Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

log improve #1097

Closed
wants to merge 7 commits into from
Closed

log improve #1097

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
c020584
Support all npm log levels
corneliusroemer Feb 23, 2024
5c9f50e
Don't use invalid cookie token, check params in that case
corneliusroemer Feb 23, 2024
7830f3f
Clean params from redirectUri
corneliusroemer Feb 23, 2024
f64dfff
use params lazily
corneliusroemer Feb 23, 2024
87ee3a5
Ensure https is set
corneliusroemer Feb 23, 2024
21e5597
One more https addition
corneliusroemer Feb 23, 2024
71ad758
reduce log level
corneliusroemer Feb 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions website/src/logger.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,13 @@ export type InstanceLogger = ReturnType<typeof getInstanceLogger>;

export const getInstanceLogger = (instance: string) => {
return {
// Winston uses npm log levels by default
error: (message: string) => getLogger().error(message, { instance }),
warn: (message: string) => getLogger().warn(message, { instance }),
info: (message: string) => getLogger().info(message, { instance }),
http: (message: string) => getLogger().http(message, { instance }),
verbose: (message: string) => getLogger().verbose(message, { instance }),
debug: (message: string) => getLogger().debug(message, { instance }),
silly: (message: string) => getLogger().silly(message, { instance }),
};
};
46 changes: 33 additions & 13 deletions website/src/middleware/authMiddleware.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ export async function getKeycloakClient() {

const issuerUrl = `${originForClient}${realmPath}`;

logger.info(`Getting keycloak client for issuer url: ${issuerUrl}`);
logger.debug(`Getting keycloak client for issuer url: ${issuerUrl}`);
const keycloakIssuer = await Issuer.discover(issuerUrl);

_keycloakClient = new keycloakIssuer.Client(clientMetadata);
Expand All @@ -49,22 +49,19 @@ export async function getKeycloakClient() {
}

export const getAuthUrl = async (redirectUrl: string) => {
const redirectUri = removeTokenCodeFromSearchParams(new URL(redirectUrl)).replace('http://', 'https://');
const authUrl = (await getKeycloakClient()).authorizationUrl({
redirect_uri: redirectUrl,
redirect_uri: redirectUri,
scope: 'openid',
response_type: 'code',
});
return authUrl;
};

export const authMiddleware = defineMiddleware(async (context, next) => {
let token = await getTokenFromCookie(context);
if (token === undefined) {
token = await getTokenFromParams(context);
if (token !== undefined) {
logger.debug(`Token found in params, setting cookie`);
setCookie(context, token);
}
const token = await getTokenFromParamsOrCookie(context);
if (token !== undefined) {
setCookie(context, token);
}

const enforceLogin = shouldMiddlewareEnforceLogin(
Expand Down Expand Up @@ -104,16 +101,18 @@ export const authMiddleware = defineMiddleware(async (context, next) => {
}

if (token === undefined) {
logger.debug(`No token found, redirecting to auth`);
logger.debug(`Auth required, but no token found, redirecting to auth`);
return redirectToAuth(context);
}

const userInfo = await getUserInfo(token);
if (userInfo.isErr()) {
logger.debug(`Error getting user info: ${userInfo.error}`);
logger.debug(`Auth required, but provided token is invalid: ${userInfo.error}`);
return redirectToAuth(context);
}

logger.debug(`Auth required, token is valid, setting session`);

context.locals.session = {
isLoggedIn: true,
user: {
Expand Down Expand Up @@ -204,7 +203,7 @@ async function verifyToken(accessToken: string) {

async function getUserInfo(token: TokenCookie) {
return ResultAsync.fromPromise((await getKeycloakClient()).userinfo(token.accessToken), (error) => {
logger.error(`Error getting user info: ${error}`);
logger.debug(`Error getting userInfo via token: ${error}`);
return error;
});
}
Expand All @@ -222,15 +221,36 @@ async function getTokenFromParams(context: APIContext) {
response_type: 'code',
})
.catch((error) => {
logger.error(`Keycloak callback error: ${error}`);
logger.info(`Keycloak callback error: ${error}`);
return undefined;
});
return extractTokenCookieFromTokenSet(tokenSet);
}
return undefined;
}

async function checkToken(token: TokenCookie) {
// Check if token is valid by calling userinfo endpoint
const userInfo = await getUserInfo(token);
if (userInfo.isErr()) {
return undefined;
}
return token;
}

async function getTokenFromParamsOrCookie(context: APIContext) {
for (const token of [await getTokenFromParams(context), await getTokenFromCookie(context)]) {
if (token !== undefined) {
const validToken = await checkToken(token);
if (validToken !== undefined) {
return validToken;
}
}
}
}

export function setCookie(context: APIContext, token: TokenCookie) {
deleteCookie(context);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This really shouldn't have any effect, fwiw

context.cookies.set(ACCESS_TOKEN_COOKIE, token.accessToken, {
httpOnly: true,
sameSite: 'lax',
Expand Down
Loading