Add log messages to error events w/o log message, primaryly error level

- "log spam" to be controlled via loglevel flag on startup
2025-07-23 12:51:40 +02:00 · 2023-01-31 18:28:44 +01:00
parent 25eb3bb481
commit b77bd078e5
22 changed files with 214 additions and 14 deletions
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -94,6 +94,7 @@ func Init(db *sqlx.DB,
 		roles    varchar(255) NOT NULL DEFAULT "[]",
 		email    varchar(255) DEFAULT NULL);`)
 	if err != nil {
+		log.Error("Error while initializing authentication -> create user table failed")
 		return nil, err
 	}

@@ -102,12 +103,14 @@ func Init(db *sqlx.DB,
 		log.Warn("environment variable 'SESSION_KEY' not set (will use non-persistent random key)")
 		bytes := make([]byte, 32)
 		if _, err := rand.Read(bytes); err != nil {
+			log.Error("Error while initializing authentication -> failed to generate random bytes for session key")
 			return nil, err
 		}
 		auth.sessionStore = sessions.NewCookieStore(bytes)
 	} else {
 		bytes, err := base64.StdEncoding.DecodeString(sessKey)
 		if err != nil {
+			log.Error("Error while initializing authentication -> decoding session key failed")
 			return nil, err
 		}
 		auth.sessionStore = sessions.NewCookieStore(bytes)
@@ -115,12 +118,14 @@ func Init(db *sqlx.DB,

 	auth.LocalAuth = &LocalAuthenticator{}
 	if err := auth.LocalAuth.Init(auth, nil); err != nil {
+		log.Error("Error while initializing authentication -> localAuth init failed")
 		return nil, err
 	}
 	auth.authenticators = append(auth.authenticators, auth.LocalAuth)

 	auth.JwtAuth = &JWTAuthenticator{}
 	if err := auth.JwtAuth.Init(auth, configs["jwt"]); err != nil {
+		log.Error("Error while initializing authentication -> jwtAuth init failed")
 		return nil, err
 	}
 	auth.authenticators = append(auth.authenticators, auth.JwtAuth)
@@ -128,6 +133,7 @@ func Init(db *sqlx.DB,
 	if config, ok := configs["ldap"]; ok {
 		auth.LdapAuth = &LdapAuthenticator{}
 		if err := auth.LdapAuth.Init(auth, config); err != nil {
+			log.Error("Error while initializing authentication -> ldapAuth init failed")
 			return nil, err
 		}
 		auth.authenticators = append(auth.authenticators, auth.LdapAuth)
@@ -142,6 +148,7 @@ func (auth *Authentication) AuthViaSession(

 	session, err := auth.sessionStore.Get(r, "session")
 	if err != nil {
+		log.Error("Error while getting session store")
 		return nil, err
 	}

--- a/internal/auth/jwt.go
+++ b/internal/auth/jwt.go
@@ -45,11 +45,13 @@ func (ja *JWTAuthenticator) Init(auth *Authentication, conf interface{}) error {
 	} else {
 		bytes, err := base64.StdEncoding.DecodeString(pubKey)
 		if err != nil {
+			log.Error("Could not decode JWT public key")
 			return err
 		}
 		ja.publicKey = ed25519.PublicKey(bytes)
 		bytes, err = base64.StdEncoding.DecodeString(privKey)
 		if err != nil {
+			log.Error("Could not decode JWT private key")
 			return err
 		}
 		ja.privateKey = ed25519.PrivateKey(bytes)
@@ -58,6 +60,7 @@ func (ja *JWTAuthenticator) Init(auth *Authentication, conf interface{}) error {
 	if pubKey = os.Getenv("CROSS_LOGIN_JWT_HS512_KEY"); pubKey != "" {
 		bytes, err := base64.StdEncoding.DecodeString(pubKey)
 		if err != nil {
+			log.Error("Could not decode cross login JWT HS512 key")
 			return err
 		}
 		ja.loginTokenKey = bytes
@@ -68,6 +71,7 @@ func (ja *JWTAuthenticator) Init(auth *Authentication, conf interface{}) error {
 	if keyFound && pubKeyCrossLogin != "" {
 		bytes, err := base64.StdEncoding.DecodeString(pubKeyCrossLogin)
 		if err != nil {
+			log.Error("Could not decode cross login JWT public key")
 			return err
 		}
 		ja.publicKeyCrossLogin = ed25519.PublicKey(bytes)
@@ -126,10 +130,12 @@ func (ja *JWTAuthenticator) Login(
 		return nil, fmt.Errorf("AUTH/JWT > unkown signing method for login token: %s (known: HS256, HS512, EdDSA)", t.Method.Alg())
 	})
 	if err != nil {
+		log.Error("Error while parsing jwt token")
 		return nil, err
 	}

 	if err := token.Claims.Valid(); err != nil {
+		log.Warn("jwt token claims are not valid")
 		return nil, err
 	}

@@ -151,6 +157,7 @@ func (ja *JWTAuthenticator) Login(
 	if user == nil {
 		user, err = ja.auth.GetUser(sub)
 		if err != nil && err != sql.ErrNoRows {
+			log.Errorf("Error while loading user '%#v'", sub)
 			return nil, err
 		} else if user == nil {
 			user = &User{
@@ -159,6 +166,7 @@ func (ja *JWTAuthenticator) Login(
 				AuthSource: AuthViaToken,
 			}
 			if err := ja.auth.AddUser(user); err != nil {
+				log.Errorf("Error while adding user '%#v' to auth from token", user.Username)
 				return nil, err
 			}
 		}
@@ -223,11 +231,13 @@ func (ja *JWTAuthenticator) Auth(
 		return ja.publicKey, nil
 	})
 	if err != nil {
+		log.Error("Error while parsing token")
 		return nil, err
 	}

 	// Check token validity
 	if err := token.Claims.Valid(); err != nil {
+		log.Warn("jwt token claims are not valid")
 		return nil, err
 	}

--- a/internal/auth/ldap.go
+++ b/internal/auth/ldap.go
@@ -39,10 +39,12 @@ func (la *LdapAuthenticator) Init(
 	if la.config != nil && la.config.SyncInterval != "" {
 		interval, err := time.ParseDuration(la.config.SyncInterval)
 		if err != nil {
+			log.Errorf("Could not parse duration for sync interval: %#v", la.config.SyncInterval)
 			return err
 		}

 		if interval == 0 {
+			log.Note("Sync interval is zero")
 			return nil
 		}

@@ -76,12 +78,14 @@ func (la *LdapAuthenticator) Login(

 	l, err := la.getLdapConnection(false)
 	if err != nil {
+		log.Error("Error while getting ldap connection")
 		return nil, err
 	}
 	defer l.Close()

 	userDn := strings.Replace(la.config.UserBind, "{username}", user.Username, -1)
 	if err := l.Bind(userDn, r.FormValue("password")); err != nil {
+		log.Error("Error while binding to ldap connection")
 		return nil, err
 	}

@@ -104,12 +108,14 @@ func (la *LdapAuthenticator) Sync() error {
 	users := map[string]int{}
 	rows, err := la.auth.db.Query(`SELECT username FROM user WHERE user.ldap = 1`)
 	if err != nil {
+		log.Error("Error while querying LDAP users")
 		return err
 	}

 	for rows.Next() {
 		var username string
 		if err := rows.Scan(&username); err != nil {
+			log.Errorf("Error while scanning for user '%s'", username)
 			return err
 		}

@@ -118,6 +124,7 @@ func (la *LdapAuthenticator) Sync() error {

 	l, err := la.getLdapConnection(true)
 	if err != nil {
+		log.Error("LDAP connection error")
 		return err
 	}
 	defer l.Close()
@@ -126,6 +133,7 @@ func (la *LdapAuthenticator) Sync() error {
 		la.config.UserBase, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
 		la.config.UserFilter, []string{"dn", "uid", "gecos"}, nil))
 	if err != nil {
+		log.Error("LDAP search error")
 		return err
 	}

@@ -149,6 +157,7 @@ func (la *LdapAuthenticator) Sync() error {
 		if where == IN_DB && la.config.SyncDelOldUsers {
 			log.Debugf("sync: remove %#v (does not show up in LDAP anymore)", username)
 			if _, err := la.auth.db.Exec(`DELETE FROM user WHERE user.username = ?`, username); err != nil {
+				log.Errorf("User '%s' not in LDAP anymore: Delete from DB failed", username)
 				return err
 			}
 		} else if where == IN_LDAP {
@@ -156,6 +165,7 @@ func (la *LdapAuthenticator) Sync() error {
 			log.Debugf("sync: add %#v (name: %#v, roles: [user], ldap: true)", username, name)
 			if _, err := la.auth.db.Exec(`INSERT INTO user (username, ldap, name, roles) VALUES (?, ?, ?, ?)`,
 				username, 1, name, "[\""+RoleUser+"\"]"); err != nil {
+				log.Errorf("User '%s' new in LDAP: Insert into DB failed", username)
 				return err
 			}
 		}
@@ -170,12 +180,14 @@ func (la *LdapAuthenticator) getLdapConnection(admin bool) (*ldap.Conn, error) {

 	conn, err := ldap.DialURL(la.config.Url)
 	if err != nil {
+		log.Error("LDAP URL dial failed")
 		return nil, err
 	}

 	if admin {
 		if err := conn.Bind(la.config.SearchDN, la.syncPassword); err != nil {
 			conn.Close()
+			log.Error("LDAP connection bind failed")
 			return nil, err
 		}
 	}
--- a/internal/auth/users.go
+++ b/internal/auth/users.go
@@ -25,6 +25,7 @@ func (auth *Authentication) GetUser(username string) (*User, error) {
 	if err := sq.Select("password", "ldap", "name", "roles", "email").From("user").
 		Where("user.username = ?", username).RunWith(auth.db).
 		QueryRow().Scan(&hashedPassword, &user.AuthSource, &name, &rawRoles, &email); err != nil {
+		log.Errorf("Error while querying user '%#v' from database", username)
 		return nil, err
 	}

@@ -33,6 +34,7 @@ func (auth *Authentication) GetUser(username string) (*User, error) {
 	user.Email = email.String
 	if rawRoles.Valid {
 		if err := json.Unmarshal([]byte(rawRoles.String), &user.Roles); err != nil {
+			log.Error("Error while unmarshaling raw roles from DB")
 			return nil, err
 		}
 	}
@@ -57,6 +59,7 @@ func (auth *Authentication) AddUser(user *User) error {
 	if user.Password != "" {
 		password, err := bcrypt.GenerateFromPassword([]byte(user.Password), bcrypt.DefaultCost)
 		if err != nil {
+			log.Error("Error while encrypting new user password")
 			return err
 		}
 		cols = append(cols, "password")
@@ -64,6 +67,7 @@ func (auth *Authentication) AddUser(user *User) error {
 	}

 	if _, err := sq.Insert("user").Columns(cols...).Values(vals...).RunWith(auth.db).Exec(); err != nil {
+		log.Errorf("Error while inserting new user '%#v' into DB", user.Username)
 		return err
 	}

@@ -74,6 +78,7 @@ func (auth *Authentication) AddUser(user *User) error {
 func (auth *Authentication) DelUser(username string) error {

 	_, err := auth.db.Exec(`DELETE FROM user WHERE user.username = ?`, username)
+	log.Errorf("Error while deleting user '%s' from DB", username)
 	return err
 }

@@ -86,6 +91,7 @@ func (auth *Authentication) ListUsers(specialsOnly bool) ([]*User, error) {

 	rows, err := q.RunWith(auth.db).Query()
 	if err != nil {
+		log.Error("Error while querying user list")
 		return nil, err
 	}

@@ -96,10 +102,12 @@ func (auth *Authentication) ListUsers(specialsOnly bool) ([]*User, error) {
 		user := &User{}
 		var name, email sql.NullString
 		if err := rows.Scan(&user.Username, &name, &email, &rawroles); err != nil {
+			log.Error("Error while scanning user list")
 			return nil, err
 		}

 		if err := json.Unmarshal([]byte(rawroles), &user.Roles); err != nil {
+			log.Error("Error while unmarshaling raw role list")
 			return nil, err
 		}

@@ -117,6 +125,7 @@ func (auth *Authentication) AddRole(

 	user, err := auth.GetUser(username)
 	if err != nil {
+		log.Errorf("Could not load user '%s'", username)
 		return err
 	}

@@ -132,6 +141,7 @@ func (auth *Authentication) AddRole(

 	roles, _ := json.Marshal(append(user.Roles, role))
 	if _, err := sq.Update("user").Set("roles", roles).Where("user.username = ?", username).RunWith(auth.db).Exec(); err != nil {
+		log.Errorf("Error while adding new role for user '%s'", user.Username)
 		return err
 	}
 	return nil
@@ -140,6 +150,7 @@ func (auth *Authentication) AddRole(
 func (auth *Authentication) RemoveRole(ctx context.Context, username string, role string) error {
 	user, err := auth.GetUser(username)
 	if err != nil {
+		log.Errorf("Could not load user '%s'", username)
 		return err
 	}

@@ -160,6 +171,7 @@ func (auth *Authentication) RemoveRole(ctx context.Context, username string, rol
 	if (exists == true) {
 		var mroles, _ = json.Marshal(newroles)
 		if _, err := sq.Update("user").Set("roles", mroles).Where("user.username = ?", username).RunWith(auth.db).Exec(); err != nil {
+			log.Errorf("Error while removing role for user '%s'", user.Username)
 			return err
 		}
 		return nil
@@ -179,9 +191,11 @@ func FetchUser(ctx context.Context, db *sqlx.DB, username string) (*model.User,
 	if err := sq.Select("name", "email").From("user").Where("user.username = ?", username).
 		RunWith(db).QueryRow().Scan(&name, &email); err != nil {
 		if err == sql.ErrNoRows {
+			log.Errorf("User '%s' Not found in DB", username)
 			return nil, nil
 		}

+		log.Errorf("Error while fetching user '%s'", username)
 		return nil, err
 	}