1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
// GoToSocial
// Copyright (C) GoToSocial Authors admin@gotosocial.org
// SPDX-License-Identifier: AGPL-3.0-or-later
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package middleware
import (
"fmt"
"net/http"
"runtime"
"time"
"codeberg.org/gruf/go-bytesize"
"codeberg.org/gruf/go-errors/v2"
"codeberg.org/gruf/go-kv"
"github.com/gin-gonic/gin"
"github.com/superseriousbusiness/gotosocial/internal/gtscontext"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
"github.com/superseriousbusiness/gotosocial/internal/log"
)
// Logger returns a gin middleware which provides request logging and panic recovery.
func Logger(logClientIP bool) gin.HandlerFunc {
return func(c *gin.Context) {
// Initialize the logging fields
fields := make(kv.Fields, 5, 7)
// Determine pre-handler time
before := time.Now()
// defer so that we log *after the request has completed*
defer func() {
code := c.Writer.Status()
path := c.Request.URL.Path
if r := recover(); r != nil {
if c.Writer.Status() == 0 {
// No response was written, send a generic Internal Error
c.Writer.WriteHeader(http.StatusInternalServerError)
}
// Append panic information to the request ctx
err := fmt.Errorf("recovered panic: %v", r)
_ = c.Error(err)
// Dump a stacktrace to error log
pcs := make([]uintptr, 10)
n := runtime.Callers(3, pcs)
iter := runtime.CallersFrames(pcs[:n])
callers := errors.Callers(gatherFrames(iter, n))
log.WithContext(c.Request.Context()).
WithField("stacktrace", callers).Error(err)
}
// NOTE:
// It is very important here that we are ONLY logging
// the request path, and none of the query parameters.
// Query parameters can contain sensitive information
// and could lead to storing plaintext API keys in logs
// Set request logging fields
fields[0] = kv.Field{"latency", time.Since(before)}
fields[1] = kv.Field{"userAgent", c.Request.UserAgent()}
fields[2] = kv.Field{"method", c.Request.Method}
fields[3] = kv.Field{"statusCode", code}
fields[4] = kv.Field{"path", path}
// Set optional request logging fields.
if logClientIP {
fields = append(fields, kv.Field{
"clientIP", c.ClientIP(),
})
}
ctx := c.Request.Context()
if pubKeyID := gtscontext.HTTPSignaturePubKeyID(ctx); pubKeyID != nil {
fields = append(fields, kv.Field{
"pubKeyID", pubKeyID.String(),
})
}
// Create log entry with fields
l := log.New()
l = l.WithContext(ctx)
l = l.WithFields(fields...)
// Default is info
lvl := log.INFO
if code >= 500 {
// Actual error.
lvl = log.ERROR
}
if len(c.Errors) > 0 {
// Always attach any found errors.
l = l.WithField("errors", c.Errors)
}
// Get appropriate text for this code.
statusText := http.StatusText(code)
if statusText == "" {
// Look for custom codes.
switch code {
case gtserror.StatusClientClosedRequest:
statusText = gtserror.StatusTextClientClosedRequest
default:
statusText = "Unknown Status"
}
}
// Generate a nicer looking bytecount
size := bytesize.Size(c.Writer.Size()) // #nosec G115 -- Just logging
// Finally, write log entry with status text + body size.
l.Logf(lvl, "%s: wrote %s", statusText, size)
}()
// Process request
c.Next()
}
}
// gatherFrames gathers runtime frames from a frame iterator.
func gatherFrames(iter *runtime.Frames, n int) []runtime.Frame {
if iter == nil {
return nil
}
frames := make([]runtime.Frame, 0, n)
for {
f, ok := iter.Next()
if !ok {
break
}
frames = append(frames, f)
}
return frames
}
|
