Cadoles
/
go-http-peering
10
0
Fork 0
Code Issues Pull Requests Releases 3 Wiki Activity

feat(middleware): log more informations on authentification errors
Cadoles/go-http-peering/pipeline/head There was a failure building this commit Details

This commit is contained in:
wpetit 2024-01-04 16:22:13 +01:00
parent e8e484a7ff
commit 20c4bef161
2 changed files with 30 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
server/handler.go
View File

@ -3,12 +3,12 @@ package server
import ( import (
"crypto/rsa" "crypto/rsa"
"encoding/json" "encoding/json"
"errors"
"net/http" "net/http"
"time" "time"
peering "forge.cadoles.com/Cadoles/go-http-peering" peering "forge.cadoles.com/Cadoles/go-http-peering"
peeringCrypto "forge.cadoles.com/Cadoles/go-http-peering/crypto" peeringCrypto "forge.cadoles.com/Cadoles/go-http-peering/crypto"
"github.com/pkg/errors"
) )
var ( var (
@ -34,7 +34,7 @@ func AdvertiseHandler(store peering.Store, key *rsa.PublicKey, funcs ...OptionFu
serverClaims, err := assertServerToken(key, serverToken) serverClaims, err := assertServerToken(key, serverToken)
if err != nil { if err != nil {
logger.Printf("[ERROR] %s", err) logger.Printf("[ERROR] %+v", errors.WithStack(err))
sendError(w, http.StatusUnauthorized) sendError(w, http.StatusUnauthorized)
return return
} }
@ -43,27 +43,26 @@ func AdvertiseHandler(store peering.Store, key *rsa.PublicKey, funcs ...OptionFu
decoder := json.NewDecoder(r.Body) decoder := json.NewDecoder(r.Body)
if err := decoder.Decode(advertising); err != nil { if err := decoder.Decode(advertising); err != nil {
logger.Printf("[ERROR] %s", err) logger.Printf("[ERROR] %+v", errors.WithStack(err))
options.ErrorHandler(w, r, ErrInvalidAdvertisingRequest) options.ErrorHandler(w, r, ErrInvalidAdvertisingRequest)
return return
} }
if _, err := peeringCrypto.DecodePEMToPublicKey(advertising.PublicKey); err != nil { if _, err := peeringCrypto.DecodePEMToPublicKey(advertising.PublicKey); err != nil {
logger.Printf("[ERROR] %s", err) logger.Printf("[ERROR] %+v", errors.WithStack(err))
options.ErrorHandler(w, r, ErrInvalidAdvertisingRequest) options.ErrorHandler(w, r, ErrInvalidAdvertisingRequest)
return return
} }
peer, err := store.Get(serverClaims.PeerID) peer, err := store.Get(serverClaims.PeerID)
if err == nil { if err == nil {
logger.Printf("[ERROR] %s", ErrPeerIDAlreadyInUse) logger.Printf("[ERROR] %+v", errors.WithStack(ErrPeerIDAlreadyInUse))
options.ErrorHandler(w, r, ErrPeerIDAlreadyInUse) options.ErrorHandler(w, r, ErrPeerIDAlreadyInUse)
return return
} }
if err != peering.ErrPeerNotFound { if err != peering.ErrPeerNotFound {
logger.Printf("[ERROR] %s", err) logger.Printf("[ERROR] %+v", errors.WithStack(err))
options.ErrorHandler(w, r, err) options.ErrorHandler(w, r, err)
return return
} }
@ -72,25 +71,25 @@ func AdvertiseHandler(store peering.Store, key *rsa.PublicKey, funcs ...OptionFu
peer, err = store.Create(serverClaims.PeerID, attrs) peer, err = store.Create(serverClaims.PeerID, attrs)
if err != nil { if err != nil {
logger.Printf("[ERROR] %s", err) logger.Printf("[ERROR] %+v", errors.WithStack(err))
options.ErrorHandler(w, r, err) options.ErrorHandler(w, r, err)
return return
} }
if err := store.UpdateLastContact(peer.ID, r.RemoteAddr, time.Now()); err != nil { if err := store.UpdateLastContact(peer.ID, r.RemoteAddr, time.Now()); err != nil {
logger.Printf("[ERROR] %s", err) logger.Printf("[ERROR] %+v", errors.WithStack(err))
options.ErrorHandler(w, r, err) options.ErrorHandler(w, r, err)
return return
} }
if err := store.UpdateLastContact(peer.ID, r.RemoteAddr, time.Now()); err != nil { if err := store.UpdateLastContact(peer.ID, r.RemoteAddr, time.Now()); err != nil {
logger.Printf("[ERROR] %s", err) logger.Printf("[ERROR] %+v", errors.WithStack(err))
options.ErrorHandler(w, r, err) options.ErrorHandler(w, r, err)
return return
} }
if err := store.UpdatePublicKey(peer.ID, advertising.PublicKey); err != nil { if err := store.UpdatePublicKey(peer.ID, advertising.PublicKey); err != nil {
logger.Printf("[ERROR] %s", err) logger.Printf("[ERROR] %+v", errors.WithStack(err))
options.ErrorHandler(w, r, err) options.ErrorHandler(w, r, err)
return return
} }
@ -117,39 +116,39 @@ func UpdateHandler(store peering.Store, funcs ...OptionFunc) http.HandlerFunc {
peerID, err := GetPeerID(r) peerID, err := GetPeerID(r)
if err != nil { if err != nil {
logger.Printf("[ERROR] %s", err) logger.Printf("[ERROR] %+v", errors.WithStack(err))
options.ErrorHandler(w, r, err) options.ErrorHandler(w, r, err)
return return
} }
peer, err := store.Get(peerID) peer, err := store.Get(peerID)
if err != nil { if err != nil {
logger.Printf("[ERROR] %s", err) logger.Printf("[ERROR] %+v", errors.WithStack(err))
options.ErrorHandler(w, r, err) options.ErrorHandler(w, r, err)
return return
} }
if peer == nil { if peer == nil {
logger.Printf("[ERROR] %s", ErrUnauthorized) logger.Printf("[ERROR] %+v", errors.WithStack(ErrUnauthorized))
options.ErrorHandler(w, r, ErrUnauthorized) options.ErrorHandler(w, r, ErrUnauthorized)
return return
} }
if peer.Status == peering.StatusRejected { if peer.Status == peering.StatusRejected {
logger.Printf("[ERROR] %s", ErrPeerRejected) logger.Printf("[ERROR] %+v", errors.WithStack(ErrPeerRejected))
options.ErrorHandler(w, r, ErrPeerRejected) options.ErrorHandler(w, r, ErrPeerRejected)
return return
} }
if err := store.UpdateLastContact(peer.ID, r.RemoteAddr, time.Now()); err != nil { if err := store.UpdateLastContact(peer.ID, r.RemoteAddr, time.Now()); err != nil {
logger.Printf("[ERROR] %s", err) logger.Printf("[ERROR] %+v", errors.WithStack(err))
options.ErrorHandler(w, r, err) options.ErrorHandler(w, r, err)
return return
} }
attrs := filterAttributes(options.PeerAttributes, update.Attributes) attrs := filterAttributes(options.PeerAttributes, update.Attributes)
if err := store.UpdateAttributes(peer.ID, attrs); err != nil { if err := store.UpdateAttributes(peer.ID, attrs); err != nil {
logger.Printf("[ERROR] %s", err) logger.Printf("[ERROR] %+v", errors.WithStack(err))
options.ErrorHandler(w, r, err) options.ErrorHandler(w, r, err)
return return
} }
@ -176,32 +175,32 @@ func PingHandler(store peering.Store, funcs ...OptionFunc) http.HandlerFunc {
peerID, err := GetPeerID(r) peerID, err := GetPeerID(r)
if err != nil { if err != nil {
logger.Printf("[ERROR] %s", err) logger.Printf("[ERROR] %+v", errors.WithStack(err))
options.ErrorHandler(w, r, err) options.ErrorHandler(w, r, err)
return return
} }
peer, err := store.Get(peerID) peer, err := store.Get(peerID)
if err != nil { if err != nil {
logger.Printf("[ERROR] %s", err) logger.Printf("[ERROR] %+v", errors.WithStack(err))
options.ErrorHandler(w, r, err) options.ErrorHandler(w, r, err)
return return
} }
if peer == nil { if peer == nil {
logger.Printf("[ERROR] %s", ErrUnauthorized) logger.Printf("[ERROR] %+v", errors.WithStack(ErrUnauthorized))
options.ErrorHandler(w, r, ErrUnauthorized) options.ErrorHandler(w, r, ErrUnauthorized)
return return
} }
if peer.Status == peering.StatusRejected { if peer.Status == peering.StatusRejected {
logger.Printf("[ERROR] %s", ErrPeerRejected) logger.Printf("[ERROR] %+v", errors.WithStack(ErrPeerRejected))
options.ErrorHandler(w, r, ErrPeerRejected) options.ErrorHandler(w, r, ErrPeerRejected)
return return
} }
if err := store.UpdateLastContact(peer.ID, r.RemoteAddr, time.Now()); err != nil { if err := store.UpdateLastContact(peer.ID, r.RemoteAddr, time.Now()); err != nil {
logger.Printf("[ERROR] %s", err) logger.Printf("[ERROR] %+v", errors.WithStack(err))
options.ErrorHandler(w, r, err) options.ErrorHandler(w, r, err)
return return
} }

18
server/middleware.go
View File

@ -5,7 +5,6 @@ import (
"context" "context"
"crypto/rsa" "crypto/rsa"
"crypto/sha256" "crypto/sha256"
"errors"
"io" "io"
"io/ioutil" "io/ioutil"
"net/http" "net/http"
@ -15,6 +14,7 @@ import (
peering "forge.cadoles.com/Cadoles/go-http-peering" peering "forge.cadoles.com/Cadoles/go-http-peering"
jwt "github.com/dgrijalva/jwt-go" jwt "github.com/dgrijalva/jwt-go"
"github.com/pkg/errors"
) )
const ( const (
@ -51,7 +51,7 @@ func Authenticate(store peering.Store, key *rsa.PublicKey, funcs ...OptionFunc)
serverClaims, err := assertServerToken(key, serverToken) serverClaims, err := assertServerToken(key, serverToken)
if err != nil { if err != nil {
logger.Printf("[ERROR] %s", err) logger.Printf("[ERROR] %+v", errors.WithStack(err))
sendError(w, http.StatusUnauthorized) sendError(w, http.StatusUnauthorized)
return return
} }
@ -64,13 +64,13 @@ func Authenticate(store peering.Store, key *rsa.PublicKey, funcs ...OptionFunc)
options.IgnoredClientTokenErrors..., options.IgnoredClientTokenErrors...,
) )
if err != nil { if err != nil {
logger.Printf("[ERROR] %s", err) logger.Printf("[ERROR] %+v", errors.WithStack(err))
switch err { switch err {
case peering.ErrPeerNotFound: case peering.ErrPeerNotFound:
sendError(w, http.StatusUnauthorized) sendError(w, http.StatusUnauthorized)
case ErrNotPeered: case ErrNotPeered:
if err := store.UpdateLastContact(serverClaims.PeerID, r.RemoteAddr, time.Now()); err != nil { if err := store.UpdateLastContact(serverClaims.PeerID, r.RemoteAddr, time.Now()); err != nil {
logger.Printf("[ERROR] %s", err) logger.Printf("[ERROR] %+v", errors.WithStack(err))
sendError(w, http.StatusInternalServerError) sendError(w, http.StatusInternalServerError)
return return
} }
@ -78,7 +78,7 @@ func Authenticate(store peering.Store, key *rsa.PublicKey, funcs ...OptionFunc)
return return
case ErrPeerRejected: case ErrPeerRejected:
if err := store.UpdateLastContact(serverClaims.PeerID, r.RemoteAddr, time.Now()); err != nil { if err := store.UpdateLastContact(serverClaims.PeerID, r.RemoteAddr, time.Now()); err != nil {
logger.Printf("[ERROR] %s", err) logger.Printf("[ERROR] %+v", errors.WithStack(err))
sendError(w, http.StatusInternalServerError) sendError(w, http.StatusInternalServerError)
return return
} }
@ -92,19 +92,19 @@ func Authenticate(store peering.Store, key *rsa.PublicKey, funcs ...OptionFunc)
match, body, err := assertBodySum(r.Body, clientClaims.BodySum) match, body, err := assertBodySum(r.Body, clientClaims.BodySum)
if err != nil { if err != nil {
logger.Printf("[ERROR] %s", err) logger.Printf("[ERROR] %+v", errors.WithStack(err))
sendError(w, http.StatusInternalServerError) sendError(w, http.StatusInternalServerError)
return return
} }
if !match { if !match {
logger.Printf("[ERROR] %s", ErrInvalidChecksum) logger.Printf("[ERROR] %+v", errors.WithStack(ErrInvalidChecksum))
sendError(w, http.StatusBadRequest) sendError(w, http.StatusBadRequest)
return return
} }
if err := store.UpdateLastContact(serverClaims.PeerID, r.RemoteAddr, time.Now()); err != nil { if err := store.UpdateLastContact(serverClaims.PeerID, r.RemoteAddr, time.Now()); err != nil {
logger.Printf("[ERROR] %s", err) logger.Printf("[ERROR] %+v", errors.WithStack(err))
sendError(w, http.StatusInternalServerError) sendError(w, http.StatusInternalServerError)
return return
} }
@ -183,7 +183,7 @@ func assertClientToken(peerID peering.PeerID, store peering.Store, clientToken s
if ok { if ok {
for _, c := range ignoredValidationErrors { for _, c := range ignoredValidationErrors {
if validationError.Errors&c != 0 { if validationError.Errors&c != 0 {
logger.Printf("ignoring token validation error: '%s'", validationError.Inner) logger.Printf("ignoring token validation error: '%+v'", errors.WithStack(validationError.Inner))
return getPeeringClaims(token) return getPeeringClaims(token)
} }
} }