feat(middleware): log more informations on authentification errors

crypto/pem.go

@@ -53,21 +53,21 @@ func DecodePEMEncryptedPrivateKey(key []byte, passphrase []byte) (*rsa.PrivateKe
 }
 
 func EncodePrivateKeyToEncryptedPEM(key *rsa.PrivateKey, passphrase []byte) ([]byte, error) {
+	if passphrase == nil {
+		return nil, errors.New("passphrase cannot be empty")
+	}
+
 	block := &pem.Block{
 		Type:  "RSA PRIVATE KEY",
 		Bytes: x509.MarshalPKCS1PrivateKey(key),
 	}
 
-	if len(passphrase) != 0 {
+	block, err := x509.EncryptPEMBlock(
-		encryptedBlock, err := x509.EncryptPEMBlock(
+		rand.Reader, block.Type,
-			rand.Reader, block.Type,
+		block.Bytes, passphrase, x509.PEMCipherAES256,
-			block.Bytes, passphrase, x509.PEMCipherAES256,
+	)
-		)
+	if err != nil {
-		if err != nil {
+		return nil, errors.WithStack(err)
-			return nil, errors.WithStack(err)
-		}
-
-		block = encryptedBlock
 	}
 
 	return pem.EncodeToMemory(block), nil

server/handler.go

@@ -3,12 +3,12 @@ package server
 import (
 	"crypto/rsa"
 	"encoding/json"
+	"errors"
 	"net/http"
 	"time"
 
 	peering "forge.cadoles.com/Cadoles/go-http-peering"
 	peeringCrypto "forge.cadoles.com/Cadoles/go-http-peering/crypto"
-	"github.com/pkg/errors"
 )
 
 var (
@@ -34,7 +34,7 @@ func AdvertiseHandler(store peering.Store, key *rsa.PublicKey, funcs ...OptionFu
 
 		serverClaims, err := assertServerToken(key, serverToken)
 		if err != nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(err))
+			logger.Printf("[ERROR] %s", err)
 			sendError(w, http.StatusUnauthorized)
 			return
 		}
@@ -43,26 +43,27 @@ func AdvertiseHandler(store peering.Store, key *rsa.PublicKey, funcs ...OptionFu
 
 		decoder := json.NewDecoder(r.Body)
 		if err := decoder.Decode(advertising); err != nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(err))
+			logger.Printf("[ERROR] %s", err)
 			options.ErrorHandler(w, r, ErrInvalidAdvertisingRequest)
 			return
 		}
 
 		if _, err := peeringCrypto.DecodePEMToPublicKey(advertising.PublicKey); err != nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(err))
+			logger.Printf("[ERROR] %s", err)
 			options.ErrorHandler(w, r, ErrInvalidAdvertisingRequest)
 			return
 		}
 
 		peer, err := store.Get(serverClaims.PeerID)
+
 		if err == nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(ErrPeerIDAlreadyInUse))
+			logger.Printf("[ERROR] %s", ErrPeerIDAlreadyInUse)
 			options.ErrorHandler(w, r, ErrPeerIDAlreadyInUse)
 			return
 		}
 
 		if err != peering.ErrPeerNotFound {
-			logger.Printf("[ERROR] %+v", errors.WithStack(err))
+			logger.Printf("[ERROR] %s", err)
 			options.ErrorHandler(w, r, err)
 			return
 		}
@@ -71,25 +72,25 @@ func AdvertiseHandler(store peering.Store, key *rsa.PublicKey, funcs ...OptionFu
 
 		peer, err = store.Create(serverClaims.PeerID, attrs)
 		if err != nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(err))
+			logger.Printf("[ERROR] %s", err)
 			options.ErrorHandler(w, r, err)
 			return
 		}
 
 		if err := store.UpdateLastContact(peer.ID, r.RemoteAddr, time.Now()); err != nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(err))
+			logger.Printf("[ERROR] %s", err)
 			options.ErrorHandler(w, r, err)
 			return
 		}
 
 		if err := store.UpdateLastContact(peer.ID, r.RemoteAddr, time.Now()); err != nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(err))
+			logger.Printf("[ERROR] %s", err)
 			options.ErrorHandler(w, r, err)
 			return
 		}
 
 		if err := store.UpdatePublicKey(peer.ID, advertising.PublicKey); err != nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(err))
+			logger.Printf("[ERROR] %s", err)
 			options.ErrorHandler(w, r, err)
 			return
 		}
@@ -116,39 +117,39 @@ func UpdateHandler(store peering.Store, funcs ...OptionFunc) http.HandlerFunc {
 
 		peerID, err := GetPeerID(r)
 		if err != nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(err))
+			logger.Printf("[ERROR] %s", err)
 			options.ErrorHandler(w, r, err)
 			return
 		}
 
 		peer, err := store.Get(peerID)
 		if err != nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(err))
+			logger.Printf("[ERROR] %s", err)
 			options.ErrorHandler(w, r, err)
 			return
 		}
 
 		if peer == nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(ErrUnauthorized))
+			logger.Printf("[ERROR] %s", ErrUnauthorized)
 			options.ErrorHandler(w, r, ErrUnauthorized)
 			return
 		}
 
 		if peer.Status == peering.StatusRejected {
-			logger.Printf("[ERROR] %+v", errors.WithStack(ErrPeerRejected))
+			logger.Printf("[ERROR] %s", ErrPeerRejected)
 			options.ErrorHandler(w, r, ErrPeerRejected)
 			return
 		}
 
 		if err := store.UpdateLastContact(peer.ID, r.RemoteAddr, time.Now()); err != nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(err))
+			logger.Printf("[ERROR] %s", err)
 			options.ErrorHandler(w, r, err)
 			return
 		}
 
 		attrs := filterAttributes(options.PeerAttributes, update.Attributes)
 		if err := store.UpdateAttributes(peer.ID, attrs); err != nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(err))
+			logger.Printf("[ERROR] %s", err)
 			options.ErrorHandler(w, r, err)
 			return
 		}
@@ -175,32 +176,32 @@ func PingHandler(store peering.Store, funcs ...OptionFunc) http.HandlerFunc {
 
 		peerID, err := GetPeerID(r)
 		if err != nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(err))
+			logger.Printf("[ERROR] %s", err)
 			options.ErrorHandler(w, r, err)
 			return
 		}
 
 		peer, err := store.Get(peerID)
 		if err != nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(err))
+			logger.Printf("[ERROR] %s", err)
 			options.ErrorHandler(w, r, err)
 			return
 		}
 
 		if peer == nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(ErrUnauthorized))
+			logger.Printf("[ERROR] %s", ErrUnauthorized)
 			options.ErrorHandler(w, r, ErrUnauthorized)
 			return
 		}
 
 		if peer.Status == peering.StatusRejected {
-			logger.Printf("[ERROR] %+v", errors.WithStack(ErrPeerRejected))
+			logger.Printf("[ERROR] %s", ErrPeerRejected)
 			options.ErrorHandler(w, r, ErrPeerRejected)
 			return
 		}
 
 		if err := store.UpdateLastContact(peer.ID, r.RemoteAddr, time.Now()); err != nil {
-			logger.Printf("[ERROR] %+v", errors.WithStack(err))
+			logger.Printf("[ERROR] %s", err)
 			options.ErrorHandler(w, r, err)
 			return
 		}

server/middleware.go

@@ -5,6 +5,7 @@ import (
 	"context"
 	"crypto/rsa"
 	"crypto/sha256"
+	"errors"
 	"io"
 	"io/ioutil"
 	"net/http"
@@ -14,7 +15,6 @@ import (
 
 	peering "forge.cadoles.com/Cadoles/go-http-peering"
 	jwt "github.com/dgrijalva/jwt-go"
-	"github.com/pkg/errors"
 )
 
 const (
@@ -51,7 +51,7 @@ func Authenticate(store peering.Store, key *rsa.PublicKey, funcs ...OptionFunc)
 
 			serverClaims, err := assertServerToken(key, serverToken)
 			if err != nil {
-				logger.Printf("[ERROR] %+v", errors.WithStack(err))
+				logger.Printf("[ERROR] %+v", err)
 				sendError(w, http.StatusUnauthorized)
 				return
 			}
@@ -64,13 +64,13 @@ func Authenticate(store peering.Store, key *rsa.PublicKey, funcs ...OptionFunc)
 				options.IgnoredClientTokenErrors...,
 			)
 			if err != nil {
-				logger.Printf("[ERROR] %+v", errors.WithStack(err))
+				logger.Printf("[ERROR] %+v", err)
 				switch err {
 				case peering.ErrPeerNotFound:
 					sendError(w, http.StatusUnauthorized)
 				case ErrNotPeered:
 					if err := store.UpdateLastContact(serverClaims.PeerID, r.RemoteAddr, time.Now()); err != nil {
-						logger.Printf("[ERROR] %+v", errors.WithStack(err))
+						logger.Printf("[ERROR] %+v", err)
 						sendError(w, http.StatusInternalServerError)
 						return
 					}
@@ -78,7 +78,7 @@ func Authenticate(store peering.Store, key *rsa.PublicKey, funcs ...OptionFunc)
 					return
 				case ErrPeerRejected:
 					if err := store.UpdateLastContact(serverClaims.PeerID, r.RemoteAddr, time.Now()); err != nil {
-						logger.Printf("[ERROR] %+v", errors.WithStack(err))
+						logger.Printf("[ERROR] %+v", err)
 						sendError(w, http.StatusInternalServerError)
 						return
 					}
@@ -92,19 +92,19 @@ func Authenticate(store peering.Store, key *rsa.PublicKey, funcs ...OptionFunc)
 
 			match, body, err := assertBodySum(r.Body, clientClaims.BodySum)
 			if err != nil {
-				logger.Printf("[ERROR] %+v", errors.WithStack(err))
+				logger.Printf("[ERROR] %+v", err)
 				sendError(w, http.StatusInternalServerError)
 				return
 			}
 
 			if !match {
-				logger.Printf("[ERROR] %+v", errors.WithStack(ErrInvalidChecksum))
+				logger.Printf("[ERROR] %+v", ErrInvalidChecksum)
 				sendError(w, http.StatusBadRequest)
 				return
 			}
 
 			if err := store.UpdateLastContact(serverClaims.PeerID, r.RemoteAddr, time.Now()); err != nil {
-				logger.Printf("[ERROR] %+v", errors.WithStack(err))
+				logger.Printf("[ERROR] %+v", err)
 				sendError(w, http.StatusInternalServerError)
 				return
 			}
@@ -183,7 +183,7 @@ func assertClientToken(peerID peering.PeerID, store peering.Store, clientToken s
 		if ok {
 			for _, c := range ignoredValidationErrors {
 				if validationError.Errors&c != 0 {
-					logger.Printf("ignoring token validation error: '%+v'", errors.WithStack(validationError.Inner))
+					logger.Printf("ignoring token validation error: '%s'", validationError.Inner)
 					return getPeeringClaims(token)
 				}
 			}