Switch logging to slog

This commit replaces logrus with slog from the Go standard library.
This commit is contained in:
Jan Dittberner 2024-05-12 01:07:34 +02:00
parent f22f8ff902
commit 1e676e8cf1
14 changed files with 269 additions and 214 deletions

View file

@ -24,6 +24,7 @@ import (
"encoding/base64" "encoding/base64"
"errors" "errors"
"fmt" "fmt"
"log/slog"
"net/http" "net/http"
"net/url" "net/url"
"os" "os"
@ -36,7 +37,6 @@ import (
"github.com/knadh/koanf/parsers/toml" "github.com/knadh/koanf/parsers/toml"
"github.com/knadh/koanf/providers/confmap" "github.com/knadh/koanf/providers/confmap"
hydra "github.com/ory/hydra-client-go/v2" hydra "github.com/ory/hydra-client-go/v2"
log "github.com/sirupsen/logrus"
"code.cacert.org/cacert/oidc-idp/internal/handlers" "code.cacert.org/cacert/oidc-idp/internal/handlers"
"code.cacert.org/cacert/oidc-idp/internal/services" "code.cacert.org/cacert/oidc-idp/internal/services"
@ -55,6 +55,8 @@ const (
sessionKeyLength = 32 sessionKeyLength = 32
sessionAuthKeyLength = 64 sessionAuthKeyLength = 64
minCSRFKeyLength = 64
) )
var ( var (
@ -64,42 +66,61 @@ var (
) )
func main() { func main() {
logger := log.New() var (
logLevel = new(slog.LevelVar)
logHandler slog.Handler
logger *slog.Logger
)
logHandler = slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{Level: logLevel})
logger = slog.New(logHandler)
slog.SetDefault(logger)
config, err := services.ConfigureApplication(logger, "IDP", services.DefaultConfig) config, err := services.ConfigureApplication(logger, "IDP", services.DefaultConfig)
if err != nil { if err != nil {
logger.WithError(err).Fatal("error loading configuration") logger.Error("error loading configuration", "err", err)
os.Exit(1)
} }
if level := config.String("log.level"); level != "" { if level := config.Bytes("log.level"); level != nil {
logLevel, err := log.ParseLevel(level) err := logLevel.UnmarshalText(level)
if err != nil { if err != nil {
logger.WithError(err).Fatal("could not parse log level") logger.Error("could not parse log level", "error", err)
os.Exit(1)
} }
logger.SetLevel(logLevel) slog.SetLogLoggerLevel(logLevel.Level())
} }
if config.Bool("log.json") { if config.Bool("log.json") {
logger.SetFormatter(&log.JSONFormatter{}) logHandler = slog.NewJSONHandler(os.Stdout, &slog.HandlerOptions{Level: logLevel})
logger = slog.New(logHandler)
slog.SetDefault(logger)
} }
logger.WithFields(log.Fields{ logger.Info("Starting CAcert OpenID Connect Identity Provider",
"version": version, "commit": commit, "date": date, "version", version, "commit", commit, "date", date,
}).Info("Starting CAcert OpenID Connect Identity Provider") )
logger.Infoln("Server is starting") logger.Info("Server is starting")
i18nService := services.InitI18n(logger, config.Strings("i18n.languages")) i18nService := services.InitI18n(logger, config.Strings("i18n.languages"))
if err = i18nService.AddMessages(); err != nil { if err = i18nService.AddMessages(); err != nil {
logger.WithError(err).Fatal("could not add messages for i18n") logger.Error("could not add messages for i18n", "error", err)
os.Exit(1)
}
sessionAuthKey, sessionEncKey, csrfKey, err := configureSessionParameters(config)
if err != nil {
logger.Error("could not configure session parameters", "error", err)
os.Exit(1)
} }
sessionAuthKey, sessionEncKey := configureSessionParameters(config)
services.InitSessionStore(sessionAuthKey, sessionEncKey) services.InitSessionStore(sessionAuthKey, sessionEncKey)
clientTransport, err := configureAdminClient(config) clientTransport, err := configureAdminClient(config)
if err != nil { if err != nil {
logger.WithError(err).Fatal("could not configure Hydra admin client") logger.Error("could not configure Hydra admin client", "error", err)
os.Exit(1)
} }
tc := handlers.PopulateTemplateCache() tc := handlers.PopulateTemplateCache()
@ -132,11 +153,6 @@ func main() {
router.Handle("/css/", staticFiles) router.Handle("/css/", staticFiles)
router.Handle("/js/", staticFiles) router.Handle("/js/", staticFiles)
csrfKey, err := base64.StdEncoding.DecodeString(config.MustString("security.csrf.key"))
if err != nil {
logger.WithError(err).Fatal("could not parse CSRF key bytes")
}
nextRequestID := func() string { nextRequestID := func() string {
return fmt.Sprintf("%d", time.Now().UnixNano()) return fmt.Sprintf("%d", time.Now().UnixNano())
} }
@ -152,12 +168,17 @@ func main() {
errorMiddleware, err := handlers.ErrorHandling(logger, tc, i18nService) errorMiddleware, err := handlers.ErrorHandling(logger, tc, i18nService)
if err != nil { if err != nil {
logger.WithError(err).Fatal("could not initialize request error handling") logger.Error("could not initialize request error handling", "error", err)
os.Exit(1)
} }
handlerChain := tracing(logging(hsts(errorMiddleware(csrfProtect(router))))) handlerChain := tracing(logging(hsts(errorMiddleware(csrfProtect(router)))))
startServer(logger, config, handlerChain) err = startServer(logger, config, handlerChain)
if err != nil {
logger.Error("server start failed", "error", err)
os.Exit(1)
}
} }
func configureAdminClient(config *koanf.Koanf) (*hydra.APIClient, error) { func configureAdminClient(config *koanf.Koanf) (*hydra.APIClient, error) {
@ -197,7 +218,7 @@ func configureAdminClient(config *koanf.Koanf) (*hydra.APIClient, error) {
return c, nil return c, nil
} }
func startServer(logger *log.Logger, config *koanf.Koanf, handlerChain http.Handler) { func startServer(logger *slog.Logger, config *koanf.Koanf, handlerChain http.Handler) error {
clientCertificateCAFile := config.MustString("security.client.ca-file") clientCertificateCAFile := config.MustString("security.client.ca-file")
serverBindAddress := config.String("server.bind_address") serverBindAddress := config.String("server.bind_address")
serverName := config.String("server.name") serverName := config.String("server.name")
@ -207,7 +228,7 @@ func startServer(logger *log.Logger, config *koanf.Koanf, handlerChain http.Hand
pemBytes, err := os.ReadFile(clientCertificateCAFile) pemBytes, err := os.ReadFile(clientCertificateCAFile)
if err != nil { if err != nil {
logger.WithError(err).Fatal("could not load client CA certificates") return fmt.Errorf("could not load client CA certificates: %w", err)
} }
clientCertPool.AppendCertsFromPEM(pemBytes) clientCertPool.AppendCertsFromPEM(pemBytes)
@ -233,7 +254,7 @@ func startServer(logger *log.Logger, config *koanf.Koanf, handlerChain http.Hand
go func() { go func() {
<-quit <-quit
logger.Infoln("Server is shutting down...") logger.Info("Server is shutting down...")
atomic.StoreInt32(&handlers.Healthy, 0) atomic.StoreInt32(&handlers.Healthy, 0)
ctx, cancel := context.WithTimeout(context.Background(), ShutdownTimeout) ctx, cancel := context.WithTimeout(context.Background(), ShutdownTimeout)
@ -242,27 +263,30 @@ func startServer(logger *log.Logger, config *koanf.Koanf, handlerChain http.Hand
server.SetKeepAlivesEnabled(false) server.SetKeepAlivesEnabled(false)
if err := server.Shutdown(ctx); err != nil { if err := server.Shutdown(ctx); err != nil {
logger.WithError(err).Fatal("Could not gracefully shutdown the server") logger.Error("could not shutdown server gracefully", "error", err)
} }
close(done) close(done)
}() }()
logger.WithFields(log.Fields{ logger.Info(
"address": server.Addr, "url": publicAddress(serverName, serverPort), "Server is ready to handle requests",
}).Info("Server is ready to handle requests") "address", server.Addr, "url", publicAddress(serverName, serverPort),
)
atomic.StoreInt32(&handlers.Healthy, 1) atomic.StoreInt32(&handlers.Healthy, 1)
if err := server.ListenAndServeTLS( if err := server.ListenAndServeTLS(
config.String("server.certificate"), config.String("server.key"), config.String("server.certificate"), config.String("server.key"),
); err != nil && !errors.Is(err, http.ErrServerClosed) { ); err != nil && !errors.Is(err, http.ErrServerClosed) {
logger.WithError(err).WithField( logger.Error("could not listen on configured server address", "server_addr", server.Addr)
"server_addr", server.Addr,
).Fatal("Could not listen on configured server address") return fmt.Errorf("could not create listener: %w", err)
} }
<-done <-done
logger.Infoln("Server stopped") logger.Info("Server stopped")
return nil
} }
func publicAddress(serverName string, serverPort int) string { func publicAddress(serverName string, serverPort int) string {
@ -273,42 +297,66 @@ func publicAddress(serverName string, serverPort int) string {
return fmt.Sprintf("https://%s/", serverName) return fmt.Sprintf("https://%s/", serverName)
} }
func configureSessionParameters(config *koanf.Koanf) ([]byte, []byte) { func configureSessionParameters(config *koanf.Koanf) ([]byte, []byte, []byte, error) { //nolint:cyclop
sessionAuthKey, err := base64.StdEncoding.DecodeString(config.String("session.auth-key")) sessionAuthKey, err := base64.StdEncoding.DecodeString(config.String("session.auth-key"))
if err != nil { if err != nil {
log.WithError(err).Fatal("could not decode session auth key") return nil, nil, nil, fmt.Errorf("could not decode session auth key: %w", err)
} }
sessionEncKey, err := base64.StdEncoding.DecodeString(config.String("session.enc-key")) sessionEncKey, err := base64.StdEncoding.DecodeString(config.String("session.enc-key"))
if err != nil { if err != nil {
log.WithError(err).Fatal("could not decode session encryption key") return nil, nil, nil, fmt.Errorf("could not decode session encryption key: %w", err)
}
csrfKey, err := base64.StdEncoding.DecodeString(config.String("security.csrf.key"))
if err != nil {
return nil, nil, nil, fmt.Errorf("could not decode CSRF key bytes: %w", err)
} }
generated := false generated := false
if len(sessionAuthKey) != sessionAuthKeyLength { if len(sessionAuthKey) != sessionAuthKeyLength {
sessionAuthKey = services.GenerateKey(sessionAuthKeyLength) sessionAuthKey, err = services.GenerateKey(sessionAuthKeyLength)
if err != nil {
return nil, nil, nil, fmt.Errorf("could not generate session authentication key: %w", err)
}
generated = true generated = true
} }
if len(sessionEncKey) != sessionKeyLength { if len(sessionEncKey) != sessionKeyLength {
sessionEncKey = services.GenerateKey(sessionKeyLength) sessionEncKey, err = services.GenerateKey(sessionKeyLength)
if err != nil {
return nil, nil, nil, fmt.Errorf("could not generate session encryption key: %w", err)
}
generated = true
}
if len(csrfKey) < minCSRFKeyLength {
csrfKey, err = services.GenerateKey(minCSRFKeyLength)
if err != nil {
return nil, nil, nil, fmt.Errorf("could not generate CSRF key: %w", err)
}
generated = true generated = true
} }
if generated { if generated {
_ = config.Load(confmap.Provider(map[string]interface{}{ _ = config.Load(confmap.Provider(map[string]interface{}{
"session.auth-key": sessionAuthKey, "session.auth-key": base64.StdEncoding.EncodeToString(sessionAuthKey),
"session.enc-key": sessionEncKey, "session.enc-key": base64.StdEncoding.EncodeToString(sessionEncKey),
"security.csrf.key": base64.StdEncoding.EncodeToString(csrfKey),
}, "."), nil) }, "."), nil)
tomlData, err := config.Marshal(toml.Parser()) tomlData, err := config.Marshal(toml.Parser())
if err != nil { if err != nil {
log.WithError(err).Fatal("could not encode session config") return nil, nil, nil, fmt.Errorf("could not encode session config: %w", err)
} }
log.Infof("put the following in your resource_app.toml:\n%s", string(tomlData)) slog.Info("generated configuration values, put the following into your idp.toml")
fmt.Printf("------\n%s------\n", string(tomlData)) //nolint:forbidigo
} }
return sessionAuthKey, sessionEncKey return sessionAuthKey, sessionEncKey, csrfKey, nil
} }

1
go.mod
View file

@ -12,7 +12,6 @@ require (
github.com/lestrrat-go/jwx v1.2.29 github.com/lestrrat-go/jwx v1.2.29
github.com/nicksnyder/go-i18n/v2 v2.4.0 github.com/nicksnyder/go-i18n/v2 v2.4.0
github.com/ory/hydra-client-go/v2 v2.2.0 github.com/ory/hydra-client-go/v2 v2.2.0
github.com/sirupsen/logrus v1.9.3
github.com/spf13/pflag v1.0.5 github.com/spf13/pflag v1.0.5
github.com/yuin/goldmark v1.7.1 github.com/yuin/goldmark v1.7.1
golang.org/x/text v0.15.0 golang.org/x/text v0.15.0

3
go.sum
View file

@ -262,8 +262,6 @@ github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg
github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@ -384,7 +382,6 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

View file

@ -22,12 +22,12 @@ import (
"context" "context"
"fmt" "fmt"
"html/template" "html/template"
"log/slog"
"net/http" "net/http"
"github.com/dustin/go-humanize" "github.com/dustin/go-humanize"
"github.com/gorilla/sessions" "github.com/gorilla/sessions"
"github.com/nicksnyder/go-i18n/v2/i18n" "github.com/nicksnyder/go-i18n/v2/i18n"
log "github.com/sirupsen/logrus"
"code.cacert.org/cacert/oidc-idp/ui" "code.cacert.org/cacert/oidc-idp/ui"
@ -46,7 +46,7 @@ func GetSession(r *http.Request) (*sessions.Session, error) {
} }
type AuthMiddleware struct { type AuthMiddleware struct {
logger *log.Logger logger *slog.Logger
trans *services.I18NService trans *services.I18NService
templates TemplateCache templates TemplateCache
} }
@ -83,7 +83,7 @@ func GetAuthenticatedAddresses(r *http.Request) []string {
return nil return nil
} }
func NewAuthMiddleware(logger *log.Logger, tc TemplateCache, trans *services.I18NService) *AuthMiddleware { func NewAuthMiddleware(logger *slog.Logger, tc TemplateCache, trans *services.I18NService) *AuthMiddleware {
return &AuthMiddleware{logger: logger, trans: trans, templates: tc} return &AuthMiddleware{logger: logger, trans: trans, templates: tc}
} }
@ -104,13 +104,13 @@ const (
type TemplateCache map[templateName]*template.Template type TemplateCache map[templateName]*template.Template
func (c TemplateCache) render( func (c TemplateCache) render(
logger *log.Logger, w http.ResponseWriter, name templateName, params map[string]interface{}, logger *slog.Logger, w http.ResponseWriter, name templateName, params map[string]interface{},
) { ) {
rendered := bytes.NewBuffer(make([]byte, 0)) rendered := bytes.NewBuffer(make([]byte, 0))
err := c[name].Lookup("base").Execute(rendered, params) err := c[name].Lookup("base").Execute(rendered, params)
if err != nil { if err != nil {
logger.WithError(err).Error("template rendering failed") logger.Error("template rendering failed", "error", err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return return
@ -166,7 +166,7 @@ func PopulateTemplateCache() TemplateCache {
} }
func renderNoEmailsInClientCertificate( func renderNoEmailsInClientCertificate(
logger *log.Logger, logger *slog.Logger,
templates TemplateCache, templates TemplateCache,
trans *services.I18NService, trans *services.I18NService,
w http.ResponseWriter, w http.ResponseWriter,
@ -179,7 +179,7 @@ func renderNoEmailsInClientCertificate(
"Explanation": msg("NoEmailsInClientCertificateExplanation", nil, localizer), "Explanation": msg("NoEmailsInClientCertificateExplanation", nil, localizer),
}) })
if err != nil { if err != nil {
logger.WithError(err).Error("template rendering failed") logger.Error("template rendering failed", "error", err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return return

View file

@ -22,6 +22,7 @@ import (
"errors" "errors"
"fmt" "fmt"
"html/template" "html/template"
"log/slog"
"net/http" "net/http"
"net/url" "net/url"
"strings" "strings"
@ -33,14 +34,13 @@ import (
"github.com/lestrrat-go/jwx/jwt/openid" "github.com/lestrrat-go/jwx/jwt/openid"
"github.com/nicksnyder/go-i18n/v2/i18n" "github.com/nicksnyder/go-i18n/v2/i18n"
client "github.com/ory/hydra-client-go/v2" client "github.com/ory/hydra-client-go/v2"
log "github.com/sirupsen/logrus"
"code.cacert.org/cacert/oidc-idp/internal/models" "code.cacert.org/cacert/oidc-idp/internal/models"
"code.cacert.org/cacert/oidc-idp/internal/services" "code.cacert.org/cacert/oidc-idp/internal/services"
) )
type ConsentHandler struct { type ConsentHandler struct {
logger *log.Logger logger *slog.Logger
trans *services.I18NService trans *services.I18NService
adminClient client.OAuth2API adminClient client.OAuth2API
templates TemplateCache templates TemplateCache
@ -108,7 +108,7 @@ func (i *UserInfo) GetFullName() string {
func (h *ConsentHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { func (h *ConsentHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
challenge := r.URL.Query().Get("consent_challenge") challenge := r.URL.Query().Get("consent_challenge")
h.logger.WithField("consent_challenge", challenge).Debug("received consent challenge") h.logger.Debug("received consent challenge", "consent_challenge", challenge)
localizer := getLocalizer(h.trans, r) localizer := getLocalizer(h.trans, r)
@ -121,7 +121,7 @@ func (h *ConsentHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
session, err := GetSession(r) session, err := GetSession(r)
if err != nil { if err != nil {
h.logger.WithError(err).Error("could get session for request") h.logger.Error("could get session for request", "error", err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@ -149,7 +149,7 @@ func (h *ConsentHandler) handleGet(
if consentData.GetSkip() { if consentData.GetSkip() {
consentRequest, err := h.handleExistingConsent(consentData, requestedClaims, session) consentRequest, err := h.handleExistingConsent(consentData, requestedClaims, session)
if err != nil { if err != nil {
h.logger.WithError(err).Error("could not handle existing consent") h.logger.Error("could not handle existing consent", "error", err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@ -158,7 +158,7 @@ func (h *ConsentHandler) handleGet(
err = h.acceptConsent(w, r, challenge, consentRequest) err = h.acceptConsent(w, r, challenge, consentRequest)
if err != nil { if err != nil {
h.logger.WithError(err).Error("could not accept consent") h.logger.Error("could not accept consent", "error", err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
} }
@ -182,7 +182,7 @@ func (h *ConsentHandler) handlePost(
// validate input // validate input
decoder := form.NewDecoder() decoder := form.NewDecoder()
if err := decoder.Decode(&consentInfo, r.Form); err != nil { if err := decoder.Decode(&consentInfo, r.Form); err != nil {
h.logger.WithError(err).Error("could not decode consent form") h.logger.Error("could not decode consent form", "error", err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return return
@ -191,14 +191,14 @@ func (h *ConsentHandler) handlePost(
if consentInfo.ConsentAction == "consent" { if consentInfo.ConsentAction == "consent" {
consentRequest, err := h.rememberNewConsent(consentData, consentInfo, requestedClaims, session) consentRequest, err := h.rememberNewConsent(consentData, consentInfo, requestedClaims, session)
if err != nil { if err != nil {
h.logger.WithError(err).Error("could not accept consent") h.logger.Error("could not accept consent", "error", err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
} }
err = h.acceptConsent(w, r, challenge, consentRequest) err = h.acceptConsent(w, r, challenge, consentRequest)
if err != nil { if err != nil {
h.logger.WithError(err).Error("could not accept consent") h.logger.Error("could not accept consent", "error", err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
} }
@ -210,7 +210,7 @@ func (h *ConsentHandler) handlePost(
r.Context(), r.Context(),
).ConsentChallenge(challenge).Execute() ).ConsentChallenge(challenge).Execute()
if err != nil { if err != nil {
h.logger.WithError(err).Error("reject consent request failed") h.logger.Error("reject consent request failed", "error", err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return return
@ -218,9 +218,10 @@ func (h *ConsentHandler) handlePost(
defer func() { _ = response.Body.Close() }() defer func() { _ = response.Body.Close() }()
h.logger.WithFields( h.logger.Debug(
log.Fields{"response": response.Status, "reject_consent_request": consentRequest}, "received response for RejectOAuth2ConsentRequest",
).Debug("received response for RejectOAuth2ConsentRequest") "response", response.Status, "reject_consent_request", consentRequest,
)
w.Header().Add("Location", consentRequest.GetRedirectTo()) w.Header().Add("Location", consentRequest.GetRedirectTo())
w.WriteHeader(http.StatusFound) w.WriteHeader(http.StatusFound)
@ -266,9 +267,10 @@ func (h *ConsentHandler) acceptConsent(
defer func() { _ = response.Body.Close() }() defer func() { _ = response.Body.Close() }()
h.logger.WithFields( h.logger.Debug(
log.Fields{"response": response.Status, "redirect_to": oAuth2RedirectTo}, "received response for AcceptOAuth2ConsentRequest",
).Debug("received response for AcceptOAuth2ConsentRequest") "response", response.Status, "redirect_to", oAuth2RedirectTo,
)
w.Header().Add("Location", oAuth2RedirectTo.GetRedirectTo()) w.Header().Add("Location", oAuth2RedirectTo.GetRedirectTo())
w.WriteHeader(http.StatusFound) w.WriteHeader(http.StatusFound)
@ -305,7 +307,7 @@ func (h *ConsentHandler) getRequestedConsentInformation(challenge string, r *htt
r.Context(), r.Context(),
).ConsentChallenge(challenge).Execute() ).ConsentChallenge(challenge).Execute()
if err != nil { if err != nil {
h.logger.WithError(err).Error("error getting consent information") h.logger.Error("error getting consent information", "error", err)
if errorBucket := GetErrorBucket(r); errorBucket != nil { if errorBucket := GetErrorBucket(r); errorBucket != nil {
errorDetails := &ErrorDetails{ errorDetails := &ErrorDetails{
@ -321,9 +323,10 @@ func (h *ConsentHandler) getRequestedConsentInformation(challenge string, r *htt
defer func() { _ = response.Body.Close() }() defer func() { _ = response.Body.Close() }()
h.logger.WithFields( h.logger.Debug(
log.Fields{"response": response.Status, "consent_request": consentRequest}, "response for GetOAuth2ConsentRequest",
).Debug("response for GetOAuth2ConsentRequest") "response", response.Status, "consent_request", consentRequest,
)
var requestedClaims models.OIDCClaimsRequest var requestedClaims models.OIDCClaimsRequest
@ -331,9 +334,10 @@ func (h *ConsentHandler) getRequestedConsentInformation(challenge string, r *htt
requestURL, err := url.Parse(requestURLStr) requestURL, err := url.Parse(requestURLStr)
if err != nil { if err != nil {
h.logger.WithError(err).WithField( h.logger.Warn(
"request_url", requestURLStr, "could not parse original request URL",
).Warn("could not parse original request URL") "error", err, "request_url", requestURLStr,
)
} else { } else {
claimsParameter := requestURL.Query().Get("claims") claimsParameter := requestURL.Query().Get("claims")
if claimsParameter != "" { if claimsParameter != "" {
@ -341,9 +345,10 @@ func (h *ConsentHandler) getRequestedConsentInformation(challenge string, r *htt
err := decoder.Decode(&requestedClaims) err := decoder.Decode(&requestedClaims)
if err != nil { if err != nil {
h.logger.WithError(err).WithField( h.logger.Warn(
"claims_parameter", claimsParameter, "ignoring claims request parameter that could not be decoded",
).Warn("ignoring claims request parameter that could not be decoded") "error", err, "claims_parameter", claimsParameter,
)
} }
} }
} }
@ -410,7 +415,7 @@ func (h *ConsentHandler) mapRequestedScope(
for _, scopeName := range scope { for _, scopeName := range scope {
if _, ok := supportedScopes[scopeName]; !ok { if _, ok := supportedScopes[scopeName]; !ok {
h.logger.WithField("scope", scopeName).Warn("ignoring unsupported scope") h.logger.Warn("ignoring unsupported scope", "scope", scopeName)
continue continue
} }
@ -419,7 +424,7 @@ func (h *ConsentHandler) mapRequestedScope(
DefaultMessage: supportedScopes[scopeName], DefaultMessage: supportedScopes[scopeName],
}) })
if err != nil { if err != nil {
h.logger.WithError(err).WithField("scope", scopeName).Warn("could not localize scope label") h.logger.Warn("could not localize scope label", "error", err, "scope", scopeName)
label = scopeName label = scopeName
} }
@ -446,7 +451,7 @@ func (h *ConsentHandler) mapRequestedClaims(
if claimElement != nil { if claimElement != nil {
for k, v := range *claimElement { for k, v := range *claimElement {
if _, ok := supportedClaims[k]; !ok { if _, ok := supportedClaims[k]; !ok {
h.logger.WithField("claim", k).Warn("ignoring unsupported claim") h.logger.Warn("ignoring unsupported claim", "claim", k)
continue continue
} }
@ -455,7 +460,7 @@ func (h *ConsentHandler) mapRequestedClaims(
DefaultMessage: supportedClaims[k], DefaultMessage: supportedClaims[k],
}) })
if err != nil { if err != nil {
h.logger.WithError(err).WithField("claim", k).Warn("could not localize claim label") h.logger.Warn("could not localize claim label", "error", err, "claim", k)
label = k label = k
} }
@ -585,9 +590,9 @@ func (h *ConsentHandler) parseUserInfoClaims(
} }
if claim.IsEssential() { if claim.IsEssential() {
h.logger.WithField("claim", claimName).Warn("handling for essential claim not implemented") h.logger.Warn("handling for essential claim not implemented", "claim", claimName)
} else { } else {
h.logger.WithField("claim", claimName).Warn("handling for claim not implemented") h.logger.Warn("handling for claim not implemented", "claim", claimName)
} }
} }
@ -595,7 +600,7 @@ func (h *ConsentHandler) parseUserInfoClaims(
} }
func NewConsentHandler( func NewConsentHandler(
logger *log.Logger, templateCache TemplateCache, trans *services.I18NService, adminClient client.OAuth2API, logger *slog.Logger, templateCache TemplateCache, trans *services.I18NService, adminClient client.OAuth2API,
) *ConsentHandler { ) *ConsentHandler {
return &ConsentHandler{ return &ConsentHandler{
logger: logger, logger: logger,

View file

@ -22,10 +22,9 @@ import (
"context" "context"
"fmt" "fmt"
"html/template" "html/template"
"log/slog"
"net/http" "net/http"
log "github.com/sirupsen/logrus"
"code.cacert.org/cacert/oidc-idp/internal/services" "code.cacert.org/cacert/oidc-idp/internal/services"
"code.cacert.org/cacert/oidc-idp/ui" "code.cacert.org/cacert/oidc-idp/ui"
) )
@ -44,7 +43,7 @@ type ErrorDetails struct {
} }
type ErrorBucket struct { type ErrorBucket struct {
logger *log.Logger logger *slog.Logger
trans *services.I18NService trans *services.I18NService
errorDetails *ErrorDetails errorDetails *ErrorDetails
templates TemplateCache templates TemplateCache
@ -118,9 +117,7 @@ func (w *errorResponseWriter) Write(content []byte) (int, error) {
} }
func ErrorHandling( func ErrorHandling(
logger *log.Logger, logger *slog.Logger, templateCache TemplateCache, trans *services.I18NService,
templateCache TemplateCache,
trans *services.I18NService,
) (func(http.Handler) http.Handler, error) { ) (func(http.Handler) http.Handler, error) {
return func(next http.Handler) http.Handler { return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@ -139,7 +136,7 @@ func ErrorHandling(
} }
type ErrorHandler struct { type ErrorHandler struct {
logger *log.Logger logger *slog.Logger
trans *services.I18NService trans *services.I18NService
template *template.Template template *template.Template
} }
@ -156,10 +153,10 @@ func (h *ErrorHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
errorName := r.URL.Query().Get("error") errorName := r.URL.Query().Get("error")
errorDescription := r.URL.Query().Get("error_description") errorDescription := r.URL.Query().Get("error_description")
h.logger.WithFields(log.Fields{ h.logger.Debug(
"error_name": errorName, "error from Hydra",
"error_description": errorDescription, "error_name", errorName, "error_description", errorDescription,
}).Debug("error from Hydra") )
rendered := bytes.NewBuffer(make([]byte, 0)) rendered := bytes.NewBuffer(make([]byte, 0))
@ -174,7 +171,7 @@ func (h *ErrorHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
"ErrorMessage": errorDescription, "ErrorMessage": errorDescription,
}) })
if err != nil { if err != nil {
h.logger.WithError(err).Error("template rendering failed") h.logger.Error("template rendering failed", "error", err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return return
@ -186,7 +183,7 @@ func (h *ErrorHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
_, _ = w.Write(rendered.Bytes()) _, _ = w.Write(rendered.Bytes())
} }
func NewErrorHandler(logger *log.Logger, trans *services.I18NService) *ErrorHandler { func NewErrorHandler(logger *slog.Logger, trans *services.I18NService) *ErrorHandler {
return &ErrorHandler{ return &ErrorHandler{
logger: logger, logger: logger,
trans: trans, trans: trans,

View file

@ -23,12 +23,12 @@ import (
"fmt" "fmt"
"html/template" "html/template"
"io" "io"
"log/slog"
"net/http" "net/http"
"github.com/gorilla/csrf" "github.com/gorilla/csrf"
"github.com/nicksnyder/go-i18n/v2/i18n" "github.com/nicksnyder/go-i18n/v2/i18n"
client "github.com/ory/hydra-client-go/v2" client "github.com/ory/hydra-client-go/v2"
log "github.com/sirupsen/logrus"
"code.cacert.org/cacert/oidc-idp/internal/services" "code.cacert.org/cacert/oidc-idp/internal/services"
) )
@ -49,7 +49,7 @@ const (
) )
type LoginHandler struct { type LoginHandler struct {
logger *log.Logger logger *slog.Logger
trans *services.I18NService trans *services.I18NService
adminClient client.OAuth2API adminClient client.OAuth2API
templates TemplateCache templates TemplateCache
@ -72,7 +72,7 @@ func (h *LoginHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
return return
} }
h.logger.WithField("challenge", challenge).Debug("received login challenge") h.logger.Debug("received login challenge", "challenge", challenge)
certFullName, certEmails := getDataFromClientCert(h.logger, r) certFullName, certEmails := getDataFromClientCert(h.logger, r)
@ -100,9 +100,10 @@ func (h *LoginHandler) handleGet(
r.Context(), r.Context(),
).LoginChallenge(challenge).Execute() ).LoginChallenge(challenge).Execute()
if err != nil { if err != nil {
h.logger.WithError(err).WithField( h.logger.Warn(
"challenge", challenge, "could not get login request for challenge",
).Warn("could not get login request for challenge") "error", err, "challenge", challenge,
)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@ -111,9 +112,10 @@ func (h *LoginHandler) handleGet(
defer func() { _ = response.Body.Close() }() defer func() { _ = response.Body.Close() }()
h.logger.WithFields( h.logger.Debug(
log.Fields{"response": response.Status, "login_request": oAuth2LoginRequest}, "got response for GetOAuth2LoginRequest",
).Debug("got response for GetOAuth2LoginRequest") "response", response.Status, "login_request", oAuth2LoginRequest,
)
h.renderRequestForClientCert(w, r, certEmails, localizer, oAuth2LoginRequest) h.renderRequestForClientCert(w, r, certEmails, localizer, oAuth2LoginRequest)
} }
@ -151,14 +153,14 @@ func (h *LoginHandler) handlePost(
} }
// perform certificate auth // perform certificate auth
h.logger.WithFields(log.Fields{ h.logger.Info(
"emails": certEmails, "will perform certificate authentication",
"full_name": certFullName, "emails", certEmails, "full_name", certFullName,
}).Info("will perform certificate authentication") )
userID, err := h.performCertificateLogin(certEmails, r) userID, err := h.performCertificateLogin(certEmails, r)
if err != nil { if err != nil {
h.logger.WithError(err).Error("could not perform certificate login") h.logger.Error("could not perform certificate login", "error", err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return return
@ -166,7 +168,7 @@ func (h *LoginHandler) handlePost(
session, err := GetSession(r) session, err := GetSession(r)
if err != nil { if err != nil {
h.logger.WithError(err).Error("could not perform certificate login") h.logger.Error("could not perform certificate login", "error", err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return return
@ -178,7 +180,7 @@ func (h *LoginHandler) handlePost(
session.Options.Secure = true session.Options.Secure = true
if err = session.Save(r, w); err != nil { if err = session.Save(r, w); err != nil {
h.logger.WithError(err).Error("could not save session") h.logger.Error("could not save session", "error", err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return return
@ -194,7 +196,7 @@ func (h *LoginHandler) handlePost(
r.Context(), r.Context(),
).LoginChallenge(challenge).AcceptOAuth2LoginRequest(*acceptRequest).Execute() ).LoginChallenge(challenge).AcceptOAuth2LoginRequest(*acceptRequest).Execute()
if err != nil { if err != nil {
h.logger.WithError(err).Error("error getting login request") h.logger.Error("error getting login request", "error", err)
// h.fillAcceptLoginRequestErrorBucket(r, err) // h.fillAcceptLoginRequestErrorBucket(r, err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@ -204,13 +206,13 @@ func (h *LoginHandler) handlePost(
defer func() { _ = response.Body.Close() }() defer func() { _ = response.Body.Close() }()
h.logger.WithFields( h.logger.Debug("got response for AcceptOAuth2LoginRequest",
log.Fields{"response": response.Status, "accept_login_request": loginRequest}, "response", response.Status, "accept_login_request", loginRequest,
).Debug("got response for AcceptOAuth2LoginRequest") )
if h.logger.IsLevelEnabled(log.TraceLevel) { if h.logger.Enabled(r.Context(), slog.LevelDebug) {
if rb, err := io.ReadAll(response.Body); err == nil { if rb, err := io.ReadAll(response.Body); err == nil {
h.logger.WithField("response_body", rb).Trace("response body from Hydra") h.logger.Debug("response body from Hydra", "response_body", rb)
} }
} }
@ -233,7 +235,7 @@ func (h *LoginHandler) rejectLogin(
r.Context(), r.Context(),
).LoginChallenge(challenge).RejectOAuth2Request(*rejectRequest).Execute() ).LoginChallenge(challenge).RejectOAuth2Request(*rejectRequest).Execute()
if err != nil { if err != nil {
h.logger.WithError(err).Error("error getting reject login request") h.logger.Error("error getting reject login request", "error", err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return return
@ -241,9 +243,10 @@ func (h *LoginHandler) rejectLogin(
defer func() { _ = response.Body.Close() }() defer func() { _ = response.Body.Close() }()
h.logger.WithFields( h.logger.Debug(
log.Fields{"response": response.Status, "reject_login_request": rejectLoginRequest}, "go response for RejectOAuth2LoginRequest",
).Debug("go response for RejectOAuth2LoginRequest") "response", response.Status, "reject_login_request", rejectLoginRequest,
)
w.Header().Set("Location", rejectLoginRequest.GetRedirectTo()) w.Header().Set("Location", rejectLoginRequest.GetRedirectTo())
w.WriteHeader(http.StatusFound) w.WriteHeader(http.StatusFound)
@ -278,7 +281,7 @@ func (h *LoginHandler) renderRequestForClientCert(
"FlashMessage": r.Context().Value(ctxKeyMessage), "FlashMessage": r.Context().Value(ctxKeyMessage),
}) })
if err != nil { if err != nil {
h.logger.WithError(err).Error("template rendering failed") h.logger.Error("template rendering failed", "error", err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return return
@ -310,7 +313,7 @@ func (h *LoginHandler) renderNoChallengeInRequest(w http.ResponseWriter, localiz
)), )),
}) })
if err != nil { if err != nil {
h.logger.WithError(err).Error("template rendering failed") h.logger.Error("template rendering failed", "error", err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return return
@ -318,7 +321,7 @@ func (h *LoginHandler) renderNoChallengeInRequest(w http.ResponseWriter, localiz
} }
func NewLoginHandler( func NewLoginHandler(
logger *log.Logger, tc TemplateCache, trans *services.I18NService, adminClient client.OAuth2API, logger *slog.Logger, tc TemplateCache, trans *services.I18NService, adminClient client.OAuth2API,
) *LoginHandler { ) *LoginHandler {
return &LoginHandler{ return &LoginHandler{
logger: logger, logger: logger,

View file

@ -19,28 +19,28 @@ package handlers
import ( import (
"html/template" "html/template"
"log/slog"
"net/http" "net/http"
client "github.com/ory/hydra-client-go/v2" client "github.com/ory/hydra-client-go/v2"
log "github.com/sirupsen/logrus"
"code.cacert.org/cacert/oidc-idp/internal/services" "code.cacert.org/cacert/oidc-idp/internal/services"
) )
type LogoutHandler struct { type LogoutHandler struct {
adminClient client.OAuth2API adminClient client.OAuth2API
logger *log.Logger logger *slog.Logger
} }
func (h *LogoutHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { func (h *LogoutHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
challenge := r.URL.Query().Get("logout_challenge") challenge := r.URL.Query().Get("logout_challenge")
h.logger.WithField("challenge", challenge).Debug("received logout challenge") h.logger.Debug("received logout challenge", "challenge", challenge)
logoutRequest, response, err := h.adminClient.GetOAuth2LogoutRequest( logoutRequest, response, err := h.adminClient.GetOAuth2LogoutRequest(
r.Context(), r.Context(),
).LogoutChallenge(challenge).Execute() ).LogoutChallenge(challenge).Execute()
if err != nil { if err != nil {
h.logger.WithError(err).Error("error getting logout requests") h.logger.Error("error getting logout requests", "error", err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return return
@ -48,29 +48,31 @@ func (h *LogoutHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
defer func() { _ = response.Body.Close() }() defer func() { _ = response.Body.Close() }()
h.logger.WithFields( h.logger.Debug(
log.Fields{"response": response.Status, "logout_request": logoutRequest}, "got response for GetOAuth2LogoutRequest",
).Debug("got response for GetOAuth2LogoutRequest") "response", response.Status, "logout_request", logoutRequest,
)
acceptLogoutRequest, response, err := h.adminClient.AcceptOAuth2LogoutRequest( acceptLogoutRequest, response, err := h.adminClient.AcceptOAuth2LogoutRequest(
r.Context(), r.Context(),
).LogoutChallenge(challenge).Execute() ).LogoutChallenge(challenge).Execute()
if err != nil { if err != nil {
h.logger.WithError(err).Error("accept logout request failed") h.logger.Error("accept logout request failed", "error", err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
} }
defer func() { _ = response.Body.Close() }() defer func() { _ = response.Body.Close() }()
h.logger.WithFields( h.logger.Debug(
log.Fields{"response": response.Status, "accept_logout_request": acceptLogoutRequest}, "got response for AcceptOAuth2LogoutRequest",
).Debug("got response for AcceptOAuth2LogoutRequest") "response", response.Status, "accept_logout_request", acceptLogoutRequest,
)
w.Header().Set("Location", acceptLogoutRequest.GetRedirectTo()) w.Header().Set("Location", acceptLogoutRequest.GetRedirectTo())
w.WriteHeader(http.StatusFound) w.WriteHeader(http.StatusFound)
} }
func NewLogout(logger *log.Logger, adminClient client.OAuth2API) *LogoutHandler { func NewLogout(logger *slog.Logger, adminClient client.OAuth2API) *LogoutHandler {
return &LogoutHandler{ return &LogoutHandler{
logger: logger, logger: logger,
adminClient: adminClient, adminClient: adminClient,
@ -78,7 +80,7 @@ func NewLogout(logger *log.Logger, adminClient client.OAuth2API) *LogoutHandler
} }
type LogoutSuccessHandler struct { type LogoutSuccessHandler struct {
logger *log.Logger logger *slog.Logger
trans *services.I18NService trans *services.I18NService
templates TemplateCache templates TemplateCache
} }
@ -103,9 +105,7 @@ func (h *LogoutSuccessHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
} }
func NewLogoutSuccess( func NewLogoutSuccess(
logger *log.Logger, logger *slog.Logger, templateCache TemplateCache, trans *services.I18NService,
templateCache TemplateCache,
trans *services.I18NService,
) *LogoutSuccessHandler { ) *LogoutSuccessHandler {
return &LogoutSuccessHandler{logger: logger, trans: trans, templates: templateCache} return &LogoutSuccessHandler{logger: logger, trans: trans, templates: templateCache}
} }

View file

@ -22,6 +22,7 @@ import (
"fmt" "fmt"
"html/template" "html/template"
"io" "io"
"log/slog"
"net/http" "net/http"
"sort" "sort"
"strings" "strings"
@ -30,13 +31,12 @@ import (
"github.com/gorilla/csrf" "github.com/gorilla/csrf"
"github.com/nicksnyder/go-i18n/v2/i18n" "github.com/nicksnyder/go-i18n/v2/i18n"
client "github.com/ory/hydra-client-go/v2" client "github.com/ory/hydra-client-go/v2"
log "github.com/sirupsen/logrus"
"code.cacert.org/cacert/oidc-idp/internal/services" "code.cacert.org/cacert/oidc-idp/internal/services"
) )
type IndexHandler struct { type IndexHandler struct {
logger *log.Logger logger *slog.Logger
trans *services.I18NService trans *services.I18NService
templates TemplateCache templates TemplateCache
} }
@ -66,12 +66,12 @@ func (h *IndexHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
}) })
} }
func NewIndex(logger *log.Logger, templateCache TemplateCache, trans *services.I18NService) *IndexHandler { func NewIndex(logger *slog.Logger, templateCache TemplateCache, trans *services.I18NService) *IndexHandler {
return &IndexHandler{logger: logger, trans: trans, templates: templateCache} return &IndexHandler{logger: logger, trans: trans, templates: templateCache}
} }
type ManageConsentHandler struct { type ManageConsentHandler struct {
logger *log.Logger logger *slog.Logger
trans *services.I18NService trans *services.I18NService
adminAPI client.OAuth2API adminAPI client.OAuth2API
templates TemplateCache templates TemplateCache
@ -107,7 +107,7 @@ func (h *ManageConsentHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
requestSession, err := GetSession(r) requestSession, err := GetSession(r)
if err != nil { if err != nil {
h.logger.WithError(err).Error("could not get session for request") h.logger.Error("could not get session for request", "error", err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@ -202,7 +202,7 @@ func (h *ManageConsentHandler) getConsentSessions(
) ([]client.OAuth2ConsentSession, bool) { ) ([]client.OAuth2ConsentSession, bool) {
sessions, response, err := h.adminAPI.ListOAuth2ConsentSessions(r.Context()).Subject(subject).Execute() sessions, response, err := h.adminAPI.ListOAuth2ConsentSessions(r.Context()).Subject(subject).Execute()
if err != nil { if err != nil {
h.logger.WithError(err).Error("error getting consent session list") h.logger.Error("error getting consent session list", "error", err)
// h.fillAcceptLoginRequestErrorBucket(r, err) // h.fillAcceptLoginRequestErrorBucket(r, err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@ -212,13 +212,14 @@ func (h *ManageConsentHandler) getConsentSessions(
defer func(response *http.Response) { _ = response.Body.Close() }(response) defer func(response *http.Response) { _ = response.Body.Close() }(response)
h.logger.WithFields( h.logger.Debug(
log.Fields{"response": response.Status, "consent_sessions": sessions}, "got response for AcceptOAuth2LoginRequest",
).Debug("got response for AcceptOAuth2LoginRequest") "response", response.Status, "consent_sessions", sessions,
)
if h.logger.IsLevelEnabled(log.TraceLevel) { if h.logger.Enabled(r.Context(), slog.LevelDebug) {
if rb, err := io.ReadAll(response.Body); err == nil { if rb, err := io.ReadAll(response.Body); err == nil {
h.logger.WithField("response_body", rb).Trace("response body from Hydra") h.logger.Debug("response body from Hydra", "response_body", rb)
} }
} }
@ -226,13 +227,13 @@ func (h *ManageConsentHandler) getConsentSessions(
} }
func NewManageConsent( func NewManageConsent(
logger *log.Logger, tc TemplateCache, trans *services.I18NService, adminAPI client.OAuth2API, logger *slog.Logger, tc TemplateCache, trans *services.I18NService, adminAPI client.OAuth2API,
) *ManageConsentHandler { ) *ManageConsentHandler {
return &ManageConsentHandler{logger: logger, trans: trans, adminAPI: adminAPI, templates: tc} return &ManageConsentHandler{logger: logger, trans: trans, adminAPI: adminAPI, templates: tc}
} }
type RevokeConsentHandler struct { type RevokeConsentHandler struct {
logger *log.Logger logger *slog.Logger
trans *services.I18NService trans *services.I18NService
adminAPI client.OAuth2API adminAPI client.OAuth2API
templates TemplateCache templates TemplateCache
@ -272,7 +273,7 @@ func (h *RevokeConsentHandler) handleGet(
) { ) {
clientApp, found, err := h.getClient(r.Context(), clientID) clientApp, found, err := h.getClient(r.Context(), clientID)
if err != nil { if err != nil {
h.logger.WithError(err).Error("could not get client") h.logger.Error("could not get client", "error", err)
http.Error( http.Error(
w, h.trans.LookupHTTPErrorMessage(http.StatusInternalServerError, localizer), w, h.trans.LookupHTTPErrorMessage(http.StatusInternalServerError, localizer),
@ -308,7 +309,7 @@ func (h *RevokeConsentHandler) handlePost(
) { ) {
err := h.revokeConsent(r.Context(), clientID, subject) err := h.revokeConsent(r.Context(), clientID, subject)
if err != nil { if err != nil {
h.logger.WithError(err).Error("could not revoke consent") h.logger.Error("could not revoke consent", "error", err)
http.Error( http.Error(
w, h.trans.LookupHTTPErrorMessage(http.StatusInternalServerError, localizer), w, h.trans.LookupHTTPErrorMessage(http.StatusInternalServerError, localizer),
@ -329,13 +330,14 @@ func (h *RevokeConsentHandler) getClient(ctx context.Context, clientID string) (
defer func(response *http.Response) { _ = response.Body.Close() }(response) defer func(response *http.Response) { _ = response.Body.Close() }(response)
h.logger.WithFields( h.logger.Debug(
log.Fields{"response": response.Status, "client_app": clientApp}, "got response for GetOAuth2Client",
).Debug("got response for GetOAuth2Client") "response", response.Status, "client_app", clientApp,
)
if h.logger.IsLevelEnabled(log.TraceLevel) { if h.logger.Enabled(ctx, slog.LevelDebug) {
if rb, err := io.ReadAll(response.Body); err == nil { if rb, err := io.ReadAll(response.Body); err == nil {
h.logger.WithField("response_body", rb).Trace("response body from Hydra") h.logger.Debug("response body from Hydra", "response_body", rb)
} }
} }
@ -350,13 +352,11 @@ func (h *RevokeConsentHandler) revokeConsent(ctx context.Context, clientID, subj
defer func(response *http.Response) { _ = response.Body.Close() }(response) defer func(response *http.Response) { _ = response.Body.Close() }(response)
h.logger.WithFields( h.logger.Debug("got response for RevokeOAuth2ConsentSessions", "response", response.Status)
log.Fields{"response": response.Status},
).Debug("got response for RevokeOAuth2ConsentSessions")
if h.logger.IsLevelEnabled(log.TraceLevel) { if h.logger.Enabled(ctx, slog.LevelDebug) {
if rb, err := io.ReadAll(response.Body); err == nil { if rb, err := io.ReadAll(response.Body); err == nil {
h.logger.WithField("response_body", rb).Trace("response body from Hydra") h.logger.Debug("response body from Hydra", "response_body", rb)
} }
} }
@ -364,7 +364,7 @@ func (h *RevokeConsentHandler) revokeConsent(ctx context.Context, clientID, subj
} }
func NewRevokeConsent( func NewRevokeConsent(
logger *log.Logger, tc TemplateCache, trans *services.I18NService, adminAPI client.OAuth2API, logger *slog.Logger, tc TemplateCache, trans *services.I18NService, adminAPI client.OAuth2API,
) *RevokeConsentHandler { ) *RevokeConsentHandler {
return &RevokeConsentHandler{logger: logger, trans: trans, adminAPI: adminAPI, templates: tc} return &RevokeConsentHandler{logger: logger, trans: trans, adminAPI: adminAPI, templates: tc}
} }

View file

@ -20,10 +20,9 @@ package handlers
import ( import (
"context" "context"
"fmt" "fmt"
"log/slog"
"net/http" "net/http"
"sync/atomic" "sync/atomic"
log "github.com/sirupsen/logrus"
) )
type key int type key int
@ -54,7 +53,7 @@ func (sci *statusCodeInterceptor) Write(content []byte) (int, error) {
return count, nil return count, nil
} }
func Logging(logger *log.Logger) func(http.Handler) http.Handler { func Logging(logger *slog.Logger) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler { return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
interceptor := &statusCodeInterceptor{w, http.StatusOK, 0} interceptor := &statusCodeInterceptor{w, http.StatusOK, 0}
@ -64,7 +63,8 @@ func Logging(logger *log.Logger) func(http.Handler) http.Handler {
requestID = "unknown" requestID = "unknown"
} }
logger.Infof( logger.Info(
fmt.Sprintf(
"[%s] %s \"%s %s\" %d %d \"%s\"", "[%s] %s \"%s %s\" %d %d \"%s\"",
requestID, requestID,
r.RemoteAddr, r.RemoteAddr,
@ -73,6 +73,7 @@ func Logging(logger *log.Logger) func(http.Handler) http.Handler {
interceptor.code, interceptor.code,
interceptor.count, interceptor.count,
r.UserAgent(), r.UserAgent(),
),
) )
}() }()
next.ServeHTTP(interceptor, r) next.ServeHTTP(interceptor, r)

View file

@ -20,10 +20,9 @@ package handlers
import ( import (
"crypto/x509" "crypto/x509"
"fmt" "fmt"
"log/slog"
"net/http" "net/http"
"time" "time"
log "github.com/sirupsen/logrus"
) )
func EnableHSTS() func(http.Handler) http.Handler { func EnableHSTS() func(http.Handler) http.Handler {
@ -37,7 +36,7 @@ func EnableHSTS() func(http.Handler) http.Handler {
} }
} }
func getDataFromClientCert(logger *log.Logger, r *http.Request) (string, []string) { func getDataFromClientCert(logger *slog.Logger, r *http.Request) (string, []string) {
if r.TLS != nil && r.TLS.PeerCertificates != nil && len(r.TLS.PeerCertificates) > 0 { if r.TLS != nil && r.TLS.PeerCertificates != nil && len(r.TLS.PeerCertificates) > 0 {
firstCert := r.TLS.PeerCertificates[0] firstCert := r.TLS.PeerCertificates[0]
@ -46,9 +45,7 @@ func getDataFromClientCert(logger *log.Logger, r *http.Request) (string, []strin
} }
for _, email := range firstCert.EmailAddresses { for _, email := range firstCert.EmailAddresses {
logger.WithField( logger.Info("authenticated with a client certificate for email address", "email", email)
"email", email,
).Info("authenticated with a client certificate for email address")
} }
return firstCert.Subject.CommonName, firstCert.EmailAddresses return firstCert.Subject.CommonName, firstCert.EmailAddresses

View file

@ -19,6 +19,7 @@ package services
import ( import (
"fmt" "fmt"
"log/slog"
"os" "os"
"strings" "strings"
@ -28,7 +29,6 @@ import (
"github.com/knadh/koanf/providers/env" "github.com/knadh/koanf/providers/env"
"github.com/knadh/koanf/providers/file" "github.com/knadh/koanf/providers/file"
"github.com/knadh/koanf/providers/posflag" "github.com/knadh/koanf/providers/posflag"
"github.com/sirupsen/logrus"
"github.com/spf13/pflag" "github.com/spf13/pflag"
) )
@ -51,7 +51,7 @@ var DefaultConfig = map[string]interface{}{
} }
func ConfigureApplication( func ConfigureApplication(
logger *logrus.Logger, logger *slog.Logger,
appName string, appName string,
defaultConfig map[string]interface{}, defaultConfig map[string]interface{},
) (*koanf.Koanf, error) { ) (*koanf.Koanf, error) {
@ -70,7 +70,7 @@ func ConfigureApplication(
var err error var err error
if err = f.Parse(os.Args[1:]); err != nil { if err = f.Parse(os.Args[1:]); err != nil {
logger.WithError(err).Fatal("could not parse command line arguments") return nil, fmt.Errorf("could not parse command line arguments: %w", err)
} }
config := koanf.New(".") config := koanf.New(".")
@ -78,18 +78,22 @@ func ConfigureApplication(
_ = config.Load(confmap.Provider(defaultConfig, "."), nil) _ = config.Load(confmap.Provider(defaultConfig, "."), nil)
if err = config.Load(file.Provider(defaultFile), toml.Parser()); err != nil && !os.IsNotExist(err) { if err = config.Load(file.Provider(defaultFile), toml.Parser()); err != nil && !os.IsNotExist(err) {
logrus.WithError(err).WithField("file", defaultFile).Fatal("error loading configuration from file") logger.Error("could not load configuration from file", "file", defaultFile)
return nil, fmt.Errorf("error loading configuration: %w", err)
} }
cFiles, _ := f.GetStringSlice("conf") cFiles, _ := f.GetStringSlice("conf")
for _, c := range cFiles { for _, c := range cFiles {
if err = config.Load(file.Provider(c), toml.Parser()); err != nil { if err = config.Load(file.Provider(c), toml.Parser()); err != nil {
logger.WithError(err).WithField("file", c).Fatal("error loading configuration from file") logger.Error("could not load configuration from file", "file", c)
return nil, fmt.Errorf("error loading configuration: %w", err)
} }
} }
if err = config.Load(posflag.Provider(f, ".", config), nil); err != nil { if err = config.Load(posflag.Provider(f, ".", config), nil); err != nil {
logger.WithError(err).Fatal("error loading configuration from command line") return nil, fmt.Errorf("error loading configuration from command line: %w", err)
} }
prefix := fmt.Sprintf("%s_", strings.ToUpper(appName)) prefix := fmt.Sprintf("%s_", strings.ToUpper(appName))
@ -97,7 +101,7 @@ func ConfigureApplication(
if err = config.Load(env.Provider(prefix, ".", func(s string) string { if err = config.Load(env.Provider(prefix, ".", func(s string) string {
return strings.ReplaceAll(strings.ToLower(strings.TrimPrefix(s, prefix)), "_", ".") return strings.ReplaceAll(strings.ToLower(strings.TrimPrefix(s, prefix)), "_", ".")
}), nil); err != nil { }), nil); err != nil {
logrus.WithError(err).Fatal("error loading configuration from environment") return nil, fmt.Errorf("error loading configuration from environment: %w", err)
} }
return config, nil return config, nil

View file

@ -21,9 +21,9 @@ import (
"bytes" "bytes"
"errors" "errors"
"fmt" "fmt"
"log/slog"
"net/http" "net/http"
log "github.com/sirupsen/logrus"
"github.com/yuin/goldmark" "github.com/yuin/goldmark"
"code.cacert.org/cacert/oidc-idp/translations" "code.cacert.org/cacert/oidc-idp/translations"
@ -35,7 +35,7 @@ import (
type MessageCatalog struct { type MessageCatalog struct {
messages map[string]*i18n.Message messages map[string]*i18n.Message
logger *log.Logger logger *slog.Logger
} }
func (m *MessageCatalog) AddMessages(messages map[string]*i18n.Message) { func (m *MessageCatalog) AddMessages(messages map[string]*i18n.Message) {
@ -61,7 +61,7 @@ func (s *I18NService) LookupMessage(
return translation return translation
} }
s.logger.WithField("id", id).Warn("no translation found for id") s.logger.Warn("no translation found for id", "id", id)
return id return id
} }
@ -88,7 +88,7 @@ func (s *I18NService) LookupMarkdownMessage(
TemplateData: templateData, TemplateData: templateData,
}) })
if err != nil { if err != nil {
s.logger.WithError(err).Warn(err) s.logger.Warn("message localization failed", "error", err, "message", message)
} }
if translation == "" { if translation == "" {
@ -105,7 +105,7 @@ func (s *I18NService) LookupMarkdownMessage(
return buf.String() return buf.String()
} }
s.logger.WithField("id", id).Warn("no translation found for id") s.logger.Warn("no translation found for id", "id", id)
return id return id
} }
@ -129,7 +129,7 @@ func (s *I18NService) LookupMessagePlural(
return translation return translation
} }
s.logger.WithField("id", id).Warn("no translation found for id") s.logger.Warn("no translation found for id", "id", id)
return id return id
} }
@ -138,20 +138,20 @@ func (m *MessageCatalog) handleLocalizeError(id string, translation string, err
var messageNotFound *i18n.MessageNotFoundErr var messageNotFound *i18n.MessageNotFoundErr
if errors.As(err, &messageNotFound) { if errors.As(err, &messageNotFound) {
m.logger.WithError(err).WithField("message", id).Warn("message not found") m.logger.Warn("message not found", "error", err, "message", id)
if translation != "" { if translation != "" {
return translation return translation
} }
} else { } else {
m.logger.WithError(err).WithField("message", id).Error("translation error") m.logger.Error("translation error", "error", err, "message", id)
} }
return id return id
} }
type I18NService struct { type I18NService struct {
logger *log.Logger logger *slog.Logger
bundle *i18n.Bundle bundle *i18n.Bundle
catalog *MessageCatalog catalog *MessageCatalog
} }
@ -369,7 +369,7 @@ func (s *I18NService) Localizer(languages string) *i18n.Localizer {
return i18n.NewLocalizer(s.bundle, languages) return i18n.NewLocalizer(s.bundle, languages)
} }
func InitI18n(logger *log.Logger, languages []string) *I18NService { func InitI18n(logger *slog.Logger, languages []string) *I18NService {
bundle := i18n.NewBundle(language.English) bundle := i18n.NewBundle(language.English)
bundle.RegisterUnmarshalFunc("toml", toml.Unmarshal) bundle.RegisterUnmarshalFunc("toml", toml.Unmarshal)
@ -378,7 +378,7 @@ func InitI18n(logger *log.Logger, languages []string) *I18NService {
bundleBytes, err := translations.Bundles.ReadFile(bundleName) bundleBytes, err := translations.Bundles.ReadFile(bundleName)
if err != nil { if err != nil {
logger.WithField("bundle", bundleName).Warn("message bundle not found") logger.Warn("message bundle not found", "bundle", bundleName)
continue continue
} }
@ -391,7 +391,7 @@ func InitI18n(logger *log.Logger, languages []string) *I18NService {
return &I18NService{logger: logger, bundle: bundle, catalog: catalog} return &I18NService{logger: logger, bundle: bundle, catalog: catalog}
} }
func initMessageCatalog(logger *log.Logger) *MessageCatalog { func initMessageCatalog(logger *slog.Logger) *MessageCatalog {
messages := make(map[string]*i18n.Message) messages := make(map[string]*i18n.Message)
messages["ErrorTitle"] = &i18n.Message{ messages["ErrorTitle"] = &i18n.Message{
ID: "ErrorTitle", ID: "ErrorTitle",

View file

@ -19,21 +19,25 @@ package services
import ( import (
"crypto/rand" "crypto/rand"
"errors"
log "github.com/sirupsen/logrus" "log/slog"
) )
func GenerateKey(length int) []byte { var errCouldNotGenerateKey = errors.New("could not generate key")
func GenerateKey(length int) ([]byte, error) {
key := make([]byte, length) key := make([]byte, length)
read, err := rand.Read(key) read, err := rand.Read(key)
if err != nil { if err != nil {
log.WithError(err).Fatal("could not generate key") return nil, errCouldNotGenerateKey
} }
if read != length { if read != length {
log.WithFields(log.Fields{"read": read, "expected": length}).Fatal("read unexpected number of bytes") slog.Error("read unexpected number of bytes", "read", read, "expected", length)
return nil, errCouldNotGenerateKey
} }
return key return key, nil
} }