From 0f4209dc285c5282b27f9b23bcc36b50e235cb46 Mon Sep 17 00:00:00 2001
From: Milos Stojanovic <alcalbg@gmail.com>
Date: Thu, 18 Feb 2021 09:39:44 +0100
Subject: [PATCH] logger added instead of huge exception in security service,
 fixes #183

---
 backend/Services/Security/Security.php | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/backend/Services/Security/Security.php b/backend/Services/Security/Security.php
index c740210..b264d4f 100644
--- a/backend/Services/Security/Security.php
+++ b/backend/Services/Security/Security.php
@@ -13,6 +13,7 @@ namespace Filegator\Services\Security;
 use Filegator\Kernel\Request;
 use Filegator\Kernel\Response;
 use Filegator\Services\Service;
+use Filegator\Services\Logger\LoggerInterface;
 use Symfony\Component\Security\Csrf\CsrfToken;
 use Symfony\Component\Security\Csrf\CsrfTokenManager;
 
@@ -25,10 +26,13 @@ class Security implements Service
 
     protected $response;
 
-    public function __construct(Request $request, Response $response)
+    protected $logger;
+
+    public function __construct(Request $request, Response $response, LoggerInterface $logger)
     {
         $this->request = $request;
         $this->response = $response;
+        $this->logger = $logger;
     }
 
     public function init(array $config = [])
@@ -46,7 +50,8 @@ class Security implements Service
                 $token = new CsrfToken($key, $this->request->headers->get('X-CSRF-Token'));
 
                 if (! $csrfManager->isTokenValid($token)) {
-                    throw new \Exception('Csrf token not valid');
+                    $this->logger->log("Csrf token not valid");
+                    die;
                 }
             }
         }
@@ -63,6 +68,7 @@ class Security implements Service
             if (! $pass) {
                 $this->response->setStatusCode(403);
                 $this->response->send();
+                $this->logger->log("Forbidden - IP not found in allowlist ".$this->request->getClientIp());
                 die;
             }
         }
@@ -79,6 +85,7 @@ class Security implements Service
             if (! $pass) {
                 $this->response->setStatusCode(403);
                 $this->response->send();
+                $this->logger->log("Forbidden - IP matched against denylist ".$this->request->getClientIp());
                 die;
             }
         }