Refactor logging

Fixes #18
2019-01-22 12:40:14 +00:00 · 2019-01-22 12:40:14 +00:00 · b3b31e2193
commit b3b31e2193
parent 1a3a099ac1
5 changed files with 103 additions and 33 deletions
--- a/5
+++ b/5
@ -0,0 +1,5 @@
 format:
 	gofmt -w -s *.go
 .PHONY: format
--- a/README.md
+++ b/README.md
@ -36,6 +36,8 @@ The following configuration is supported:
 |-lifetime|int|Session length in seconds (default 43200)|
 |-url-path|string|Callback URL (default "_oauth")|
 |-prompt|string|Space separated list of [OpenID prompt options](https://developers.google.com/identity/protocols/OpenIDConnect#prompt)|
 |-log-level|string|Log level: trace, debug, info, warn, error, fatal, panic (default "warn")|
 |-log-format|string|Log format: text, json, pretty (default "text")|
 Configuration can also be supplied as environment variables (use upper case and swap `-`'s for `_`'s e.g. `-client-id` becomes `CLIENT_ID`)
--- a/forwardauth.go
+++ b/forwardauth.go
@ -22,7 +22,7 @@ type ForwardAuth struct {
 	Secret   []byte
 	ClientId     string
-	ClientSecret string
+	ClientSecret string `json:"-"`
 	Scope        string
 	LoginURL *url.URL
--- a/log.go
+++ b/log.go
@ -0,0 +1,48 @@
 package main
 import (
 	"os"
 	"github.com/sirupsen/logrus"
 )
 func CreateLogger(logLevel, logFormat string) logrus.FieldLogger {
 	// Setup logger
 	log := logrus.StandardLogger()
 	logrus.SetOutput(os.Stdout)
 	// Set logger format
 	switch logFormat {
 	case "pretty":
 		break
 	case "json":
 		logrus.SetFormatter(&logrus.JSONFormatter{})
 	// "text" is the default
 	default:
 		logrus.SetFormatter(&logrus.TextFormatter{
 			DisableColors: true,
 			FullTimestamp: true,
 		})
 	}
 	// Set logger level
 	switch logLevel {
 	case "trace":
 		logrus.SetLevel(logrus.TraceLevel)
 	case "debug":
 		logrus.SetLevel(logrus.DebugLevel)
 	case "info":
 		logrus.SetLevel(logrus.InfoLevel)
 	case "error":
 		logrus.SetLevel(logrus.ErrorLevel)
 	case "fatal":
 		logrus.SetLevel(logrus.FatalLevel)
 	case "panic":
 		logrus.SetLevel(logrus.PanicLevel)
 	// warn is the default
 	default:
 		logrus.SetLevel(logrus.WarnLevel)
 	}
 	return log
 }
--- a/main.go
+++ b/main.go
@ -1,6 +1,7 @@
 package main
 import (
 	"encoding/json"
 	"fmt"
 	"net/http"
 	"net/url"
@ -8,26 +9,37 @@ import (
 	"time"
 	"github.com/namsral/flag"
-	"github.com/op/go-logging"
+	"github.com/sirupsen/logrus"
 )
 // Vars
 var fw *ForwardAuth
-var log = logging.MustGetLogger("traefik-forward-auth")
+var log logrus.FieldLogger
 // Primary handler
 func handler(w http.ResponseWriter, r *http.Request) {
 	logger := log
 	if logrus.GetLevel() >= logrus.DebugLevel {
 		logger = log.WithFields(logrus.Fields{
 			"RemoteAddr":      r.RemoteAddr,
 			"X-Forwarded-Uri": r.Header.Get("X-Forwarded-Uri"),
 		})
 	}
 	logger.Debugf("Handling request")
 	// Parse uri
 	uri, err := url.Parse(r.Header.Get("X-Forwarded-Uri"))
 	if err != nil {
-		log.Error("Error parsing url")
+		logger.Errorf("Error parsing X-Forwarded-Uri, %v", err)
 		http.Error(w, "Service unavailable", 503)
 		return
 	}
 	// Handle callback
 	if uri.Path == fw.Path {
-		handleCallback(w, r, uri.Query())
+		logger.Debugf("Passing request to auth callback")
 		handleCallback(w, r, uri.Query(), logger)
 		return
 	}
@ -37,14 +49,14 @@ func handler(w http.ResponseWriter, r *http.Request) {
 		// Error indicates no cookie, generate nonce
 		err, nonce := fw.Nonce()
 		if err != nil {
-			log.Error("Error generating nonce")
+			logger.Errorf("Error generating nonce, %v", err)
 			http.Error(w, "Service unavailable", 503)
 			return
 		}
 		// Set the CSRF cookie
 		http.SetCookie(w, fw.MakeCSRFCookie(r, nonce))
-		log.Debug("Set CSRF cookie and redirecting to google login")
+		logger.Debug("Set CSRF cookie and redirecting to google login")
 		// Forward them on
 		http.Redirect(w, r, fw.GetLoginURL(r, nonce), http.StatusTemporaryRedirect)
@ -55,7 +67,7 @@ func handler(w http.ResponseWriter, r *http.Request) {
 	// Validate cookie
 	valid, email, err := fw.ValidateCookie(r, c)
 	if !valid {
-		log.Debugf("Invalid cookie: %s", err)
+		logger.Errorf("Invalid cookie: %v", err)
 		http.Error(w, "Not authorized", 401)
 		return
 	}
@ -63,22 +75,26 @@ func handler(w http.ResponseWriter, r *http.Request) {
 	// Validate user
 	valid = fw.ValidateEmail(email)
 	if !valid {
-		log.Debugf("Invalid email: %s", email)
+		logger.WithFields(logrus.Fields{
 			"email": email,
 		}).Errorf("Invalid email")
 		http.Error(w, "Not authorized", 401)
 		return
 	}
 	// Valid request
 	logger.Debugf("Allowing valid request ")
 	w.Header().Set("X-Forwarded-User", email)
 	w.WriteHeader(200)
 }
 // Authenticate user after they have come back from google
-func handleCallback(w http.ResponseWriter, r *http.Request, qs url.Values) {
+func handleCallback(w http.ResponseWriter, r *http.Request, qs url.Values,
 	logger logrus.FieldLogger) {
 	// Check for CSRF cookie
 	csrfCookie, err := r.Cookie(fw.CSRFCookieName)
 	if err != nil {
-		log.Debug("Missing csrf cookie")
+		logger.Warn("Missing csrf cookie")
 		http.Error(w, "Not authorized", 401)
 		return
 	}
@ -87,7 +103,10 @@ func handleCallback(w http.ResponseWriter, r *http.Request, qs url.Values) {
 	state := qs.Get("state")
 	valid, redirect, err := fw.ValidateCSRFCookie(csrfCookie, state)
 	if !valid {
-		log.Debugf("Invalid oauth state, expected '%s', got '%s'\n", csrfCookie.Value, state)
+		logger.WithFields(logrus.Fields{
 			"csrf":  csrfCookie.Value,
 			"state": state,
 		}).Warnf("CSRF cookie does not match state")
 		http.Error(w, "Not authorized", 401)
 		return
 	}
@ -98,7 +117,7 @@ func handleCallback(w http.ResponseWriter, r *http.Request, qs url.Values) {
 	// Exchange code for token
 	token, err := fw.ExchangeCode(r, qs.Get("code"))
 	if err != nil {
-		log.Debugf("Code exchange failed with: %s\n", err)
+		logger.Errorf("Code exchange failed with: %v", err)
 		http.Error(w, "Service unavailable", 503)
 		return
 	}
@ -106,13 +125,15 @@ func handleCallback(w http.ResponseWriter, r *http.Request, qs url.Values) {
 	// Get user
 	user, err := fw.GetUser(token)
 	if err != nil {
-		log.Debugf("Error getting user: %s\n", err)
+		logger.Errorf("Error getting user: %s", err)
 		return
 	}
 	// Generate cookie
 	http.SetCookie(w, fw.MakeCookie(r, user.Email))
-	log.Debugf("Generated auth cookie for %s\n", user.Email)
+	logger.WithFields(logrus.Fields{
 		"user": user.Email,
 	}).Infof("Generated auth cookie")
 	// Redirect
 	http.Redirect(w, r, redirect, http.StatusTemporaryRedirect)
@ -136,30 +157,22 @@ func main() {
 	domainList := flag.String("domain", "", "Comma separated list of email domains to allow")
 	emailWhitelist := flag.String("whitelist", "", "Comma separated list of emails to allow")
 	prompt := flag.String("prompt", "", "Space separated list of OpenID prompt options")
 	logLevel := flag.String("log-level", "warn", "Log level: trace, debug, info, warn, error, fatal, panic")
 	logFormat := flag.String("log-format", "text", "Log format: text, json, pretty")
 	flag.Parse()
 	// Setup logger
 	log = CreateLogger(*logLevel, *logFormat)
 	// Backwards compatability
 	if *secret == "" && *cookieSecret != "" {
 		*secret = *cookieSecret
 	}
 	// Check for show stopper errors
-	stop := false
+	if *clientId == "" || *clientSecret == "" || *secret == "" {
-	if *clientId == "" {
+		log.Fatal("client-id, client-secret and secret must all be set")
 		stop = true
 		log.Critical("client-id must be set")
 	}
 	if *clientSecret == "" {
 		stop = true
 		log.Critical("client-secret must be set")
 	}
 	if *secret == "" {
 		stop = true
 		log.Critical("secret must be set")
 	}
 	if stop {
 		return
 	}
 	// Parse lists
@ -220,7 +233,9 @@ func main() {
 	// Attach handler
 	http.HandleFunc("/", handler)
-	log.Debugf("Starting with options: %#v", fw)
+	// Start
-	log.Notice("Listening on :4181")
+	jsonConf, _ := json.Marshal(fw)
-	log.Notice(http.ListenAndServe(":4181", nil))
+	log.Debugf("Starting with options: %s", string(jsonConf))
 	log.Info("Listening on :4181")
 	log.Info(http.ListenAndServe(":4181", nil))
 }