add MFA login event (#1214)

* add mfa login events

* remove unnecessary event

* remove duplicate event

* rename helper method

* log failed logins

* update frontend event types

* add event for using a recovery code

* emit mfa login events

* emit MFA login failed events

* rename field kind -> event

---------

Co-authored-by: Maciej Wójcik <[email protected]>

Author: wojcik91

crates/defguard_core/src/appstate.rs

@@ -98,7 +98,7 @@ impl AppState {
     /// Sends event to the main event router
     ///
     /// This method is fallible since events are used for communication between services
-    pub fn send_event(&self, event: ApiEvent) -> Result<(), WebError> {
+    pub fn emit_event(&self, event: ApiEvent) -> Result<(), WebError> {
         Ok(self.event_tx.send(event)?)
     }
 

crates/defguard_core/src/db/models/audit_log/metadata.rs

@@ -1,4 +1,9 @@
-use crate::db::{Device, Id, WireguardNetwork};
+use crate::db::{Device, Id, MFAMethod, WireguardNetwork};
+
+#[derive(Serialize)]
+pub struct MfaLoginMetadata {
+    pub mfa_method: MFAMethod,
+}
 
 #[derive(Serialize)]
 pub struct DeviceAddedMetadata {

crates/defguard_core/src/db/models/audit_log/mod.rs

@@ -26,6 +26,10 @@ pub enum AuditModule {
 pub enum EventType {
     // authentication
     UserLogin,
+    UserLoginFailed,
+    UserMfaLogin,
+    UserMfaLoginFailed,
+    RecoveryCodeUsed,
     UserLogout,
     // mfa management
     MfaDisabled,

crates/defguard_core/src/enterprise/handlers/audit_stream.rs

@@ -58,9 +58,9 @@ pub async fn create_audit_stream(
     };
     let stream = stream_model.save(&appstate.pool).await?;
     info!("User {session_username} created audit stream");
-    appstate.send_event(ApiEvent {
+    appstate.emit_event(ApiEvent {
         context,
-        kind: ApiEventType::AuditStreamCreated {
+        event: ApiEventType::AuditStreamCreated {
             stream_id: stream.id,
             stream_name: stream.name,
         },
@@ -90,9 +90,9 @@ pub async fn modify_audit_stream(
         stream.config = data.stream_config;
         stream.save(&appstate.pool).await?;
         info!("User {session_username} modified audit stream");
-        appstate.send_event(ApiEvent {
+        appstate.emit_event(ApiEvent {
             context,
-            kind: ApiEventType::AuditStreamModified {
+            event: ApiEventType::AuditStreamModified {
                 stream_id: stream.id,
                 stream_name: stream.name,
             },
@@ -119,9 +119,9 @@ pub async fn delete_audit_stream(
         let stream_id = stream.id;
         let stream_name = stream.name.clone();
         stream.delete(&appstate.pool).await?;
-        appstate.send_event(ApiEvent {
+        appstate.emit_event(ApiEvent {
             context,
-            kind: ApiEventType::AuditStreamRemoved {
+            event: ApiEventType::AuditStreamRemoved {
                 stream_id,
                 stream_name,
             },

crates/defguard_core/src/events.rs

@@ -1,6 +1,6 @@
 use std::net::IpAddr;
 
-use crate::db::{Device, Id, WireguardNetwork};
+use crate::db::{Device, Id, MFAMethod, WireguardNetwork};
 use chrono::{NaiveDateTime, Utc};
 use ipnetwork::IpNetwork;
 
@@ -67,6 +67,14 @@ impl GrpcRequestContext {
 #[derive(Debug)]
 pub enum ApiEventType {
     UserLogin,
+    UserLoginFailed,
+    UserMfaLogin {
+        mfa_method: MFAMethod,
+    },
+    UserMfaLoginFailed {
+        mfa_method: MFAMethod,
+    },
+    RecoveryCodeUsed,
     UserLogout,
     MfaDisabled,
     MfaTotpDisabled,
@@ -141,7 +149,7 @@ pub enum ApiEventType {
 #[derive(Debug)]
 pub struct ApiEvent {
     pub context: ApiRequestContext,
-    pub kind: ApiEventType,
+    pub event: ApiEventType,
 }
 
 /// Events from gRPC server