Skip to content

Commit

Permalink
Add debug logging and timeout configurations
Browse files Browse the repository at this point in the history
Previously it was only possible to enable trace logs for requests and
responses. These can contain PII and should not be enabled.
After this change it is possible to explicitly configure which parts
of request we want to log.
For now, body is left on or off, but we should provide a better mechanism to
filter out PIIs on demand.
  • Loading branch information
peel committed Mar 20, 2024
1 parent 4ab8c30 commit 90f694f
Show file tree
Hide file tree
Showing 5 changed files with 45 additions and 7 deletions.
8 changes: 8 additions & 0 deletions core/src/main/resources/reference.conf
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,14 @@
bodyReadTimeout = 500 millis
}

debug {
http {
enable = false
logHeaders = true
logBody = false
redactHeaders = []
}
}
enableDefaultRedirect = false
preTerminationPeriod = 10 seconds

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,8 @@ case class Config[+SinkConfig](
enableDefaultRedirect: Boolean,
redirectDomains: Set[String],
preTerminationPeriod: FiniteDuration,
license: Config.License
license: Config.License,
debug: Config.Debug.Debug
)

object Config {
Expand Down Expand Up @@ -167,6 +168,11 @@ object Config {
accept: Boolean
)

object Debug {
case class Http(enable: Boolean, logHeaders: Boolean, logBody: Boolean, redactHeaders: List[String])
case class Debug(http: Http)
}

implicit def decoder[SinkConfig: Decoder]: Decoder[Config[SinkConfig]] = {
implicit val license: Decoder[License] = {
val truthy = Set("true", "yes", "on", "1")
Expand Down Expand Up @@ -199,6 +205,8 @@ object Config {
implicit val hsts = deriveDecoder[HSTS]
implicit val telemetry = deriveDecoder[Telemetry]
implicit val networking = deriveDecoder[Networking]
implicit val http = deriveDecoder[Debug.Http]
implicit val debug = deriveDecoder[Debug.Debug]
implicit val sinkConfig = newDecoder[SinkConfig].or(legacyDecoder[SinkConfig])
implicit val streams = deriveDecoder[Streams[SinkConfig]]

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,8 @@ import org.http4s.{HttpApp, HttpRoutes}
import org.http4s.blaze.server.BlazeServerBuilder
import org.http4s.headers.`Strict-Transport-Security`
import org.http4s.server.Server
import org.http4s.server.middleware.{HSTS, Metrics}
import org.http4s.server.middleware.{HSTS, Logger => LoggerMiddleware, Metrics, Timeout}
import org.typelevel.ci.CIString
import org.typelevel.log4cats.Logger
import org.typelevel.log4cats.slf4j.Slf4jLogger

Expand All @@ -36,11 +37,12 @@ object HttpServer {
secure: Boolean,
hsts: Config.HSTS,
networking: Config.Networking,
metricsConfig: Config.Metrics
metricsConfig: Config.Metrics,
debugHttp: Config.Debug.Http
): Resource[F, Server] =
for {
withMetricsMiddleware <- createMetricsMiddleware(routes, metricsConfig)
server <- buildBlazeServer[F](withMetricsMiddleware, port, secure, hsts, networking)
server <- buildBlazeServer[F](withMetricsMiddleware, port, secure, hsts, networking, debugHttp)
} yield server

private def createMetricsMiddleware[F[_]: Async](
Expand All @@ -67,17 +69,33 @@ object HttpServer {
HSTS(routes, `Strict-Transport-Security`.unsafeFromDuration(hsts.maxAge))
else routes

private def loggerMiddleware[F[_]: Async](routes: HttpApp[F], config: Config.Debug.Http): HttpApp[F] =
if (config.enable) {
LoggerMiddleware.httpApp[F](
logHeaders = config.logHeaders,
logBody = config.logBody,
redactHeadersWhen = config.redactHeaders.map(CIString(_)).contains(_),
logAction = Some((msg: String) => Logger[F].debug(msg))
)(routes)
} else routes

private def timeoutMiddleware[F[_]: Async](routes: HttpApp[F], networking: Config.Networking): HttpApp[F] =
Timeout.httpApp[F](timeout = networking.responseHeaderTimeout)(routes)

private def buildBlazeServer[F[_]: Async](
routes: HttpRoutes[F],
port: Int,
secure: Boolean,
hsts: Config.HSTS,
networking: Config.Networking
networking: Config.Networking,
debugHttp: Config.Debug.Http
): Resource[F, Server] =
Resource.eval(Logger[F].info("Building blaze server")) >>
BlazeServerBuilder[F]
.bindSocketAddress(new InetSocketAddress(port))
.withHttpApp(hstsMiddleware(hsts, routes.orNotFound))
.withHttpApp(
loggerMiddleware(timeoutMiddleware(hstsMiddleware(hsts, routes.orNotFound), networking), debugHttp)
)
.withIdleTimeout(networking.idleTimeout)
.withMaxConnections(networking.maxConnections)
.withResponseHeaderTimeout(networking.responseHeaderTimeout)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,8 @@ object Run {
config.ssl.enable,
config.hsts,
config.networking,
config.monitoring.metrics
config.monitoring.metrics,
config.debug.http
)
_ <- withGracefulShutdown(config.preTerminationPeriod)(httpServer)
httpClient <- BlazeClientBuilder[F].resource
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,9 @@ object TestUtils {
2.second,
500.millis
),
debug = Debug.Debug(
http = Debug.Http(enable = false, logHeaders = true, logBody = false, redactHeaders = List.empty)
),
enableDefaultRedirect = false,
redirectDomains = Set.empty[String],
preTerminationPeriod = 10.seconds,
Expand Down

0 comments on commit 90f694f

Please sign in to comment.