From 279b04f5b205149e66984934c7717ad091dbba4c Mon Sep 17 00:00:00 2001
From: Denis Bykhov <bykhov.denis@gmail.com>
Date: Tue, 18 Jun 2024 10:15:08 +0500
Subject: [PATCH] Extra logs for auth providers (#5840)

Signed-off-by: Denis Bykhov <bykhov.denis@gmail.com>
---
 pods/authProviders/src/github.ts |   5 +-
 pods/authProviders/src/google.ts |   5 +-
 server/account/src/operations.ts | 157 +++++++++++++++++--------------
 3 files changed, 92 insertions(+), 75 deletions(-)

diff --git a/pods/authProviders/src/github.ts b/pods/authProviders/src/github.ts
index 35c9dc6b45..3f06938752 100644
--- a/pods/authProviders/src/github.ts
+++ b/pods/authProviders/src/github.ts
@@ -35,6 +35,7 @@ export function registerGithub (
 
   router.get('/auth/github', async (ctx, next) => {
     const state = ctx.query?.inviteId
+    measureCtx.info('try auth via', { provider: 'github' })
     passport.authenticate('github', { scope: ['user:email'], session: true, state })(ctx, next)
   })
 
@@ -45,6 +46,7 @@ export function registerGithub (
       try {
         const email = ctx.state.user.emails?.[0]?.value ?? `github:${ctx.state.user.username}`
         const [first, last] = ctx.state.user.displayName?.split(' ') ?? [ctx.state.user.username, '']
+        measureCtx.info('Provider auth handler', { email, type: 'github' })
         if (email !== undefined) {
           if (ctx.query?.state != null) {
             const loginInfo = await joinWithProvider(
@@ -71,11 +73,12 @@ export function registerGithub (
               ctx.session.loginInfo = loginInfo
             }
           }
+          measureCtx.info('Success auth, redirect', { email, type: 'github' })
           // Successful authentication, redirect to your application
           ctx.redirect(concatLink(frontUrl, '/login/auth'))
         }
       } catch (err: any) {
-        measureCtx.error('failed to auth', err)
+        measureCtx.error('failed to auth', { err, type: 'github', user: ctx.state?.user })
       }
       await next()
     }
diff --git a/pods/authProviders/src/google.ts b/pods/authProviders/src/google.ts
index 4734aff1bf..2c445ed5a2 100644
--- a/pods/authProviders/src/google.ts
+++ b/pods/authProviders/src/google.ts
@@ -35,6 +35,7 @@ export function registerGoogle (
 
   router.get('/auth/google', async (ctx, next) => {
     const state = ctx.query?.inviteId
+    measureCtx.info('try auth via', { provider: 'google' })
     passport.authenticate('google', { scope: ['profile', 'email'], session: true, state })(ctx, next)
   })
 
@@ -45,6 +46,7 @@ export function registerGoogle (
       const email = ctx.state.user.emails?.[0]?.value
       const first = ctx.state.user.name.givenName
       const last = ctx.state.user.name.familyName
+      measureCtx.info('Provider auth handler', { email, type: 'google' })
       if (email !== undefined) {
         try {
           if (ctx.query?.state != null) {
@@ -69,9 +71,10 @@ export function registerGoogle (
           }
 
           // Successful authentication, redirect to your application
+          measureCtx.info('Success auth, redirect', { email, type: 'google' })
           ctx.redirect(concatLink(frontUrl, '/login/auth'))
         } catch (err: any) {
-          measureCtx.error('failed to auth', err)
+          measureCtx.error('failed to auth', { err, type: 'google', user: ctx.state?.user })
         }
       }
       await next()
diff --git a/server/account/src/operations.ts b/server/account/src/operations.ts
index 170ee32789..b15dc4ef75 100644
--- a/server/account/src/operations.ts
+++ b/server/account/src/operations.ts
@@ -2064,35 +2064,61 @@ export async function joinWithProvider (
   inviteId: ObjectId,
   extra?: Record<string, string>
 ): Promise<WorkspaceLoginInfo | LoginInfo> {
-  const email = cleanEmail(_email)
-  const invite = await getInvite(db, inviteId)
-  const workspace = await checkInvite(ctx, invite, email)
-  if (last == null) {
-    last = ''
-  }
-  let account = await getAccount(db, email)
-  if (account == null && extra !== undefined) {
-    account = await getAccountByQuery(db, extra)
-  }
-  if (account !== null) {
-    // we should clean password if account is not confirmed
-    if (account.confirmed === false) {
-      await updatePassword(db, account, null)
+  try {
+    const email = cleanEmail(_email)
+    const invite = await getInvite(db, inviteId)
+    const workspace = await checkInvite(ctx, invite, email)
+    if (last == null) {
+      last = ''
     }
-
-    const token = generateToken(email, getWorkspaceId('', productId), getExtra(account))
-    const ws = await getWorkspaceById(db, productId, workspace.name)
-
-    if (ws?.accounts.includes(account._id) ?? false) {
-      const result = {
-        endpoint: getEndpoint(),
-        email,
-        token
+    let account = await getAccount(db, email)
+    if (account == null && extra !== undefined) {
+      account = await getAccountByQuery(db, extra)
+    }
+    if (account !== null) {
+      // we should clean password if account is not confirmed
+      if (account.confirmed === false) {
+        await updatePassword(db, account, null)
       }
+
+      const token = generateToken(email, getWorkspaceId('', productId), getExtra(account))
+      const ws = await getWorkspaceById(db, productId, workspace.name)
+
+      if (ws?.accounts.includes(account._id) ?? false) {
+        const result = {
+          endpoint: getEndpoint(),
+          email,
+          token
+        }
+        return result
+      }
+
+      const wsRes = await assignWorkspace(
+        ctx,
+        db,
+        productId,
+        branding,
+        email,
+        workspace.name,
+        invite?.role ?? AccountRole.User,
+        invite?.personId
+      )
+      const result = await selectWorkspace(
+        ctx,
+        db,
+        productId,
+        branding,
+        token,
+        wsRes.workspaceUrl ?? wsRes.workspace,
+        false
+      )
+
+      await useInvite(db, inviteId)
       return result
     }
-
-    const wsRes = await assignWorkspace(
+    const newAccount = await createAcc(ctx, db, productId, branding, email, null, first, last, true, extra)
+    const token = generateToken(email, getWorkspaceId('', productId), getExtra(newAccount))
+    const ws = await assignWorkspace(
       ctx,
       db,
       productId,
@@ -2102,37 +2128,16 @@ export async function joinWithProvider (
       invite?.role ?? AccountRole.User,
       invite?.personId
     )
-    const result = await selectWorkspace(
-      ctx,
-      db,
-      productId,
-      branding,
-      token,
-      wsRes.workspaceUrl ?? wsRes.workspace,
-      false
-    )
+    const result = await selectWorkspace(ctx, db, productId, branding, token, ws.workspaceUrl ?? ws.workspace, false)
 
     await useInvite(db, inviteId)
+
     return result
+  } catch (err: any) {
+    Analytics.handleError(err)
+    ctx.error('joinWithProvider error', { email: _email, ...extra, err })
+    throw err
   }
-
-  const newAccount = await createAcc(ctx, db, productId, branding, email, null, first, last, true, extra)
-  const token = generateToken(email, getWorkspaceId('', productId), getExtra(newAccount))
-  const ws = await assignWorkspace(
-    ctx,
-    db,
-    productId,
-    branding,
-    email,
-    workspace.name,
-    invite?.role ?? AccountRole.User,
-    invite?.personId
-  )
-  const result = await selectWorkspace(ctx, db, productId, branding, token, ws.workspaceUrl ?? ws.workspace, false)
-
-  await useInvite(db, inviteId)
-
-  return result
 }
 
 export async function loginWithProvider (
@@ -2145,34 +2150,40 @@ export async function loginWithProvider (
   last: string,
   extra?: Record<string, string>
 ): Promise<LoginInfo> {
-  const email = cleanEmail(_email)
-  if (last == null) {
-    last = ''
-  }
-  let account = await getAccount(db, email)
-  if (account == null && extra !== undefined) {
-    account = await getAccountByQuery(db, extra)
-  }
-  if (account !== null) {
-    // we should clean password if account is not confirmed
-    if (account.confirmed === false) {
-      await updatePassword(db, account, null)
+  try {
+    const email = cleanEmail(_email)
+    if (last == null) {
+      last = ''
     }
+    let account = await getAccount(db, email)
+    if (account == null && extra !== undefined) {
+      account = await getAccountByQuery(db, extra)
+    }
+    if (account !== null) {
+      // we should clean password if account is not confirmed
+      if (account.confirmed === false) {
+        await updatePassword(db, account, null)
+      }
+      const result = {
+        endpoint: getEndpoint(),
+        email,
+        token: generateToken(email, getWorkspaceId('', productId), getExtra(account))
+      }
+      return result
+    }
+    const newAccount = await createAcc(ctx, db, productId, branding, email, null, first, last, true, extra)
+
     const result = {
       endpoint: getEndpoint(),
       email,
-      token: generateToken(email, getWorkspaceId('', productId), getExtra(account))
+      token: generateToken(email, getWorkspaceId('', productId), getExtra(newAccount))
     }
     return result
+  } catch (err: any) {
+    Analytics.handleError(err)
+    ctx.error('loginWithProvider error', { email: _email, ...extra, err })
+    throw err
   }
-  const newAccount = await createAcc(ctx, db, productId, branding, email, null, first, last, true, extra)
-
-  const result = {
-    endpoint: getEndpoint(),
-    email,
-    token: generateToken(email, getWorkspaceId('', productId), getExtra(newAccount))
-  }
-  return result
 }
 
 /**