diff --git a/context/token.go b/context/token.go index 42e04cbe120..39a1a5cd347 100644 --- a/context/token.go +++ b/context/token.go @@ -12,7 +12,8 @@ import ( type contextKey string const ( - authorizerCtxKey contextKey = "influx/authorizer/v1" + authorizerCtxKey contextKey = "influx/authorizer/v1" + authorizerCtxPtrKey contextKey = "influx/authorizer/pointer" ) // SetAuthorizer sets an authorizer on context. @@ -68,3 +69,22 @@ func GetUserID(ctx context.Context) (platform.ID, error) { } return a.GetUserID(), nil } + +// ProvideAuthorizerStorage puts a pointer to an Authorizer in the context. +// This is used to pass an Authorizer up the stack for logging purposes +func ProvideAuthorizerStorage(ctx context.Context, ap *influxdb.Authorizer) context.Context { + return context.WithValue(ctx, authorizerCtxPtrKey, ap) +} + +// StoreAuthorizer stores an Authorizer in a pointer from the Context. +// This permits functions deep in the stack to set the pointer to return +// values up the call chain +func StoreAuthorizer(ctx context.Context, auth influxdb.Authorizer) bool { + ap, ok := ctx.Value(authorizerCtxPtrKey).(*influxdb.Authorizer) + if ok && (ap != nil) { + (*ap) = auth + return true + } else { + return false + } +} diff --git a/http/authentication_middleware.go b/http/authentication_middleware.go index 3b9bb4be526..c4d6e2f8bc5 100644 --- a/http/authentication_middleware.go +++ b/http/authentication_middleware.go @@ -108,6 +108,9 @@ func (h *AuthenticationHandler) ServeHTTP(w http.ResponseWriter, r *http.Request return } + // Set the Authorizer pointer for use in logging high up the call stack + platcontext.StoreAuthorizer(ctx, auth) + // jwt based auth is permission based rather than identity based // and therefor has no associated user. if the user ID is invalid // disregard the user active check diff --git a/http/legacy/influx1x_authentication_handler.go b/http/legacy/influx1x_authentication_handler.go index ff4a3f2be08..050708acfaa 100644 --- a/http/legacy/influx1x_authentication_handler.go +++ b/http/legacy/influx1x_authentication_handler.go @@ -49,6 +49,10 @@ func (h *Influx1xAuthenticationHandler) ServeHTTP(w http.ResponseWriter, r *http } auth, err := h.auth.Authorize(ctx, creds) + + // Set the Authorizer pointer for use in logging high up the call stack + platcontext.StoreAuthorizer(ctx, auth) + if err != nil { var erri *errors2.Error if errors.As(err, &erri) { diff --git a/http/middleware.go b/http/middleware.go index fe87060c34f..2765f3200db 100644 --- a/http/middleware.go +++ b/http/middleware.go @@ -9,6 +9,8 @@ import ( "strings" "time" + "github.com/influxdata/influxdb/v2" + platcontext "github.com/influxdata/influxdb/v2/context" kithttp "github.com/influxdata/influxdb/v2/kit/transport/http" "go.uber.org/zap" ) @@ -25,6 +27,10 @@ func LoggingMW(log *zap.Logger) kithttp.Middleware { teedR: io.TeeReader(r.Body, &buf), } + var auth influxdb.Authorizer + + r = r.WithContext(platcontext.ProvideAuthorizerStorage(r.Context(), &auth)) + defer func(start time.Time) { errField := zap.Skip() if errStr := w.Header().Get(kithttp.PlatformErrorCodeHeader); errStr != "" { @@ -36,6 +42,12 @@ func LoggingMW(log *zap.Logger) kithttp.Middleware { errReferenceField = zap.String("error_code", errReference) } + var id, userid string + if auth != nil { + id = auth.Identifier().String() + userid = auth.GetUserID().String() + } + fields := []zap.Field{ zap.String("method", r.Method), zap.String("host", r.Host), @@ -48,6 +60,8 @@ func LoggingMW(log *zap.Logger) kithttp.Middleware { zap.String("referrer", r.Referer()), zap.String("remote", r.RemoteAddr), zap.String("user_agent", kithttp.UserAgent(r)), + zap.String("authenticated_id", id), + zap.String("user_id", userid), zap.Duration("took", time.Since(start)), errField, errReferenceField,