Register stats on app initiated user logout

keliramu · keliramu · commit 61aa782f4ed4 · 2024-12-16T19:47:39.000+02:00
Signed-off-by: keliramu &lt;ramunas.keliuotis@nordsec.com&gt;
diff --git a/auth/auth.go b/auth/auth.go
@@ -69,6 +69,7 @@ type RenewingChecker struct {
 	creds               core.CredentialsAPI
 	expChecker          expirationChecker
 	mfaPub              events.Publisher[bool]
+	logoutPub           events.Publisher[events.DataAuthorization]
 	errPub              events.Publisher[error]
 	mu                  sync.Mutex
 	accountUpdateEvents *daemonevents.AccountUpdateEvents
@@ -78,6 +79,7 @@ type RenewingChecker struct {
 func NewRenewingChecker(cm config.Manager,
 	creds core.CredentialsAPI,
 	mfaPub events.Publisher[bool],
+	logoutPub events.Publisher[events.DataAuthorization],
 	errPub events.Publisher[error],
 	accountUpdateEvents *daemonevents.AccountUpdateEvents,
 ) *RenewingChecker {
@@ -86,6 +88,7 @@ func NewRenewingChecker(cm config.Manager,
 		creds:               creds,
 		expChecker:          systemTimeExpirationChecker{},
 		mfaPub:              mfaPub,
+		logoutPub:           logoutPub,
 		errPub:              errPub,
 		accountUpdateEvents: accountUpdateEvents,
 	}
@@ -204,7 +207,7 @@ func (r *RenewingChecker) renew(uid int64, data config.TokenData) error {
 			if errors.Is(err, core.ErrUnauthorized) ||
 				errors.Is(err, core.ErrNotFound) ||
 				errors.Is(err, core.ErrBadRequest) {
-				return r.cm.SaveWith(Logout(uid))
+				return r.cm.SaveWith(Logout(uid, r.logoutPub))
 			}
 			return nil
 		}
@@ -213,7 +216,7 @@ func (r *RenewingChecker) renew(uid int64, data config.TokenData) error {
 			if errors.Is(err, core.ErrUnauthorized) ||
 				errors.Is(err, core.ErrNotFound) ||
 				errors.Is(err, core.ErrBadRequest) {
-				return r.cm.SaveWith(Logout(uid))
+				return r.cm.SaveWith(Logout(uid, r.logoutPub))
 			}
 			return nil
 		}
@@ -222,7 +225,7 @@ func (r *RenewingChecker) renew(uid int64, data config.TokenData) error {
 				if errors.Is(err, core.ErrUnauthorized) ||
 					errors.Is(err, core.ErrNotFound) ||
 					errors.Is(err, core.ErrBadRequest) {
-					return r.cm.SaveWith(Logout(uid))
+					return r.cm.SaveWith(Logout(uid, r.logoutPub))
 				}
 			}
 		}
@@ -240,7 +243,7 @@ func (r *RenewingChecker) renew(uid int64, data config.TokenData) error {
 			if errors.Is(err, core.ErrUnauthorized) ||
 				errors.Is(err, core.ErrNotFound) ||
 				errors.Is(err, core.ErrBadRequest) {
-				return r.cm.SaveWith(Logout(uid))
+				return r.cm.SaveWith(Logout(uid, r.logoutPub))
 			}
 		}
 
@@ -401,8 +404,13 @@ func saveIdempotencyKey(userID int64, data config.TokenData) config.SaveFunc {
 }
 
 // Logout the user.
-func Logout(user int64) config.SaveFunc {
+func Logout(user int64, logoutPub events.Publisher[events.DataAuthorization]) config.SaveFunc {
 	return func(c config.Config) config.Config {
+		if logoutPub != nil {
+			// register stats instant logout with status success
+			logoutPub.Publish(events.DataAuthorization{
+				DurationMs: 0, EventTrigger: events.TriggerApp, EventStatus: events.StatusSuccess})
+		}
 		delete(c.TokensData, user)
 		return c
 	}
diff --git a/auth/auth_test.go b/auth/auth_test.go
@@ -110,6 +110,12 @@ func (p *mockBoolPublisher) Publish(b bool) {
 	p.enabled = b
 }
 
+type mockAuthPublisher struct {
+}
+
+func (p *mockAuthPublisher) Publish(events.DataAuthorization) {
+}
+
 type mockErrPublisher struct {
 	err error
 }
@@ -128,6 +134,7 @@ func TestIsMFAEnabled(t *testing.T) {
 		cm        config.Manager
 		api       core.CredentialsAPI
 		mfaPub    events.Publisher[bool]
+		loutPub   events.Publisher[events.DataAuthorization]
 		errPub    events.Publisher[error]
 		isEnabled bool
 		err       error
@@ -137,6 +144,7 @@ func TestIsMFAEnabled(t *testing.T) {
 			cm:        &authConfigManager{},
 			api:       &authAPI{mfaResp: core.MultifactorAuthStatusResponse{Status: internal.MFAEnabledStatusName}},
 			mfaPub:    &mockBoolPublisher{},
+			loutPub:   &mockAuthPublisher{},
 			errPub:    &mockErrPublisher{},
 			isEnabled: true,
 			err:       nil,
@@ -146,6 +154,7 @@ func TestIsMFAEnabled(t *testing.T) {
 			cm:        &authConfigManager{},
 			api:       &authAPI{mfaResp: core.MultifactorAuthStatusResponse{Status: "not enabled"}},
 			mfaPub:    &mockBoolPublisher{},
+			loutPub:   &mockAuthPublisher{},
 			errPub:    &mockErrPublisher{},
 			isEnabled: false,
 			err:       nil,
@@ -155,6 +164,7 @@ func TestIsMFAEnabled(t *testing.T) {
 			cm:        &authConfigManager{loadErr: configError},
 			api:       &authAPI{mfaResp: core.MultifactorAuthStatusResponse{Status: "not enabled"}},
 			mfaPub:    &mockBoolPublisher{},
+			loutPub:   &mockAuthPublisher{},
 			errPub:    &mockErrPublisher{},
 			isEnabled: false,
 			err:       configError,
@@ -164,6 +174,7 @@ func TestIsMFAEnabled(t *testing.T) {
 			cm:        &authConfigManager{},
 			api:       &authAPI{mfaResp: core.MultifactorAuthStatusResponse{Status: "not enabled"}, err: apiError},
 			mfaPub:    &mockBoolPublisher{},
+			loutPub:   &mockAuthPublisher{},
 			errPub:    &mockErrPublisher{},
 			isEnabled: false,
 			err:       apiError,
@@ -172,7 +183,7 @@ func TestIsMFAEnabled(t *testing.T) {
 
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			rc := NewRenewingChecker(test.cm, test.api, test.mfaPub, test.errPub, daemonevents.NewAccountUpdateEvents())
+			rc := NewRenewingChecker(test.cm, test.api, test.mfaPub, test.loutPub, test.errPub, daemonevents.NewAccountUpdateEvents())
 			enabled, err := rc.isMFAEnabled()
 			assert.Equal(t, test.isEnabled, enabled)
 
@@ -252,6 +263,7 @@ func TestIsVPNExpired(t *testing.T) {
 				test.cm,
 				test.api,
 				&mockBoolPublisher{},
+				&mockAuthPublisher{},
 				&mockErrPublisher{},
 				&daemonevents.AccountUpdateEvents{SubscriptionUpdate: test.accPub},
 			)
diff --git a/cmd/daemon/main.go b/cmd/daemon/main.go
@@ -421,6 +421,7 @@ func main() {
 		fsystem,
 		defaultAPI,
 		daemonEvents.User.MFA,
+		daemonEvents.User.Logout,
 		errSubject,
 		accountUpdateEvents,
 	)
diff --git a/daemon/rpc_account.go b/daemon/rpc_account.go
@@ -116,7 +116,7 @@ func (r *RPC) AccountInfo(ctx context.Context, _ *pb.Empty) (*pb.AccountResponse
 		log.Println(internal.ErrorPrefix, "retrieving user:", err)
 		switch {
 		case errors.Is(err, core.ErrUnauthorized):
-			if err := r.cm.SaveWith(auth.Logout(cfg.AutoConnectData.ID)); err != nil {
+			if err := r.cm.SaveWith(auth.Logout(cfg.AutoConnectData.ID, r.events.User.Logout)); err != nil {
 				return &pb.AccountResponse{
 					Type: internal.CodeConfigError,
 				}, nil
diff --git a/daemon/servers.go b/daemon/servers.go
@@ -475,7 +475,7 @@ func selectServer(r *RPC, insights *core.Insights, cfg config.Config, tag string
 		log.Println(internal.ErrorPrefix, "picking servers:", err)
 		switch {
 		case errors.Is(err, core.ErrUnauthorized):
-			if err := r.cm.SaveWith(auth.Logout(cfg.AutoConnectData.ID)); err != nil {
+			if err := r.cm.SaveWith(auth.Logout(cfg.AutoConnectData.ID, r.events.User.Logout)); err != nil {
 				return nil, false, err
 			}
 			return nil, false, internal.ErrNotLoggedIn
diff --git a/meshnet/server.go b/meshnet/server.go
diff --git a/meshnet/server_test.go b/meshnet/server_test.go

Original file line number	Diff line number	Diff line change
`@@ -421,6 +421,7 @@ func main() {`
`421`	`421`	`fsystem,`
`422`	`422`	`defaultAPI,`
`423`	`423`	`daemonEvents.User.MFA,`
	`424`	`+ daemonEvents.User.Logout,`
`424`	`425`	`errSubject,`
`425`	`426`	`accountUpdateEvents,`
`426`	`427`	`)`
Original file line number	Diff line number	Diff line change
`@@ -475,7 +475,7 @@ func selectServer(r RPC, insights core.Insights, cfg config.Config, tag string`
`475`	`475`	`log.Println(internal.ErrorPrefix, "picking servers:", err)`
`476`	`476`	`switch {`
`477`	`477`	`case errors.Is(err, core.ErrUnauthorized):`
`478`		`- if err := r.cm.SaveWith(auth.Logout(cfg.AutoConnectData.ID)); err != nil {`
	`478`	`+ if err := r.cm.SaveWith(auth.Logout(cfg.AutoConnectData.ID, r.events.User.Logout)); err != nil {`
`479`	`479`	`return nil, false, err`
`480`	`480`	`}`
`481`	`481`	`return nil, false, internal.ErrNotLoggedIn`