack.matched'].to_sym
      user_id = req.env['rack.attack.match_discriminator']
      user = User.find_by(id: user_id)

      rack_attack_info[:throttle_type] = req.env['rack.attack.matched']
      rack_attack_info[:user_id] = user_id
      rack_attack_info[:username] = user.username unless user.nil?
    end

    Gitlab::AuthLogger.error(rack_attack_info)
  end
end
Changes RackAttack logger to use structured logs Creates a new filename to register auth logs. This change should allow SRE's queries to make better queries through logging infrastructure. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54528 2019-05-23 20:45:02 -04:00			`# frozen_string_literal: true`
			`#`
Add logging for rack attack events 2016-11-18 13:45:52 -05:00			`# Adds logging for all Rack Attack blocks and throttling events.`

Add latest changes from gitlab-org/gitlab@master 2019-10-27 05:05:56 -04:00			`ActiveSupport::Notifications.subscribe(/rack_attack/) do \|name, start, finish, request_id, payload\|`
			`req = payload[:request]`

			`if [:throttle, :blocklist].include? req.env['rack.attack.match_type']`
Include user id and username in auth log Fetches user based on the value of 'rack.attack.match_discriminator' Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/62756 2019-07-02 15:48:06 -04:00			`rack_attack_info = {`
Changes RackAttack logger to use structured logs Creates a new filename to register auth logs. This change should allow SRE's queries to make better queries through logging infrastructure. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54528 2019-05-23 20:45:02 -04:00			`message: 'Rack_Attack',`
			`env: req.env['rack.attack.match_type'],`
Standardize remote_ip and path keys for auth.log and api_json.log Current `auth.log` uses `fullpath` and `ip`, while `api_json.log` uses `remote_ip` and `path` for the same fields. Let's standardize these namings to make it easier for people working with the data. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66167 2019-08-20 14:12:28 -04:00			`remote_ip: req.ip,`
Changes RackAttack logger to use structured logs Creates a new filename to register auth logs. This change should allow SRE's queries to make better queries through logging infrastructure. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54528 2019-05-23 20:45:02 -04:00			`request_method: req.request_method,`
Standardize remote_ip and path keys for auth.log and api_json.log Current `auth.log` uses `fullpath` and `ip`, while `api_json.log` uses `remote_ip` and `path` for the same fields. Let's standardize these namings to make it easier for people working with the data. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66167 2019-08-20 14:12:28 -04:00			`path: req.fullpath`
Include user id and username in auth log Fetches user based on the value of 'rack.attack.match_discriminator' Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/62756 2019-07-02 15:48:06 -04:00			`}`

Add latest changes from gitlab-org/gitlab@master 2019-09-26 17:06:29 -04:00			`throttles_with_user_information = [`
			`:throttle_authenticated_api,`
			`:throttle_authenticated_web,`
			`:throttle_authenticated_protected_paths_api,`
			`:throttle_authenticated_protected_paths_web`
			`]`

			`if throttles_with_user_information.include? req.env['rack.attack.matched'].to_sym`
Include user id and username in auth log Fetches user based on the value of 'rack.attack.match_discriminator' Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/62756 2019-07-02 15:48:06 -04:00			`user_id = req.env['rack.attack.match_discriminator']`
			`user = User.find_by(id: user_id)`

Add latest changes from gitlab-org/gitlab@master 2019-09-26 17:06:29 -04:00			`rack_attack_info[:throttle_type] = req.env['rack.attack.matched']`
Include user id and username in auth log Fetches user based on the value of 'rack.attack.match_discriminator' Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/62756 2019-07-02 15:48:06 -04:00			`rack_attack_info[:user_id] = user_id`
			`rack_attack_info[:username] = user.username unless user.nil?`
			`end`

			`Gitlab::AuthLogger.error(rack_attack_info)`
Add logging for rack attack events 2016-11-18 13:45:52 -05:00			`end`
			`end`