feat: log login/logout events to event log with auth source

2026-05-09 09:25:23 -04:00
parent a4a6c1e3d9
commit 8646f68957
1 changed files with 9 additions and 0 deletions
@@ -589,6 +589,7 @@ async def start(
        if user is None:
            return web.json_response({"error": "Invalid credentials"}, status=401)
        token = users_mod.create_session(username)
+        eventlog("hbd", "INFO", f"Login: {username} via api")
        resp = web.json_response({"token": token, "username": username})
        resp.set_cookie(
            SESSION_COOKIE,
@@ -612,6 +613,7 @@ async def start(
            user = users_mod.authenticate(username, password)
            if user:
                token = users_mod.create_session(username)
+                eventlog("hbd", "INFO", f"Login: {username} via password")
                redirect_to = request.rel_url.query.get("next", "/")
                resp = web.HTTPFound(redirect_to)
                resp.set_cookie(
@@ -685,7 +687,10 @@ async def start(
    async def web_logout(request):
        """GET /logout — clear session cookie and redirect to /login."""
        token = request.cookies.get(SESSION_COOKIE, "")
+        _user = users_mod.get_session_user(token)
        users_mod.delete_session(token)
+        if _user:
+            eventlog("hbd", "INFO", f"Logout: {_user.username}")
        resp = web.HTTPFound("/login")
        resp.del_cookie(SESSION_COOKIE)
        raise resp
@@ -693,7 +698,10 @@ async def start(
    async def api_logout(request):
        """POST /api/0/auth/logout"""
        token = _get_token(request)
+        _user = users_mod.get_session_user(token)
        users_mod.delete_session(token)
+        if _user:
+            eventlog("hbd", "INFO", f"Logout: {_user.username}")
        resp = web.json_response({"success": True})
        resp.del_cookie(SESSION_COOKIE)
        return resp
@@ -969,6 +977,7 @@ async def start(
            profile["avatar_url"],
        )
        session_token = users_mod.create_session(user.username)
+        eventlog("hbd", "INFO", f"Login: {user.username} via {provider.type}")
        resp = web.HTTPFound("/")
        resp.set_cookie(
            SESSION_COOKIE,