From 4442bcc4067cd9215d90f0754be1a910931170df Mon Sep 17 00:00:00 2001
From: Lorenzo Venerandi <lollo.venerandi@gmail.com>
Date: Mon, 9 Mar 2026 17:54:47 +0100
Subject: [PATCH] feat: enhance logging for authentication events

---
 src/config.py     | 3 +++
 src/routes/api.py | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/src/config.py b/src/config.py
index f43b390..be0cf93 100644
--- a/src/config.py
+++ b/src/config.py
@@ -258,6 +258,9 @@ def override_config_from_env(config: Config = None):
             try:
                 field_type = config.__dataclass_fields__[field].type
                 env_value = os.environ[env_var]
+                # If password is overridden, it's no longer auto-generated
+                if field == "dashboard_password":
+                    config.dashboard_password_generated = False
                 if field_type == int:
                     setattr(config, field, int(env_value))
                 elif field_type == float:
diff --git a/src/routes/api.py b/src/routes/api.py
index 661b3cc..08c9eeb 100644
--- a/src/routes/api.py
+++ b/src/routes/api.py
@@ -73,6 +73,7 @@ async def authenticate(request: Request, body: AuthRequest):
     if hmac.compare_digest(body.fingerprint, expected):
         # Success — clear failed attempts
         _auth_attempts.pop(ip, None)
+        get_app_logger().info(f"[AUTH] Successful login from {ip}")
         token = secrets.token_hex(32)
         _auth_tokens.add(token)
         response = JSONResponse(content={"authenticated": True})
@@ -85,6 +86,7 @@ async def authenticate(request: Request, body: AuthRequest):
         return response
 
     # Failed attempt — track and possibly lock out
+    get_app_logger().warning(f"[AUTH] Failed login attempt from {ip}")
     if not record:
         record = {"attempts": 0, "locked_until": 0, "lockouts": 0}
         _auth_attempts[ip] = record