feat(auth): add logs to routes #2697
Conversation
github-actions
bot
added
type: source
✅ Deploy Preview for brilliant-pasca-3e80ec canceled.
|
packages/auth/src/shared/utils.ts
Outdated
| requestBody: typeof ctx.request.body | ||
| } { | ||
| return { | ||
| requestId: v4(), |
There was a problem hiding this comment.
This would show a different uuid for each log, right?
I was looking into a way to have a common request/traceId as a property on a child pino logger, but it is a bit difficult to do that with how we've set up dependency injection with adonis fold library. I'll take another attempt at addressing this in my upcoming changes.
There was a problem hiding this comment.
I figured it would be workable for now as the routes log once per request, but I admit it's wishful thinking
| deps.logger.debug( | ||
| { | ||
| ...generateRouteLogs(ctx), | ||
| accessToken |
There was a problem hiding this comment.
should we be logging out tokens such as accessToken?
There was a problem hiding this comment.
Does it make any difference that its a debug log? I guess we can say these can but shouldnt be logged in production. Had the same thought about grant.continueToken elsewhere.
| export function generateRouteLogs(ctx: AppContext): { | ||
| route: typeof ctx.path | ||
| method: typeof ctx.method | ||
| params: typeof ctx.params | ||
| headers: typeof ctx.headers | ||
| requestBody: typeof ctx.request.body | ||
| } { | ||
| return { | ||
| method: ctx.method, | ||
| route: ctx.path, | ||
| headers: ctx.headers, | ||
| params: ctx.params, | ||
| requestBody: ctx.request.body | ||
| } | ||
| } |
There was a problem hiding this comment.
I imagine there is probably some sensitive info in here somewhere.
for example from a POST continue/{{continueId}}:
requestBody.continue.access_token.valuerequestBody.access_token.value
And is everything in headers OK to log or should any of it be redacted?
"headers": {
"accept": "application/json",
"content-type": "application/json",
"content-digest": "sha-512=:wJHRy2GvqCYWZhLTIAdtBaDT9MRO69ldMWgdld0GO8cYVu8uop7pmilYh1xmlVDiiT8d2P1CSdyYgnbCsJIrNA==:",
"content-length": "174",
"signature": "sig1=:M5wb//IFQa43pZ6DfUrxcx7RCf3aQWXApk28TmhqgiUrzBbhlu0hs2/zVzXuiB7kEa1LZuq3taQT1XT5wuBDDg==:",
"signature-input": "sig1=(\"@method\" \"@target-uri\" \"content-digest\" \"content-length\" \"content-type\");keyid=\"keyid-97a3a431-8ee1-48fc-ac85-70e2f5eba8e5\";created=1715013373",
"user-agent": "axios/1.6.8",
"accept-encoding": "gzip, compress, deflate, br",
"host": "happy-life-bank-test-auth:4106",
"connection": "keep-alive"
},If we need to configure pino to redact I imagine it might make sense to do it where we initialize the logger for some things, like the headers (if required).
There was a problem hiding this comment.
This seems like a good pattern btw though. Also wondering if you think it would make sense to destructure this where we init the pino logger so we dont have to do ...generateRouteLogs(ctx) everywhere? Or if we dont want to always log context do a new loggerWithCtx or something?
|
What do you think about original PR review comment?
Might be nice to match the behaviour in |
I think it's possible to have this PR also match that pattern. It'll be slightly different since it's supposed to also return GNAP error codes, but will be mostly similar. |
| 'invalid access token' | ||
| ) | ||
| } | ||
|
|
||
| if (!accessToken.grant) { | ||
| const logger = await ctx.container.use('logger') | ||
| logger.error( | ||
| `access token with management id ${ctx.params['id']} has no grant associated with it.` | ||
| ) |
There was a problem hiding this comment.
is this log worth keeping still?
There was a problem hiding this comment.
Probably...in hindsight that's a pretty severe case that shouldn't happen - we should know about if it does for some reason
| @@ -3,7 +3,14 @@ import createLogger, { Logger as PinoLogger } from 'pino' | |||
| import { Config } from '../config/app' | |||
|
|
|||
| function initLogger(): PinoLogger { | |||
| const logger = createLogger() | |||
| const logger = createLogger({ | |||
There was a problem hiding this comment.
do we need to use this when instantiating the logger singleton in index.ts?
| } | ||
| } | ||
|
|
||
| export async function gnapServerErrorMiddleware( |
There was a problem hiding this comment.
We should also check for OpenAPIValidatorMiddlewareError here as well, similar to backend, so we get a nicely formatted error when getting validation errors as well. This means we need to update @interledger/openapi to 2.0.1
njlie
force-pushed
the
nl/2577/auth-routes-logs
branch
from
85a7724
to
82c7135
Compare
| ctx.container = deps | ||
| }) | ||
|
|
||
| test('handles GNAPServerRouteError error', async (): Promise<void> => { |
There was a problem hiding this comment.
we should add a test for the validator middleware error
njlie
force-pushed
the
nl/2577/auth-routes-logs
branch
from
c7af5bf
to
b7d2663
Compare
Changes proposed in this pull request
Context
Closes #2577.
Checklist
fixes #number