forked from go-chi/httplog
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhttpzaplog.go
311 lines (269 loc) · 7.92 KB
/
httpzaplog.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
package httpzaplog
import (
"context"
"fmt"
"io/ioutil"
"net/http"
"net/url"
"strings"
"time"
"github.com/go-chi/chi/v5"
"github.com/go-chi/chi/v5/middleware"
"go.uber.org/zap"
"go.uber.org/zap/zapcore"
"golang.org/x/exp/slices"
)
type Options struct {
Logger *zap.Logger
// Concise determines Whether to log the entries in concise mode.
Concise bool
// SkipURLParams determines which get parameters shouldn't be logged.
SkipURLParams []string
// SkipHeaders determines which headers shouldn't be logged.
SkipHeaders []string
// SkipPaths determines which paths shouldn't be logged.
SkipPaths []string
// ErrorMiddleware is a middleware that will be injected between the logger middleware and the Recoverer middleware.
// This allows you to customize the 500 error page in the case of a panic.
ErrorMiddleware func(http.Handler) http.Handler
}
var DefaultOptions = Options{
Logger: zap.Must(zap.NewProduction()),
Concise: false,
}
// RequestLogger is an http middleware to log http requests and responses.
//
// NOTE: for simplicity, RequestLogger automatically makes use of the chi RequestID and
// Recoverer middleware.
func RequestLogger(opts *Options) func(next http.Handler) http.Handler {
if opts == nil {
opts = &DefaultOptions
}
chain := []func(http.Handler) http.Handler{
middleware.RequestID,
Handler(opts),
}
if opts.ErrorMiddleware != nil {
chain = append(chain, opts.ErrorMiddleware)
}
chain = append(chain, middleware.Recoverer)
return chi.Chain(chain...).Handler
}
func Handler(opts *Options) func(next http.Handler) http.Handler {
var f middleware.LogFormatter = &requestLogger{opts}
skipPaths := map[string]struct{}{}
for _, path := range opts.SkipPaths {
skipPaths[path] = struct{}{}
}
return func(next http.Handler) http.Handler {
fn := func(w http.ResponseWriter, r *http.Request) {
// Skip the logger if the path is in the skip list
if len(skipPaths) > 0 {
_, skip := skipPaths[r.URL.Path]
if skip {
next.ServeHTTP(w, r)
return
}
}
// Log the request
entry := f.NewLogEntry(r)
ww := middleware.NewWrapResponseWriter(w, r.ProtoMajor)
buf := newLimitBuffer(512)
ww.Tee(buf)
t1 := time.Now()
defer func() {
var respBody []byte
if ww.Status() >= 400 {
respBody, _ = ioutil.ReadAll(buf)
}
entry.Write(ww.Status(), ww.BytesWritten(), ww.Header(), time.Since(t1), respBody)
}()
next.ServeHTTP(ww, middleware.WithLogEntry(r, entry))
}
return http.HandlerFunc(fn)
}
}
type requestLogger struct {
Opts *Options
}
func (l *requestLogger) NewLogEntry(r *http.Request) middleware.LogEntry {
entry := &RequestLoggerEntry{
concise: l.Opts.Concise,
skipURLParams: l.Opts.SkipURLParams,
skipHeaders: l.Opts.SkipHeaders,
}
msg := fmt.Sprintf("Request: %s %s", r.Method, r.URL.Path)
entry.Logger = l.Opts.Logger.With(l.requestLogFields(r))
if !l.Opts.Concise {
entry.Logger.Info(msg)
}
return entry
}
type RequestLoggerEntry struct {
Logger *zap.Logger
msg string
concise bool
skipURLParams []string
skipHeaders []string
}
func (l *RequestLoggerEntry) Write(status, bytes int, header http.Header, elapsed time.Duration, extra interface{}) {
msg := fmt.Sprintf("Response: %d %s", status, statusLabel(status))
if l.msg != "" {
msg = fmt.Sprintf("%s - %s", msg, l.msg)
}
responseLog := map[string]interface{}{
"status": status,
"bytes": bytes,
"elapsed": float64(elapsed.Nanoseconds()) / 1000000.0, // in milliseconds
}
if !l.concise {
// Include response header, as well for error status codes (>400) we include
// the response body so we may inspect the log message sent back to the client.
if status >= 400 {
body, _ := extra.([]byte)
responseLog["body"] = string(body)
}
if len(header) > 0 {
responseLog["header"] = headerLogField(header, l.skipHeaders, l.skipURLParams)
}
}
l.Logger.With(zap.Any("httpResponse", responseLog)).
Log(statusLevel(status), msg)
}
func (l *RequestLoggerEntry) Panic(v interface{}, stack []byte) {
stacktrace := string(stack)
l.Logger = l.Logger.With(
zap.String("stacktrace", stacktrace),
zap.String("panic", fmt.Sprintf("%+v", v)),
)
l.msg = fmt.Sprintf("%+v", v)
middleware.PrintPrettyStack(v)
}
func (l *requestLogger) requestLogFields(r *http.Request) zapcore.Field {
scheme := "http"
if r.TLS != nil {
scheme = "https"
}
// Make sure to sanitize the get parameters in the request URL.
var requestURL string
parsed, err := url.Parse(r.RequestURI)
if err != nil {
requestURL = fmt.Sprintf("%s://%s%s", scheme, r.Host, r.URL.Path)
} else {
urlValues := parsed.Query()
for urlK := range urlValues {
if slices.Contains(l.Opts.SkipURLParams, urlK) {
urlValues.Set(urlK, "***")
}
}
parsed.RawQuery = urlValues.Encode()
requestURL = fmt.Sprintf("%s://%s%s", scheme, r.Host, parsed.String())
}
requestFields := map[string]interface{}{
"requestURL": requestURL,
"requestMethod": r.Method,
"requestPath": r.URL.Path,
"remoteIP": r.RemoteAddr,
"proto": r.Proto,
}
if reqID := middleware.GetReqID(r.Context()); reqID != "" {
requestFields["requestID"] = reqID
}
if l.Opts.Concise {
return zap.Any("httpRequest", requestFields)
}
requestFields["scheme"] = scheme
if len(r.Header) > 0 {
requestFields["header"] = headerLogField(r.Header, l.Opts.SkipHeaders, l.Opts.SkipURLParams)
}
return zap.Any("httpRequest", requestFields)
}
func headerLogField(header http.Header, skipHeaders []string, skipURLParams []string) map[string]string {
headerField := map[string]string{}
for k, v := range header {
k = strings.ToLower(k)
switch {
case len(v) == 0:
continue
case len(v) == 1:
headerField[k] = v[0]
default:
headerField[k] = fmt.Sprintf("[%s]", strings.Join(v, "], ["))
}
if k == "authorization" || k == "cookie" || k == "set-cookie" {
headerField[k] = "***"
}
if k == "location" {
// For location key, try to sanitize the URL parameters which may contain sensitive info, expecially with OIDC
parsed, err := url.Parse(headerField[k])
if err != nil {
headerField[k] = "***"
} else {
urlValues := parsed.Query()
for urlK := range urlValues {
if slices.Contains(skipURLParams, urlK) {
urlValues.Set(urlK, "***")
}
}
parsed.RawQuery = urlValues.Encode()
headerField[k] = parsed.String()
}
}
if slices.Contains(skipHeaders, k) {
headerField[k] = "***"
}
}
return headerField
}
func statusLevel(status int) zapcore.Level {
switch {
case status <= 0:
return zapcore.WarnLevel
case status < 400: // for codes in 100s, 200s, 300s
return zapcore.InfoLevel
case status >= 400 && status < 500:
return zapcore.WarnLevel
case status >= 500:
return zapcore.ErrorLevel
default:
return zapcore.InfoLevel
}
}
func statusLabel(status int) string {
switch {
case status >= 100 && status < 300:
return "OK"
case status >= 300 && status < 400:
return "Redirect"
case status >= 400 && status < 500:
return "Client Error"
case status >= 500:
return "Server Error"
default:
return "Unknown"
}
}
// Helper methods used by the application to get the request-scoped
// logger entry and set additional fields between handlers.
//
// This is a useful pattern to use to set state on the entry as it
// passes through the handler chain, which at any point can be logged
// with a call to .Print(), .Info(), etc.
func LogEntry(ctx context.Context) *zap.Logger {
entry, ok := ctx.Value(middleware.LogEntryCtxKey).(*RequestLoggerEntry)
if !ok || entry == nil {
return zap.NewNop()
} else {
return entry.Logger
}
}
func LogEntrySetField(ctx context.Context, key, value string) {
if entry, ok := ctx.Value(middleware.LogEntryCtxKey).(*RequestLoggerEntry); ok {
entry.Logger = entry.Logger.With(zap.String(key, value))
}
}
func LogEntrySetFields(ctx context.Context, fields ...zapcore.Field) {
if entry, ok := ctx.Value(middleware.LogEntryCtxKey).(*RequestLoggerEntry); ok {
entry.Logger = entry.Logger.With(fields...)
}
}