feat: integrate metrics tracking across authentication services

_example/authgate-cli/main.go

@@ -588,7 +588,11 @@ func exchangeDeviceCode(
 	}
 
 	// Validate token response
-	if err := validateTokenResponse(tokenResp.AccessToken, tokenResp.TokenType, tokenResp.ExpiresIn); err != nil {
+	if err := validateTokenResponse(
+		tokenResp.AccessToken,
+		tokenResp.TokenType,
+		tokenResp.ExpiresIn,
+	); err != nil {
 		return nil, fmt.Errorf("invalid token response: %w", err)
 	}
 
@@ -781,7 +785,11 @@ func refreshAccessToken(refreshToken string) (*TokenStorage, error) {
 	}
 
 	// Validate token response
-	if err := validateTokenResponse(tokenResp.AccessToken, tokenResp.TokenType, tokenResp.ExpiresIn); err != nil {
+	if err := validateTokenResponse(
+		tokenResp.AccessToken,
+		tokenResp.TokenType,
+		tokenResp.ExpiresIn,
+	); err != nil {
 		return nil, fmt.Errorf("invalid token response: %w", err)
 	}
 

internal/auth/local.go

@@ -28,7 +28,10 @@ func (p *LocalAuthProvider) Authenticate(
 		return nil, ErrInvalidCredentials
 	}
 
-	if err := bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(password)); err != nil {
+	if err := bcrypt.CompareHashAndPassword(
+		[]byte(user.PasswordHash),
+		[]byte(password),
+	); err != nil {
 		return nil, ErrInvalidCredentials
 	}
 

internal/handlers/auth.go

@@ -10,6 +10,7 @@ import (
 	"time"
 
 	"github.com/appleboy/authgate/internal/auth"
+	"github.com/appleboy/authgate/internal/metrics"
 	"github.com/appleboy/authgate/internal/middleware"
 	"github.com/appleboy/authgate/internal/services"
 	"github.com/appleboy/authgate/internal/templates"
@@ -97,19 +98,22 @@ type AuthHandler struct {
 	baseURL                     string
 	sessionFingerprintEnabled   bool
 	sessionFingerprintIncludeIP bool
+	metrics                     metrics.MetricsRecorder
 }
 
 func NewAuthHandler(
 	us *services.UserService,
 	baseURL string,
 	fingerprintEnabled bool,
 	fingerprintIncludeIP bool,
+	m metrics.MetricsRecorder,
 ) *AuthHandler {
 	return &AuthHandler{
 		userService:                 us,
 		baseURL:                     baseURL,
 		sessionFingerprintEnabled:   fingerprintEnabled,
 		sessionFingerprintIncludeIP: fingerprintIncludeIP,
+		metrics:                     m,
 	}
 }
 
@@ -170,6 +174,7 @@ func (h *AuthHandler) LoginPageWithOAuth(
 func (h *AuthHandler) Login(c *gin.Context,
 	oauthProviders map[string]*auth.OAuthProvider,
 ) {
+	start := time.Now()
 	username := c.PostForm("username")
 	password := c.PostForm("password")
 	redirectTo := c.PostForm("redirect")
@@ -181,6 +186,11 @@ func (h *AuthHandler) Login(c *gin.Context,
 
 	user, err := h.userService.Authenticate(c.Request.Context(), username, password)
 	if err != nil {
+		// Record failed login
+		duration := time.Since(start)
+		h.metrics.RecordLogin("local", false)
+		h.metrics.RecordAuthAttempt("local", false, duration)
+
 		var errorMsg string
 
 		// Check for specific error types
@@ -212,6 +222,15 @@ func (h *AuthHandler) Login(c *gin.Context,
 		return
 	}
 
+	// Record successful login
+	duration := time.Since(start)
+	authSource := user.AuthSource
+	if authSource == "" {
+		authSource = "local"
+	}
+	h.metrics.RecordLogin(authSource, true)
+	h.metrics.RecordAuthAttempt(authSource, true, duration)
+
 	// Set session
 	session := sessions.Default(c)
 	session.Set(SessionUserID, user.ID)
@@ -249,12 +268,26 @@ func (h *AuthHandler) Login(c *gin.Context,
 // Logout clears the session and redirects to login
 func (h *AuthHandler) Logout(c *gin.Context) {
 	session := sessions.Default(c)
+
+	// Calculate session duration if available
+	var sessionDuration time.Duration
+	if createdAtUnix := session.Get(SessionLastActivity); createdAtUnix != nil {
+		if createdAtInt64, ok := createdAtUnix.(int64); ok {
+			createdAt := time.Unix(createdAtInt64, 0)
+			sessionDuration = time.Since(createdAt)
+		}
+	}
+
 	session.Clear()
 	if err := session.Save(); err != nil {
 		c.JSON(http.StatusInternalServerError, gin.H{
 			"error": "Failed to save session",
 		})
 		return
 	}
+
+	// Record logout
+	h.metrics.RecordLogout(sessionDuration)
+
 	c.Redirect(http.StatusFound, "/login")
 }

internal/handlers/oauth_handler.go

@@ -12,6 +12,7 @@ import (
 	"time"
 
 	"github.com/appleboy/authgate/internal/auth"
+	"github.com/appleboy/authgate/internal/metrics"
 	"github.com/appleboy/authgate/internal/services"
 	"github.com/appleboy/authgate/internal/templates"
 
@@ -38,6 +39,7 @@ type OAuthHandler struct {
 	httpClient                  *http.Client // Custom HTTP client for OAuth requests
 	sessionFingerprintEnabled   bool
 	sessionFingerprintIncludeIP bool
+	metrics                     metrics.MetricsRecorder
 }
 
 // NewOAuthHandler creates a new OAuth handler
@@ -47,13 +49,15 @@ func NewOAuthHandler(
 	httpClient *http.Client,
 	fingerprintEnabled bool,
 	fingerprintIncludeIP bool,
+	m metrics.MetricsRecorder,
 ) *OAuthHandler {
 	return &OAuthHandler{
 		providers:                   providers,
 		userService:                 userService,
 		httpClient:                  httpClient,
 		sessionFingerprintEnabled:   fingerprintEnabled,
 		sessionFingerprintIncludeIP: fingerprintIncludeIP,
+		metrics:                     m,
 	}
 }
 
@@ -200,6 +204,9 @@ func (h *OAuthHandler) OAuthCallback(c *gin.Context) {
 		token,
 	)
 	if err != nil {
+		// Record failure
+		h.metrics.RecordOAuthCallback(provider, false)
+
 		log.Printf("[OAuth] Authentication failed: %v", err)
 
 		// Handle specific errors
@@ -225,6 +232,9 @@ func (h *OAuthHandler) OAuthCallback(c *gin.Context) {
 		return
 	}
 
+	// Record success
+	h.metrics.RecordOAuthCallback(provider, true)
+
 	// Clear OAuth session data
 	session.Delete("oauth_state")
 	session.Delete("oauth_provider")

internal/handlers/session.go

@@ -162,7 +162,11 @@ func (h *SessionHandler) RevokeSession(c *gin.Context) {
 	userID, _ := c.Get("user_id")
 
 	// Revoke the token
-	if err := h.tokenService.RevokeTokenByID(c.Request.Context(), tokenID, userID.(string)); err != nil {
+	if err := h.tokenService.RevokeTokenByID(
+		c.Request.Context(),
+		tokenID,
+		userID.(string),
+	); err != nil {
 		templates.RenderTempl(
 			c,
 			http.StatusInternalServerError,
@@ -214,7 +218,11 @@ func (h *SessionHandler) DisableSession(c *gin.Context) {
 	userID, _ := c.Get("user_id")
 
 	// Disable the token
-	if err := h.tokenService.DisableToken(c.Request.Context(), tokenID, userID.(string)); err != nil {
+	if err := h.tokenService.DisableToken(
+		c.Request.Context(),
+		tokenID,
+		userID.(string),
+	); err != nil {
 		templates.RenderTempl(
 			c,
 			http.StatusInternalServerError,
@@ -238,7 +246,11 @@ func (h *SessionHandler) EnableSession(c *gin.Context) {
 	userID, _ := c.Get("user_id")
 
 	// Enable the token
-	if err := h.tokenService.EnableToken(c.Request.Context(), tokenID, userID.(string)); err != nil {
+	if err := h.tokenService.EnableToken(
+		c.Request.Context(),
+		tokenID,
+		userID.(string),
+	); err != nil {
 		templates.RenderTempl(
 			c,
 			http.StatusInternalServerError,