mirror of
https://github.com/steveiliop56/tinyauth.git
synced 2025-12-12 11:16:35 +00:00
refactor: remove sensitive info logging even in debug mode
This commit is contained in:
Stavros
@@ -114,7 +114,7 @@ func (api *API) SetupRoutes() {
|
||||
RedirectURI: fmt.Sprintf("%s://%s%s", proto, host, uri),
|
||||
})
|
||||
|
||||
log.Debug().Interface("queries", queries).Msg("Redirecting to login")
|
||||
log.Debug().Interface("redirect_uri", fmt.Sprintf("%s://%s%s", proto, host, uri)).Msg("Redirecting to login")
|
||||
|
||||
if queryErr != nil {
|
||||
log.Error().Err(queryErr).Msg("Failed to build query")
|
||||
@@ -142,7 +142,7 @@ func (api *API) SetupRoutes() {
|
||||
return
|
||||
}
|
||||
|
||||
log.Debug().Interface("login", login).Msg("Got login request")
|
||||
log.Debug().Msg("Got login request")
|
||||
|
||||
user := api.Auth.GetUser(login.Username)
|
||||
|
||||
@@ -250,7 +250,7 @@ func (api *API) SetupRoutes() {
|
||||
return
|
||||
}
|
||||
|
||||
log.Debug().Interface("request", request).Msg("Got OAuth request")
|
||||
log.Debug().Msg("Got OAuth request")
|
||||
|
||||
provider := api.Providers.GetProvider(request.Provider)
|
||||
|
||||
@@ -266,7 +266,7 @@ func (api *API) SetupRoutes() {
|
||||
|
||||
authURL := provider.GetAuthURL()
|
||||
|
||||
log.Debug().Str("authURL", authURL).Msg("Got auth URL")
|
||||
log.Debug().Msg("Got auth URL")
|
||||
|
||||
redirectURI := c.Query("redirect_uri")
|
||||
|
||||
@@ -291,7 +291,7 @@ func (api *API) SetupRoutes() {
|
||||
return
|
||||
}
|
||||
|
||||
log.Debug().Interface("providerName", providerName).Msg("Got provider name")
|
||||
log.Debug().Interface("provider", providerName.Provider).Msg("Got provider name")
|
||||
|
||||
code := c.Query("code")
|
||||
|
||||
@@ -301,7 +301,7 @@ func (api *API) SetupRoutes() {
|
||||
return
|
||||
}
|
||||
|
||||
log.Debug().Str("code", code).Msg("Got code")
|
||||
log.Debug().Msg("Got code")
|
||||
|
||||
provider := api.Providers.GetProvider(providerName.Provider)
|
||||
|
||||
@@ -312,9 +312,9 @@ func (api *API) SetupRoutes() {
|
||||
return
|
||||
}
|
||||
|
||||
token, tokenErr := provider.ExchangeToken(code)
|
||||
_, tokenErr := provider.ExchangeToken(code)
|
||||
|
||||
log.Debug().Str("token", token).Msg("Got token")
|
||||
log.Debug().Msg("Got token")
|
||||
|
||||
if handleApiError(c, "Failed to exchange token", tokenErr) {
|
||||
return
|
||||
@@ -363,7 +363,7 @@ func (api *API) SetupRoutes() {
|
||||
RedirectURI: redirectURI,
|
||||
})
|
||||
|
||||
log.Debug().Interface("redirectQuery", redirectQuery).Msg("Got redirect query")
|
||||
log.Debug().Msg("Got redirect query")
|
||||
|
||||
if handleApiError(c, "Failed to build query", redirectQueryErr) {
|
||||
return
|
||||
|
||||
@@ -50,7 +50,7 @@ func (auth *Auth) EmailWhitelisted(emailSrc string) bool {
|
||||
func (auth *Auth) CreateSessionCookie(c *gin.Context, data *types.SessionCookie) {
|
||||
log.Debug().Msg("Creating session cookie")
|
||||
sessions := sessions.Default(c)
|
||||
log.Debug().Interface("data", data).Msg("Setting session cookie")
|
||||
log.Debug().Msg("Setting session cookie")
|
||||
sessions.Set("username", data.Username)
|
||||
sessions.Set("provider", data.Provider)
|
||||
sessions.Save()
|
||||
@@ -70,13 +70,10 @@ func (auth *Auth) GetSessionCookie(c *gin.Context) (types.SessionCookie, error)
|
||||
cookieUsername := sessions.Get("username")
|
||||
cookieProvider := sessions.Get("provider")
|
||||
|
||||
log.Debug().Interface("cookieUsername", cookieUsername).Msg("Got username")
|
||||
log.Debug().Interface("cookieProvider", cookieProvider).Msg("Got provider")
|
||||
|
||||
username, usernameOk := cookieUsername.(string)
|
||||
provider, providerOk := cookieProvider.(string)
|
||||
|
||||
log.Debug().Str("username", username).Bool("usernameOk", usernameOk).Str("provider", provider).Bool("providerOk", providerOk).Msg("Parsed cookie")
|
||||
log.Debug().Str("username", username).Str("provider", provider).Msg("Parsed cookie")
|
||||
|
||||
if !usernameOk || !providerOk {
|
||||
log.Warn().Msg("Session cookie invalid")
|
||||
|
||||
@@ -34,8 +34,6 @@ func (hooks *Hooks) UseUserContext(c *gin.Context) types.UserContext {
|
||||
}
|
||||
}
|
||||
|
||||
log.Debug().Interface("cookie", cookie).Msg("Got session cookie")
|
||||
|
||||
if cookie.Provider == "username" {
|
||||
log.Debug().Msg("Provider is username")
|
||||
if hooks.Auth.GetUser(cookie.Username) != nil {
|
||||
@@ -55,7 +53,7 @@ func (hooks *Hooks) UseUserContext(c *gin.Context) types.UserContext {
|
||||
if provider != nil {
|
||||
log.Debug().Msg("Provider exists")
|
||||
if !hooks.Auth.EmailWhitelisted(cookie.Username) {
|
||||
log.Error().Msgf("Email %s not whitelisted", cookie.Username)
|
||||
log.Error().Str("email", cookie.Username).Msg("Email is not whitelisted")
|
||||
hooks.Auth.DeleteSessionCookie(c)
|
||||
return types.UserContext{
|
||||
Username: "",
|
||||
|
||||
@@ -37,7 +37,7 @@ func GetGenericEmail(client *http.Client, url string) (string, error) {
|
||||
return "", jsonErr
|
||||
}
|
||||
|
||||
log.Debug().Interface("user", user).Msg("Parsed user from generic provider")
|
||||
log.Debug().Msg("Parsed user from generic provider")
|
||||
|
||||
return user.Email, nil
|
||||
}
|
||||
|
||||
@@ -43,7 +43,7 @@ func GetGithubEmail(client *http.Client) (string, error) {
|
||||
return "", jsonErr
|
||||
}
|
||||
|
||||
log.Debug().Interface("emails", emails).Msg("Parsed emails from github")
|
||||
log.Debug().Msg("Parsed emails from github")
|
||||
|
||||
for _, email := range emails {
|
||||
if email.Primary {
|
||||
|
||||
@@ -41,7 +41,7 @@ func GetGoogleEmail(client *http.Client) (string, error) {
|
||||
return "", jsonErr
|
||||
}
|
||||
|
||||
log.Debug().Interface("user", user).Msg("Parsed user from google")
|
||||
log.Debug().Msg("Parsed user from google")
|
||||
|
||||
return user.Email, nil
|
||||
}
|
||||
|
||||
@@ -19,9 +19,9 @@ type User struct {
|
||||
type Users []User
|
||||
|
||||
type Config struct {
|
||||
Port int `mapstructure:"port"`
|
||||
Address string `validate:"ip4_addr" mapstructure:"address"`
|
||||
Secret string `validate:"len=32" mapstructure:"secret"`
|
||||
Port int `mapstructure:"port" validate:"required"`
|
||||
Address string `validate:"required,ip4_addr" mapstructure:"address"`
|
||||
Secret string `validate:"required,len=32" mapstructure:"secret"`
|
||||
SecretFile string `mapstructure:"secret-file"`
|
||||
AppURL string `validate:"required,url" mapstructure:"app-url"`
|
||||
Users string `mapstructure:"users"`
|
||||
@@ -43,7 +43,7 @@ type Config struct {
|
||||
DisableContinue bool `mapstructure:"disable-continue"`
|
||||
OAuthWhitelist string `mapstructure:"oauth-whitelist"`
|
||||
CookieExpiry int `mapstructure:"cookie-expiry"`
|
||||
LogLevel int8 `mapstructure:"log-level"`
|
||||
LogLevel int8 `mapstructure:"log-level" validate:"min=-1,max=5"`
|
||||
}
|
||||
|
||||
type UserContext struct {
|
||||
|
||||
@@ -15,15 +15,12 @@ func ParseUsers(users string) (types.Users, error) {
|
||||
var usersParsed types.Users
|
||||
userList := strings.Split(users, ",")
|
||||
|
||||
log.Debug().Strs("users", userList).Msg("Splitted users")
|
||||
|
||||
if len(userList) == 0 {
|
||||
return types.Users{}, errors.New("invalid user format")
|
||||
}
|
||||
|
||||
for _, user := range userList {
|
||||
userSplit := strings.Split(user, ":")
|
||||
log.Debug().Strs("user", userSplit).Msg("Splitting user")
|
||||
if len(userSplit) != 2 {
|
||||
return types.Users{}, errors.New("invalid user format")
|
||||
}
|
||||
@@ -33,7 +30,7 @@ func ParseUsers(users string) (types.Users, error) {
|
||||
})
|
||||
}
|
||||
|
||||
log.Debug().Interface("users", usersParsed).Msg("Parsed users")
|
||||
log.Debug().Msg("Parsed users")
|
||||
|
||||
return usersParsed, nil
|
||||
}
|
||||
@@ -83,15 +80,13 @@ func ParseFileToLine(content string) string {
|
||||
return strings.Join(users, ",")
|
||||
}
|
||||
|
||||
func GetSecret(env string, file string) string {
|
||||
if env == "" && file == "" {
|
||||
log.Debug().Msg("No secret provided")
|
||||
func GetSecret(conf string, file string) string {
|
||||
if conf == "" && file == "" {
|
||||
return ""
|
||||
}
|
||||
|
||||
if env != "" {
|
||||
log.Debug().Str("secret", env).Msg("Using secret from env")
|
||||
return env
|
||||
if conf != "" {
|
||||
return conf
|
||||
}
|
||||
|
||||
contents, err := ReadFile(file)
|
||||
@@ -100,28 +95,26 @@ func GetSecret(env string, file string) string {
|
||||
return ""
|
||||
}
|
||||
|
||||
log.Debug().Str("secret", contents).Msg("Using secret from file")
|
||||
|
||||
return contents
|
||||
}
|
||||
|
||||
func GetUsers(env string, file string) (types.Users, error) {
|
||||
func GetUsers(conf string, file string) (types.Users, error) {
|
||||
var users string
|
||||
|
||||
if env == "" && file == "" {
|
||||
if conf == "" && file == "" {
|
||||
return types.Users{}, errors.New("no users provided")
|
||||
}
|
||||
|
||||
if env != "" {
|
||||
log.Debug().Str("users", env).Msg("Using users from env")
|
||||
users += env
|
||||
if conf != "" {
|
||||
log.Debug().Msg("Using users from config")
|
||||
users += conf
|
||||
}
|
||||
|
||||
if file != "" {
|
||||
fileContents, fileErr := ReadFile(file)
|
||||
|
||||
if fileErr == nil {
|
||||
log.Debug().Str("users", ParseFileToLine(fileContents)).Msg("Using users from file")
|
||||
log.Debug().Msg("Using users from file")
|
||||
if users != "" {
|
||||
users += ","
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user