From 2b2702f3f3a3cb0c433884b060bf935a2d8fd1c0 Mon Sep 17 00:00:00 2001
From: jysperm <jysperm@gmail.com>
Date: Sat, 9 Aug 2014 12:15:58 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E5=AF=86=E7=A0=81=E6=97=B6?=
 =?UTF-8?q?=E8=AE=B0=E5=BD=95=20security=5Flog?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 core/model/account.coffee      |  2 --
 core/model/security_log.coffee | 22 ++++++++++++++++++++++
 core/router/account.coffee     | 14 ++++++++++++--
 3 files changed, 34 insertions(+), 4 deletions(-)
 create mode 100644 core/model/security_log.coffee

diff --git a/core/model/account.coffee b/core/model/account.coffee
index bee65e7..6a112ec 100644
--- a/core/model/account.coffee
+++ b/core/model/account.coffee
@@ -141,8 +141,6 @@ exports.authenticate = (token, callback) ->
   exports.findAndModify 'tokens.token': token, {},
     $set:
       'tokens.$.updated_at': new Date()
-  ,
-    new: true
   , callback
 
 exports.byUsernameOrEmailOrId = (username, callback) ->
diff --git a/core/model/security_log.coffee b/core/model/security_log.coffee
new file mode 100644
index 0000000..d34598f
--- /dev/null
+++ b/core/model/security_log.coffee
@@ -0,0 +1,22 @@
+module.exports = exports = app.db.buildModel 'security_log'
+
+sample =
+  account_id: new ObjectID()
+  type: 'update_password'
+  created_at: new Date()
+  attribute:
+    token:
+      token: 'b535a6cec7b73a60c53673f434686e04972ccafddb2a5477f066f30eded55a9b'
+      created_at: Date()
+      attribute:
+        ip: '123.184.237.163'
+        ua: 'Mozilla/5.0 (Intel Mac OS X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.102'
+
+exports.create = (account, type, attribute, callback) ->
+  exports.insert
+    account_id: account._id
+    type: type
+    attribute: attribute
+    created_at: new Date()
+  , (err, result) ->
+    callback err, result?[0]
diff --git a/core/router/account.coffee b/core/router/account.coffee
index fb5fbb1..fa92892 100644
--- a/core/router/account.coffee
+++ b/core/router/account.coffee
@@ -3,6 +3,7 @@ utils = require './utils'
 {renderAccount, errorHandling, requireAuthenticate} = require './middleware'
 
 mAccount = require '../model/account'
+mSecurityLog = require '../model/security_log'
 
 module.exports = exports = express.Router()
 
@@ -56,7 +57,10 @@ exports.post '/login', errorHandling, (req, res) ->
     unless mAccount.matchPassword account, req.body.password
       return res.error 'wrong_password'
 
-    mAccount.createToken account, {}, (err, token) ->
+    mAccount.createToken account,
+      ip: req.headers['x-real-ip']
+      ua: req.headers['user-agent']
+    , (err, token) ->
       res.cookie 'token', token,
         expires: new Date(Date.now() + config.account.cookie_time)
 
@@ -77,4 +81,10 @@ exports.post '/update_password', requireAuthenticate, (req, res) ->
     return res.error 'invalid_password'
 
   mAccount.updatePassword req.account, req.body.password, ->
-    res.json {}
+    token = _.first _.where req.account.tokens,
+      token: req.token
+
+    mSecurityLog.create req.account, 'update_password',
+      token: _.omit(token, 'updated_at')
+    , ->
+      res.json {}