diff --git a/hbd/server/http.py b/hbd/server/http.py index ef28d84..a95b087 100644 --- a/hbd/server/http.py +++ b/hbd/server/http.py @@ -589,6 +589,7 @@ async def start( if user is None: return web.json_response({"error": "Invalid credentials"}, status=401) token = users_mod.create_session(username) + eventlog("hbd", "INFO", f"Login: {username} via api") resp = web.json_response({"token": token, "username": username}) resp.set_cookie( SESSION_COOKIE, @@ -612,6 +613,7 @@ async def start( user = users_mod.authenticate(username, password) if user: token = users_mod.create_session(username) + eventlog("hbd", "INFO", f"Login: {username} via password") redirect_to = request.rel_url.query.get("next", "/") resp = web.HTTPFound(redirect_to) resp.set_cookie( @@ -685,7 +687,10 @@ async def start( async def web_logout(request): """GET /logout — clear session cookie and redirect to /login.""" token = request.cookies.get(SESSION_COOKIE, "") + _user = users_mod.get_session_user(token) users_mod.delete_session(token) + if _user: + eventlog("hbd", "INFO", f"Logout: {_user.username}") resp = web.HTTPFound("/login") resp.del_cookie(SESSION_COOKIE) raise resp @@ -693,7 +698,10 @@ async def start( async def api_logout(request): """POST /api/0/auth/logout""" token = _get_token(request) + _user = users_mod.get_session_user(token) users_mod.delete_session(token) + if _user: + eventlog("hbd", "INFO", f"Logout: {_user.username}") resp = web.json_response({"success": True}) resp.del_cookie(SESSION_COOKIE) return resp @@ -969,6 +977,7 @@ async def start( profile["avatar_url"], ) session_token = users_mod.create_session(user.username) + eventlog("hbd", "INFO", f"Login: {user.username} via {provider.type}") resp = web.HTTPFound("/") resp.set_cookie( SESSION_COOKIE,