fix: adding coderabbit suggestions

pushpinderbal · pushpinderbal · commit 4ebdffa6b147 · 2026-01-11T22:19:40.000-05:00
diff --git a/.env.example b/.env.example
@@ -26,6 +26,7 @@ TINYAUTH_LOG_STREAMS_APP_LEVEL="info"
 TINYAUTH_LOG_STREAMS_HTTP_ENABLED="true"
 TINYAUTH_LOG_STREAMS_HTTP_LEVEL="info"
 TINYAUTH_LOG_STREAMS_AUDIT_ENABLED="false"
+TINYAUTH_LOG_STREAMS_AUDIT_LEVEL="info"
 
 # Server Configuration
 
diff --git a/config.example.yaml b/config.example.yaml
@@ -20,11 +20,14 @@ log:
   json: false
   streams:
     app:
+      enabled: true
       level: "warn"
     http:
+      enabled: true
       level: "debug"
     audit:
       enabled: false
+      level: "info"
 
 # Server Configuration
 server:
diff --git a/internal/controller/oauth_controller.go b/internal/controller/oauth_controller.go
@@ -155,6 +155,7 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
 
 	if !controller.auth.IsEmailWhitelisted(user.Email) {
 		tlog.App.Warn().Str("email", user.Email).Msg("Email not whitelisted")
+		tlog.AuditLoginFailure(c, user.Email, req.Provider, "email not whitelisted")
 
 		queries, err := query.Values(config.UnauthorizedQuery{
 			Username: user.Email,
diff --git a/internal/controller/user_controller.go b/internal/controller/user_controller.go
@@ -67,7 +67,7 @@ func (controller *UserController) loginHandler(c *gin.Context) {
 
 	if isLocked {
 		tlog.App.Warn().Str("username", req.Username).Msg("Account is locked due to too many failed login attempts")
-		tlog.AuditLoginFailure(c, req.Username, "username")
+		tlog.AuditLoginFailure(c, req.Username, "username", "account locked")
 		c.Writer.Header().Add("x-tinyauth-lock-locked", "true")
 		c.Writer.Header().Add("x-tinyauth-lock-reset", time.Now().Add(time.Duration(remaining)*time.Second).Format(time.RFC3339))
 		c.JSON(429, gin.H{
@@ -82,7 +82,7 @@ func (controller *UserController) loginHandler(c *gin.Context) {
 	if userSearch.Type == "unknown" {
 		tlog.App.Warn().Str("username", req.Username).Msg("User not found")
 		controller.auth.RecordLoginAttempt(req.Username, false)
-		tlog.AuditLoginFailure(c, req.Username, "username")
+		tlog.AuditLoginFailure(c, req.Username, "username", "user not found")
 		c.JSON(401, gin.H{
 			"status":  401,
 			"message": "Unauthorized",
@@ -93,7 +93,7 @@ func (controller *UserController) loginHandler(c *gin.Context) {
 	if !controller.auth.VerifyUser(userSearch, req.Password) {
 		tlog.App.Warn().Str("username", req.Username).Msg("Invalid password")
 		controller.auth.RecordLoginAttempt(req.Username, false)
-		tlog.AuditLoginFailure(c, req.Username, "username")
+		tlog.AuditLoginFailure(c, req.Username, "username", "invalid password")
 		c.JSON(401, gin.H{
 			"status":  401,
 			"message": "Unauthorized",
@@ -235,7 +235,7 @@ func (controller *UserController) totpHandler(c *gin.Context) {
 	if !ok {
 		tlog.App.Warn().Str("username", context.Username).Msg("Invalid TOTP code")
 		controller.auth.RecordLoginAttempt(context.Username, false)
-		tlog.AuditLoginFailure(c, context.Username, "totp")
+		tlog.AuditLoginFailure(c, context.Username, "totp", "invalid totp code")
 		c.JSON(401, gin.H{
 			"status":  401,
 			"message": "Unauthorized",
diff --git a/internal/service/oauth_broker_service.go b/internal/service/oauth_broker_service.go
@@ -49,7 +49,7 @@ func (broker *OAuthBrokerService) Init() error {
 	for name, service := range broker.services {
 		err := service.Init()
 		if err != nil {
-			tlog.App.Error().Err(err).Msgf("Failed to initialize OAuth service: %T", name)
+			tlog.App.Error().Err(err).Msgf("Failed to initialize OAuth service: %s", name)
 			return err
 		}
 		tlog.App.Info().Str("service", name).Msg("Initialized OAuth service")
diff --git a/internal/utils/tlog/log_audit.go b/internal/utils/tlog/log_audit.go
@@ -12,7 +12,7 @@ func AuditLoginSuccess(c *gin.Context, username, provider string) {
 		Send()
 }
 
-func AuditLoginFailure(c *gin.Context, username, provider string) {
+func AuditLoginFailure(c *gin.Context, username, provider string, reason string) {
 	Audit.Warn().
 		Str("event", "login").
 		Str("result", "failure").

Original file line number	Diff line number	Diff line change
`@@ -49,7 +49,7 @@ func (broker *OAuthBrokerService) Init() error {`
`49`	`49`	`for name, service := range broker.services {`
`50`	`50`	`err := service.Init()`
`51`	`51`	`if err != nil {`
`52`		`- tlog.App.Error().Err(err).Msgf("Failed to initialize OAuth service: %T", name)`
	`52`	`+ tlog.App.Error().Err(err).Msgf("Failed to initialize OAuth service: %s", name)`
`53`	`53`	`return err`
`54`	`54`	`}`
`55`	`55`	`tlog.App.Info().Str("service", name).Msg("Initialized OAuth service")`
Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@ func AuditLoginSuccess(c *gin.Context, username, provider string) {`
`12`	`12`	`Send()`
`13`	`13`	`}`
`14`	`14`
`15`		`-func AuditLoginFailure(c *gin.Context, username, provider string) {`
	`15`	`+func AuditLoginFailure(c *gin.Context, username, provider string, reason string) {`
`16`	`16`	`Audit.Warn().`
`17`	`17`	`Str("event", "login").`
`18`	`18`	`Str("result", "failure").`