feat: enhance login process with IP capture and improved error handling

- Implemented an internal mutation for login that captures the user's IP address and user agent for better security and tracking. - Enhanced the HTTP login endpoint to extract and log client IP, improving the overall authentication process. - Added validation for IP addresses to ensure only valid formats are recorded, enhancing data integrity. - Updated the login mutation to handle rate limiting and user status checks more effectively, providing clearer feedback on login attempts.
2025-11-04 03:26:34 -03:00
parent f278ad4d17
commit c6c88f85a7
11 changed files with 3531 additions and 70 deletions
--- a/packages/backend/convex/logsLogin.ts
+++ b/packages/backend/convex/logsLogin.ts
@@ -5,6 +5,35 @@ import { Doc, Id } from "./_generated/dataModel";
 /**
 * Helper para registrar tentativas de login
 */
+/**
+ * Valida se uma string é um IP válido
+ */
+function validarIP(ip: string | undefined): string | undefined {
+  if (!ip || ip.length < 7) return undefined; // IP mínimo: "1.1.1.1" = 7 chars
+  
+  // Validar IPv4
+  const ipv4Regex = /^(\d{1,3}\.){3}\d{1,3}$/;
+  if (ipv4Regex.test(ip)) {
+    const parts = ip.split('.');
+    if (parts.length === 4 && parts.every(part => {
+      const num = parseInt(part, 10);
+      return !isNaN(num) && num >= 0 && num <= 255;
+    })) {
+      return ip;
+    }
+  }
+  
+  // Validar IPv6 básico
+  const ipv6Regex = /^([0-9a-fA-F]{0,4}:){2,7}[0-9a-fA-F]{0,4}$|^::[0-9a-fA-F]{0,4}(:[0-9a-fA-F]{0,4}){0,6}$|^[0-9a-fA-F]{0,4}::[0-9a-fA-F]{0,4}(:[0-9a-fA-F]{0,4}){0,5}$/;
+  if (ipv6Regex.test(ip)) {
+    return ip;
+  }
+  
+  // IP inválido - não salvar
+  console.warn(`IP inválido detectado e ignorado: "${ip}"`);
+  return undefined;
+}
+
 export async function registrarLogin(
  ctx: MutationCtx,
  dados: {
@@ -21,12 +50,15 @@ export async function registrarLogin(
  const browser = dados.userAgent ? extrairBrowser(dados.userAgent) : undefined;
  const sistema = dados.userAgent ? extrairSistema(dados.userAgent) : undefined;

+  // Validar e sanitizar IP antes de salvar
+  const ipAddressValidado = validarIP(dados.ipAddress);
+
  await ctx.db.insert("logsLogin", {
    usuarioId: dados.usuarioId,
    matriculaOuEmail: dados.matriculaOuEmail,
    sucesso: dados.sucesso,
    motivoFalha: dados.motivoFalha,
-    ipAddress: dados.ipAddress,
+    ipAddress: ipAddressValidado,
    userAgent: dados.userAgent,
    device,
    browser,