Add IP, user-agent, and full titles to all auth ntfy notifications

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-23 08:44:04 -07:00
parent 5e79a66f2d
commit 1204e0c1b2
1 changed files with 12 additions and 8 deletions
--- a/backend/app/routers/auth.py
+++ b/backend/app/routers/auth.py
@@ -31,7 +31,7 @@ COOKIE_OPTS = {


@router.post("/register", response_model=TokenResponse, status_code=status.HTTP_201_CREATED)
-async def register(body: RegisterRequest, response: Response, db: AsyncSession = Depends(get_db)):
+async def register(body: RegisterRequest, response: Response, request: Request, db: AsyncSession = Depends(get_db)):
    existing = await db.execute(select(User).where(User.email == body.email))
    if existing.scalar_one_or_none():
        raise HTTPException(status_code=400, detail="Email already registered")
@@ -59,9 +59,11 @@ async def register(body: RegisterRequest, response: Response, db: AsyncSession =
    refresh = create_refresh_token({"sub": str(user.id)})
    response.set_cookie(REFRESH_COOKIE, refresh, **COOKIE_OPTS)

+    ip = request.headers.get("X-Forwarded-For", request.client.host if request.client else "unknown").split(",")[0].strip()
+    ua = request.headers.get("User-Agent", "unknown")
    await notify(
-        title="New User Registered",
-        message=f"{body.full_name} ({body.email})",
+        title="Homeschool Dashboard New User Registered",
+        message=f"Name: {body.full_name}\nEmail: {body.email}\nIP: {ip}\nUA: {ua}",
        priority="default",
        tags=["bust_in_silhouette"],
    )
@@ -74,20 +76,22 @@ _LOGIN_LOCKOUT_MINUTES = 15


@router.post("/login", response_model=TokenResponse)
-async def login(body: LoginRequest, response: Response, db: AsyncSession = Depends(get_db)):
+async def login(body: LoginRequest, response: Response, request: Request, db: AsyncSession = Depends(get_db)):
    result = await db.execute(select(User).where(User.email == body.email))
    user = result.scalar_one_or_none()
    if not user:
        raise HTTPException(status_code=401, detail="Invalid credentials")

    now = datetime.now(timezone.utc).replace(tzinfo=None)
+    ip = request.headers.get("X-Forwarded-For", request.client.host if request.client else "unknown").split(",")[0].strip()
+    ua = request.headers.get("User-Agent", "unknown")

    if user.locked_until and user.locked_until > now:
        remaining = int((user.locked_until - now).total_seconds() / 60) + 1
        logger.warning("Locked account login attempt for email=%s", body.email)
        await notify(
-            title="Login Attempt on Locked Account",
-            message=f"{body.email} — locked for {remaining} more minute(s)",
+            title="Homeschool Dashboard Login Attempt on Locked Account",
+            message=f"Email: {body.email}\nLocked for {remaining} more minute(s)\nIP: {ip}\nUA: {ua}",
            priority="high",
            tags=["lock"],
        )
@@ -103,8 +107,8 @@ async def login(body: LoginRequest, response: Response, db: AsyncSession = Depen
            user.locked_until = now + timedelta(minutes=_LOGIN_LOCKOUT_MINUTES)
            logger.warning("Account locked for email=%s after %d failed attempts", body.email, user.failed_login_attempts)
            await notify(
-                title="Account Locked",
-                message=f"{body.email} locked after {user.failed_login_attempts} failed attempts",
+                title="Homeschool Dashboard Account Locked",
+                message=f"Email: {body.email}\nLocked after {user.failed_login_attempts} failed attempts\nIP: {ip}\nUA: {ua}",
                priority="urgent",
                tags=["warning"],
            )