2 files changed, 22 insertions, 3 deletions

diff --git a/kvmd/apps/kvmd/auth.py b/kvmd/apps/kvmd/auth.py
index f319b5cc..923a06fe 100644
--- a/kvmd/apps/kvmd/auth.py
+++ b/kvmd/apps/kvmd/auth.py
@@ -33,5 +33,5 @@ class AuthManager:
         if user:
             get_logger().info("Logged out user %r", user)
 
-    def check(self, token: str) -> bool:
-        return (token in self.__tokens)
+    def check(self, token: str) -> Optional[str]:
+        return self.__tokens.get(token)
diff --git a/kvmd/apps/kvmd/server.py b/kvmd/apps/kvmd/server.py
index b204df7d..9d580fe0 100644
--- a/kvmd/apps/kvmd/server.py
+++ b/kvmd/apps/kvmd/server.py
@@ -35,6 +35,23 @@ from .streamer import Streamer
 
 
 # =====
+try:
+    from aiohttp.web import AccessLogger  # type: ignore  # pylint: disable=ungrouped-imports
+except ImportError:
+    from aiohttp.helpers import AccessLogger  # type: ignore  # pylint: disable=ungrouped-imports
+
+
+_ATTR_KVMD_USER = "kvmd_user"
+
+
+def _format_P(request: aiohttp.web.BaseRequest, *_, **__) -> str:  # type: ignore  # pylint: disable=invalid-name
+    return (getattr(request, _ATTR_KVMD_USER, None) or "-")
+
+
+AccessLogger._format_P = staticmethod(_format_P)  # type: ignore  # pylint: disable=protected-access
+
+
+# =====
 class HttpError(Exception):
     pass
 
@@ -97,8 +114,10 @@ def _exposed(http_method: str, path: str, auth_required: bool=True) -> Callable:
                 if auth_required:
                     token = request.cookies.get(_COOKIE_AUTH_TOKEN, "")
                     if token:
-                        if not self._auth_manager.check(_valid_token(token)):
+                        user = self._auth_manager.check(_valid_token(token))
+                        if not user:
                             raise ForbiddenError("Forbidden")
+                        setattr(request, _ATTR_KVMD_USER, user)
                     else:
                         raise UnauthorizedError("Unauthorized")