Merged in feature/SW-3539-log-number-of-logins (pull request #3284)

feat(SW-3539): count number of logins * feat(SW-3539): count number of logins Approved-by: Anton Gunnarsson
2025-12-03 09:50:59 +00:00
parent 99497488f3
commit a016e18e4a
3 changed files with 21 additions and 0 deletions
--- a/apps/partner-sas/app/api/web/auth/callback/curity/route.ts
+++ b/apps/partner-sas/app/api/web/auth/callback/curity/route.ts
@@ -5,6 +5,7 @@ import { createLogger } from "@scandic-hotels/common/logger/createLogger"

 import { env } from "@/env/server"

+import { signInCounter } from "@/auth"
 import { getToken } from "@/auth/scandic/getToken"
 import { createSocialSession } from "@/auth/scandic/session"

@@ -13,14 +14,17 @@ export async function GET(req: NextRequest) {
  const code = req.nextUrl.searchParams.get("code")
  const state = req.nextUrl.searchParams.get("state")
  const savedState = req.cookies.get("oauth_state")?.value
+  const counter = signInCounter.init({ type: "curity" })

  if (!code || !state) {
    logger.error("Missing code or state", { url: req.nextUrl.toString() })
+    counter.fail("missing code or state")
    throw new Error("Missing code or state, auth failed")
  }

  if (!savedState) {
    logger.error("No saved state cookie", { url: req.nextUrl.toString() })
+    counter.fail("missing state mismatch")
    throw new Error("Missing saved oauth state, auth failed")
  }

@@ -30,6 +34,7 @@ export async function GET(req: NextRequest) {
      saved: savedState,
      url: req.nextUrl.toString(),
    })
+    counter.fail("state mismatch")
    throw new Error("Invalid state, possible CSRF")
  }

@@ -43,6 +48,8 @@ export async function GET(req: NextRequest) {
    expires_in: tokenResponse.expires_in,
  })

+  counter.success()
+
  const c = await cookies()
  c.delete({ name: "oauth_state", path: "/" })