feat(auth): log wallet name on every login#3851
Open
joshuakrueger-dfx wants to merge 1 commit into
Open
Conversation
Adds a walletName column to IpLog and threads the login-request wallet through to the per-login audit trail: - IpCountryGuard forwards req.body.wallet for signature logins - mail login persists the resolved login wallet name and passes it on completion Captures which app/wallet a login originated from, complementing the mail-branding fix (#3846). Refs #3849.
joshuakrueger-dfx
requested review from
TaprootFreak and
davidleomay
as code owners
davidleomay
reviewed
Jun 9, 2026
davidleomay
left a comment
davidleomay
left a comment
Member
There was a problem hiding this comment.
The wallet field on SignInDto/SignUpDto/AuthMailDto should get a @Transform(Util.sanitize) decorator, consistent with how other string fields are handled in the codebase (e.g. auth-lnurl.dto.ts). Strips HTML, trims whitespace — no perf hit, no extra DB lookup.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implements the backend part of #3849.
What
Persists the wallet name a login originated from in the per-login audit trail (
IpLog).IpLog.walletName— new nullable column (migrationAddWalletNameToIpLog)IpLogService.create/doCreate— newwalletNameparam, included in the dedup cache key and the persisted rowIpCountryGuard— forwardsreq.body.walletfor signature logins (POST /v1/auth); RealUnit already sendswallet: 'RealUnit', so this now gets loggedsignInByMailstores the resolved login wallet name on the pending-login entry;completeSignInByMailpasses it toIpLogService.createComplements the mail-branding fix #3846: branding follows the login source, and now the source wallet is also recorded per login.
Scope notes
walletURL param (absent → backend defaults to DFX), and the RealUnit app (Flutter) has no email login and already sendswallet: 'RealUnit'on signature auth. Optionally, app.dfx.swiss could send an explicit DFX wallet name to tag its own email logins inIpLog— open question for review.Verification
Local: lint, format:check (src), build, full test suite (1018 passed) — all green.