From 9b76a84ee2007dfb36a3e1d3e80eb47272da917b Mon Sep 17 00:00:00 2001 From: Stavros Date: Sat, 11 Oct 2025 15:27:01 +0300 Subject: [PATCH] feat: add trace logging --- cmd/root.go | 4 ++++ internal/controller/proxy_controller.go | 4 ++++ internal/service/auth_service.go | 1 + internal/service/docker_service.go | 4 ++-- internal/service/generic_oauth_service.go | 3 +++ 5 files changed, 14 insertions(+), 2 deletions(-) diff --git a/cmd/root.go b/cmd/root.go index a0ce20d..99b6a45 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -112,6 +112,10 @@ func (c *rootCmd) run(cmd *cobra.Command, args []string) { log.Logger = log.Level(zerolog.Level(utils.GetLogLevel(conf.LogLevel))) log.Info().Str("version", strings.TrimSpace(config.Version)).Msg("Starting Tinyauth") + if log.Logger.GetLevel() == zerolog.TraceLevel { + log.Warn().Msg("Log level set to trace, this will log sensitive information!") + } + app := bootstrap.NewBootstrapApp(conf) err = app.Setup() diff --git a/internal/controller/proxy_controller.go b/internal/controller/proxy_controller.go index dbf13b9..8ded9dc 100644 --- a/internal/controller/proxy_controller.go +++ b/internal/controller/proxy_controller.go @@ -84,6 +84,8 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) { return } + log.Trace().Interface("labels", labels).Msg("Labels for resource") + clientIP := c.ClientIP() if controller.auth.IsBypassedIP(labels.IP, clientIP) { @@ -150,6 +152,8 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) { userContext = context } + log.Trace().Interface("context", userContext).Msg("User context from request") + if userContext.Provider == "basic" && userContext.TotpEnabled { log.Debug().Msg("User has TOTP enabled, denying basic auth access") userContext.IsLoggedIn = false diff --git a/internal/service/auth_service.go b/internal/service/auth_service.go index 4cd66b8..d9f792b 100644 --- a/internal/service/auth_service.go +++ b/internal/service/auth_service.go @@ -318,6 +318,7 @@ func (auth *AuthService) IsInOAuthGroup(c *gin.Context, context config.UserConte for userGroup := range strings.SplitSeq(context.OAuthGroups, ",") { if utils.CheckFilter(requiredGroups, strings.TrimSpace(userGroup)) { + log.Trace().Str("group", userGroup).Str("required", requiredGroups).Msg("User group matched") return true } } diff --git a/internal/service/docker_service.go b/internal/service/docker_service.go index 2a4a959..5139757 100644 --- a/internal/service/docker_service.go +++ b/internal/service/docker_service.go @@ -89,12 +89,12 @@ func (docker *DockerService) GetLabels(appDomain string) (config.App, error) { for appName, appLabels := range labels.Apps { if appLabels.Config.Domain == appDomain { - log.Debug().Str("id", inspect.ID).Msg("Found matching container by domain") + log.Debug().Str("id", inspect.ID).Str("name", inspect.Name).Msg("Found matching container by domain") return appLabels, nil } if strings.TrimPrefix(inspect.Name, "/") == appName { - log.Debug().Str("id", inspect.ID).Msg("Found matching container by app name") + log.Debug().Str("id", inspect.ID).Str("name", inspect.Name).Msg("Found matching container by app name") return appLabels, nil } } diff --git a/internal/service/generic_oauth_service.go b/internal/service/generic_oauth_service.go index aae89c4..053944a 100644 --- a/internal/service/generic_oauth_service.go +++ b/internal/service/generic_oauth_service.go @@ -12,6 +12,7 @@ import ( "time" "tinyauth/internal/config" + "github.com/rs/zerolog/log" "golang.org/x/oauth2" ) @@ -110,6 +111,8 @@ func (generic *GenericOAuthService) Userinfo() (config.Claims, error) { return user, err } + log.Trace().Str("body", string(body)).Msg("Userinfo response body") + err = json.Unmarshal(body, &user) if err != nil { return user, err