Log IP source on auth failure

[ambroisie]

What is the problem you are trying to solve with this feature?

I would like to see the logs for failed authentication (API and user login) include the source IP address (accounting for X-Forwarded-For in reverse proxy setups).

The use case would be to add fail2ban to my setup, in order to avoid brute force attacks on my Homebox installation.

What is the solution you are proposing?

Add the IP address to the log message for failed auth attemps (currently failed to authenticate error="invalid username or password").

Ideally it would be surfaced in the plain-text log, as it is easier to parse in fail2ban than JSON.

What alternatives have you considered?

No response

Additional context

No response

Contributions

• I have searched through existing issues and feature requests to see if my idea has already been proposed.
• If this feature is accepted, I would be willing to help implement and maintain this feature.
• If this feature is accepted, I'm willing to sponsor the development of this feature.

[tankerkiller125]

Please note we're converting this issue into a discussion as per our new procedures/policies. You can read more about that in our announcement #712