back round 0 view raw

guard: supress logging #745

closed
opened by oppi.li targeting master from push-ykxtvrlpxwrl

the default slog logger caused indigo/identity to emit logs when resolving identities. using a bespoke logger in the guard subcommand fixes this.

Signed-off-by: oppiliappan me@oppi.li

options
unified split
Changed files
+26 -29
guard
guard.go
+26 -29
guard/guard.go
··· 16 16 securejoin "github.com/cyphar/filepath-securejoin" 17 17 "github.com/urfave/cli/v3" 18 18 "tangled.org/core/idresolver" 19 - "tangled.org/core/log" 20 19 ) 21 20 22 21 func Command() *cli.Command { ··· 55 54 } 56 55 57 56 func Run(ctx context.Context, cmd *cli.Command) error { 58 - l := log.FromContext(ctx) 59 - 60 57 incomingUser := cmd.String("user") 61 58 gitDir := cmd.String("git-dir") 62 59 logPath := cmd.String("log-path") 63 60 endpoint := cmd.String("internal-api") 64 61 motdFile := cmd.String("motd-file") 65 62 63 + stream := io.Discard 66 64 logFile, err := os.OpenFile(logPath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) 67 - if err != nil { 68 - l.Error("failed to open log file", "error", err) 69 - return err 70 - } else { 71 - fileHandler := slog.NewJSONHandler(logFile, &slog.HandlerOptions{Level: slog.LevelInfo}) 72 - l = slog.New(fileHandler) 65 + if err == nil { 66 + stream = logFile 73 67 } 74 68 69 + fileHandler := slog.NewJSONHandler(stream, &slog.HandlerOptions{Level: slog.LevelInfo}) 70 + slog.SetDefault(slog.New(fileHandler)) 71 + 75 72 var clientIP string 76 73 if connInfo := os.Getenv("SSH_CONNECTION"); connInfo != "" { 77 74 parts := strings.Fields(connInfo) ··· 81 78 } 82 79 83 80 if incomingUser == "" { 84 - l.Error("access denied: no user specified") 81 + slog.Error("access denied: no user specified") 85 82 fmt.Fprintln(os.Stderr, "access denied: no user specified") 86 83 os.Exit(-1) 87 84 } 88 85 89 86 sshCommand := os.Getenv("SSH_ORIGINAL_COMMAND") 90 87 91 - l.Info("connection attempt", 88 + slog.Info("connection attempt", 92 89 "user", incomingUser, 93 90 "command", sshCommand, 94 91 "client", clientIP) 95 92 96 93 if sshCommand == "" { 97 - l.Info("access denied: no interactive shells", "user", incomingUser) 94 + slog.Info("access denied: no interactive shells", "user", incomingUser) 98 95 fmt.Fprintf(os.Stderr, "Hi @%s! You've successfully authenticated.\n", incomingUser) 99 96 os.Exit(-1) 100 97 } 101 98 102 99 cmdParts := strings.Fields(sshCommand) 103 100 if len(cmdParts) < 2 { 104 - l.Error("invalid command format", "command", sshCommand) 101 + slog.Error("invalid command format", "command", sshCommand) 105 102 fmt.Fprintln(os.Stderr, "invalid command format") 106 103 os.Exit(-1) 107 104 } ··· 113 110 // any of the above with a leading slash (/) 114 111 115 112 components := strings.Split(strings.TrimPrefix(strings.Trim(cmdParts[1], "'"), "/"), "/") 116 - l.Info("command components", "components", components) 113 + slog.Info("command components", "components", components) 117 114 118 115 if len(components) != 2 { 119 - l.Error("invalid repo format", "components", components) 116 + slog.Error("invalid repo format", "components", components) 120 117 fmt.Fprintln(os.Stderr, "invalid repo format, needs <user>/<repo> or /<user>/<repo>") 121 118 os.Exit(-1) 122 119 } 123 120 124 121 didOrHandle := components[0] 125 - identity := resolveIdentity(ctx, l, didOrHandle) 122 + identity := resolveIdentity(ctx, didOrHandle) 126 123 did := identity.DID.String() 127 124 repoName := components[1] 128 125 qualifiedRepoName, _ := securejoin.SecureJoin(did, repoName) ··· 133 130 "git-upload-archive": true, 134 131 } 135 132 if !validCommands[gitCommand] { 136 - l.Error("access denied: invalid git command", "command", gitCommand) 133 + slog.Error("access denied: invalid git command", "command", gitCommand) 137 134 fmt.Fprintln(os.Stderr, "access denied: invalid git command") 138 135 return fmt.Errorf("access denied: invalid git command") 139 136 } 140 137 141 138 if gitCommand != "git-upload-pack" { 142 - if !isPushPermitted(l, incomingUser, qualifiedRepoName, endpoint) { 143 - l.Error("access denied: user not allowed", 139 + if !isPushPermitted(incomingUser, qualifiedRepoName, endpoint) { 140 + slog.Error("access denied: user not allowed", 144 141 "did", incomingUser, 145 142 "reponame", qualifiedRepoName) 146 143 fmt.Fprintln(os.Stderr, "access denied: user not allowed") ··· 150 147 151 148 fullPath, _ := securejoin.SecureJoin(gitDir, qualifiedRepoName) 152 149 153 - l.Info("processing command", 150 + slog.Info("processing command", 154 151 "user", incomingUser, 155 152 "command", gitCommand, 156 153 "repo", repoName, ··· 160 157 var motdReader io.Reader 161 158 if reader, err := os.Open(motdFile); err != nil { 162 159 if !errors.Is(err, os.ErrNotExist) { 163 - l.Error("failed to read motd file", "error", err) 160 + slog.Error("failed to read motd file", "error", err) 164 161 } 165 162 motdReader = strings.NewReader("Welcome to this knot!\n") 166 163 } else { ··· 181 178 ) 182 179 183 180 if err := gitCmd.Run(); err != nil { 184 - l.Error("command failed", "error", err) 181 + slog.Error("command failed", "error", err) 185 182 fmt.Fprintf(os.Stderr, "command failed: %v\n", err) 186 183 return fmt.Errorf("command failed: %v", err) 187 184 } 188 185 189 - l.Info("command completed", 186 + slog.Info("command completed", 190 187 "user", incomingUser, 191 188 "command", gitCommand, 192 189 "repo", repoName, ··· 195 192 return nil 196 193 } 197 194 198 - func resolveIdentity(ctx context.Context, l *slog.Logger, didOrHandle string) *identity.Identity { 195 + func resolveIdentity(ctx context.Context, didOrHandle string) *identity.Identity { 199 196 resolver := idresolver.DefaultResolver() 200 197 ident, err := resolver.ResolveIdent(ctx, didOrHandle) 201 198 if err != nil { 202 - l.Error("Error resolving handle", "error", err, "handle", didOrHandle) 199 + slog.Error("Error resolving handle", "error", err, "handle", didOrHandle) 203 200 fmt.Fprintf(os.Stderr, "error resolving handle: %v\n", err) 204 201 os.Exit(1) 205 202 } 206 203 if ident.Handle.IsInvalidHandle() { 207 - l.Error("Error resolving handle", "invalid handle", didOrHandle) 204 + slog.Error("Error resolving handle", "invalid handle", didOrHandle) 208 205 fmt.Fprintf(os.Stderr, "error resolving handle: invalid handle\n") 209 206 os.Exit(1) 210 207 } 211 208 return ident 212 209 } 213 210 214 - func isPushPermitted(l *slog.Logger, user, qualifiedRepoName, endpoint string) bool { 211 + func isPushPermitted(user, qualifiedRepoName, endpoint string) bool { 215 212 u, _ := url.Parse(endpoint + "/push-allowed") 216 213 q := u.Query() 217 214 q.Add("user", user) ··· 220 217 221 218 req, err := http.Get(u.String()) 222 219 if err != nil { 223 - l.Error("Error verifying permissions", "error", err) 220 + slog.Error("Error verifying permissions", "error", err) 224 221 fmt.Fprintf(os.Stderr, "error verifying permissions: %v\n", err) 225 222 os.Exit(1) 226 223 } 227 224 228 - l.Info("Checking push permission", 225 + slog.Info("checking push permission", 229 226 "url", u.String(), 230 227 "status", req.Status) 231 228