Refactor AuditSignInManager and enhance logging

Refactored the constructor of `AuditSignInManager<TUser>` for improved readability. Enhanced the `LogLoginAuditAsync` method to include `SignInResult? result` for detailed logging. Updated all method calls to pass the new parameter.

Simplified client IP address retrieval by replacing legacy parsing logic with a streamlined approach. Added input sanitization and introduced a new method to extract browser information from the `User-Agent` header.

Improved exception handling with better logging and ensured graceful handling of errors. Cleaned up unused code, removed redundant methods, and improved overall code formatting for maintainability.

Author: neozhu

src/Infrastructure/Services/Identity/AuditSignInManager.cs

@@ -4,28 +4,27 @@
 using CleanArchitecture.Blazor.Domain.Identity;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Http;
-using System.Net; // added for IPAddress parsing
 
 namespace CleanArchitecture.Blazor.Infrastructure.Services;
 
 public class AuditSignInManager<TUser> : SignInManager<TUser>
- where TUser : class
+    where TUser : class
 {
     private readonly IApplicationDbContextFactory _dbContextFactory;
     private readonly IHttpContextAccessor _httpContextAccessor;
     private readonly ILogger<AuditSignInManager<TUser>> _logger;
 
     public AuditSignInManager(
-    UserManager<TUser> userManager,
-    IHttpContextAccessor contextAccessor,
-    IUserClaimsPrincipalFactory<TUser> claimsFactory,
-    IOptions<IdentityOptions> optionsAccessor,
-    ILogger<SignInManager<TUser>> logger,
-    IAuthenticationSchemeProvider schemes,
-    IUserConfirmation<TUser> confirmation,
-    IApplicationDbContextFactory dbContextFactory,
-    ILogger<AuditSignInManager<TUser>> auditLogger)
-    : base(userManager, contextAccessor, claimsFactory, optionsAccessor, logger, schemes, confirmation)
+        UserManager<TUser> userManager,
+        IHttpContextAccessor contextAccessor,
+        IUserClaimsPrincipalFactory<TUser> claimsFactory,
+        IOptions<IdentityOptions> optionsAccessor,
+        ILogger<SignInManager<TUser>> logger,
+        IAuthenticationSchemeProvider schemes,
+        IUserConfirmation<TUser> confirmation,
+        IApplicationDbContextFactory dbContextFactory,
+        ILogger<AuditSignInManager<TUser>> auditLogger)
+        : base(userManager, contextAccessor, claimsFactory, optionsAccessor, logger, schemes, confirmation)
     {
         _dbContextFactory = dbContextFactory;
         _httpContextAccessor = contextAccessor;
@@ -44,7 +43,7 @@ public override async Task<SignInResult> PasswordSignInAsync(TUser user, string
         var result = await base.PasswordSignInAsync(user, password, isPersistent, lockoutOnFailure);
         var userName = await UserManager.GetUserNameAsync(user) ?? "Unknown";
         var userId = await UserManager.GetUserIdAsync(user) ?? "Unknown";
-        await LogLoginAuditAsync(userId, userName, result.Succeeded, "Local");
+        await LogLoginAuditAsync(userId, userName, result.Succeeded, "Local", result);
         return result;
     }
 
@@ -56,7 +55,7 @@ public override async Task<SignInResult> ExternalLoginSignInAsync(string loginPr
         var info = await GetExternalLoginInfoAsync();
         var userName = info?.Principal?.Identity?.Name ?? "External User";
         var userId = info?.Principal?.FindFirstValue(ClaimTypes.NameIdentifier) ?? "Unknown";
-        await LogLoginAuditAsync(userId, userName, result.Succeeded, loginProvider);
+        await LogLoginAuditAsync(userId, userName, result.Succeeded, loginProvider, result);
         return result;
     }
 
@@ -65,15 +64,15 @@ public override async Task SignInAsync(TUser user, bool isPersistent, string? au
         await base.SignInAsync(user, isPersistent, authenticationMethod);
         var userName = await UserManager.GetUserNameAsync(user) ?? "Unknown";
         var userId = await UserManager.GetUserIdAsync(user) ?? "Unknown";
-        await LogLoginAuditAsync(userId, userName, true, authenticationMethod ?? "Direct");
+        await LogLoginAuditAsync(userId, userName, true, authenticationMethod ?? "Direct", null);
     }
 
     public override async Task SignInAsync(TUser user, AuthenticationProperties authenticationProperties, string? authenticationMethod = null)
     {
         await base.SignInAsync(user, authenticationProperties, authenticationMethod);
         var userName = await UserManager.GetUserNameAsync(user) ?? "Unknown";
         var userId = await UserManager.GetUserIdAsync(user) ?? "Unknown";
-        await LogLoginAuditAsync(userId, userName, true, authenticationMethod ?? "Direct");
+        await LogLoginAuditAsync(userId, userName, true, authenticationMethod ?? "Direct", null);
     }
 
     public override async Task<SignInResult> TwoFactorSignInAsync(string provider, string code, bool isPersistent, bool rememberClient)
@@ -90,11 +89,11 @@ public override async Task<SignInResult> TwoFactorSignInAsync(string provider, s
             userId = await UserManager.GetUserIdAsync(user) ?? "Unknown";
         }
 
-        await LogLoginAuditAsync(userId, userName, result.Succeeded, $"2FA-{provider}");
+        await LogLoginAuditAsync(userId, userName, result.Succeeded, $"2FA-{provider}", result);
         return result;
     }
 
-    private async Task LogLoginAuditAsync(string userId, string userName, bool success, string provider)
+    private async Task LogLoginAuditAsync(string userId, string userName, bool success, string provider, SignInResult? result)
     {
         try
         {
@@ -105,6 +104,8 @@ private async Task LogLoginAuditAsync(string userId, string userName, bool succe
                 return;
             }
 
+
+
             // Extract client information
             var ipAddress = GetClientIpAddress(httpContext);
             var browserInfo = GetBrowserInfo(httpContext);
@@ -137,88 +138,48 @@ private async Task LogLoginAuditAsync(string userId, string userName, bool succe
     {
         try
         {
-            // Simple & safe: only examine a short list of common headers, validate each with IPAddress.TryParse.
-            // Order: CF-Connecting-IP -> X-Forwarded-For (first) -> True-Client-IP -> X-Real-IP -> fallback RemoteIpAddress
-            if (TryGetSingleHeaderIp(httpContext, "CF-Connecting-IP", out var ip)) return ip;
-            if (TryGetXForwardedFor(httpContext, out ip)) return ip;
-            if (TryGetSingleHeaderIp(httpContext, "True-Client-IP", out ip)) return ip;
-            if (TryGetSingleHeaderIp(httpContext, "X-Real-IP", out ip)) return ip;
-
-            var remote = httpContext.Connection.RemoteIpAddress;
-            return NormalizeLoopback(remote);
-        }
-        catch (Exception ex)
-        {
-            _logger.LogWarning(ex, "Failed to get client IP address");
-            return null;
-        }
-    }
-
-    private bool TryGetSingleHeaderIp(HttpContext ctx, string headerName, out string? ip)
-    {
-        ip = null;
-        var raw = ctx.Request.Headers[headerName].FirstOrDefault();
-        if (string.IsNullOrWhiteSpace(raw)) return false;
-        raw = raw.Split(',')[0].Trim(); // if multiple, only first
-        raw = StripPortAndBrackets(raw);
-        if (IPAddress.TryParse(raw, out var parsed))
-        {
-            ip = NormalizeLoopback(parsed);
-            return true;
-        }
-        return false;
-    }
-
-    private bool TryGetXForwardedFor(HttpContext ctx, out string? ip)
-    {
-        ip = null;
-        var raw = ctx.Request.Headers["X-Forwarded-For"].FirstOrDefault();
-        if (string.IsNullOrWhiteSpace(raw)) return false;
-        // Split chain client, proxy1, proxy2 ... choose first non-empty candidate that parses
-        foreach (var candidate in raw.Split(',').Select(s => s.Trim()))
-        {
-            if (string.IsNullOrEmpty(candidate)) continue;
-            var cleaned = StripPortAndBrackets(candidate);
-            if (IPAddress.TryParse(cleaned, out var parsed))
+            // Check for forwarded IP first (when behind proxy/load balancer)
+            var forwardedFor = httpContext.Request.Headers["X-Forwarded-For"].FirstOrDefault();
+            if (!string.IsNullOrEmpty(forwardedFor))
             {
-                ip = NormalizeLoopback(parsed);
-                return true;
+                // Take the first IP if there are multiple
+                var firstIp = forwardedFor.Split(',').FirstOrDefault()?.Trim();
+                if (!string.IsNullOrEmpty(firstIp))
+                    return firstIp;
             }
-        }
-        return false;
-    }
 
-    private string StripPortAndBrackets(string value)
-    {
-        if (string.IsNullOrEmpty(value)) return value;
-        value = value.Trim('"');
-        // IPv6 in brackets: [2001:db8::1]:443
-        if (value.StartsWith("[") && value.Contains("]"))
-        {
-            var end = value.IndexOf(']');
-            if (end > 0)
+            // Check for real IP header
+            var realIp = httpContext.Request.Headers["X-Real-IP"].FirstOrDefault();
+            if (!string.IsNullOrEmpty(realIp))
+                return realIp;
+
+            // Fall back to remote IP
+            var remoteIp = httpContext.Connection.RemoteIpAddress?.ToString();
+
+            // Handle localhost scenarios
+            if (remoteIp == "::1" || remoteIp == "127.0.0.1")
             {
-                var core = value.Substring(1, end - 1);
-                // ignore trailing :port
-                return core;
+                return "127.0.0.1"; // Normalize localhost
             }
+
+            return SanitizeInput(remoteIp);
         }
-        // IPv4:port
-        var colonIndex = value.LastIndexOf(':');
-        if (colonIndex > -1 && value.Count(c => c == ':') == 1 && value.Contains('.'))
+        catch (Exception ex)
         {
-            return value.Substring(0, colonIndex);
+            _logger.LogWarning(ex, "Failed to get client IP address");
+            return null;
         }
-        return value;
     }
 
-    private string? NormalizeLoopback(IPAddress? ip)
+    private string SanitizeInput(string? input)
     {
-        if (ip == null) return null;
-        if (IPAddress.IsLoopback(ip)) return "127.0.0.1"; // unify
-        return ip.ToString();
+        if (string.IsNullOrEmpty(input))
+            return string.Empty;
+        // Remove newline characters and trim whitespace
+        return input.Replace("\r", "").Replace("\n", "").Trim();
     }
 
+
     private string? GetBrowserInfo(HttpContext httpContext)
     {
         try