Add log messages to error events w/o log message, primaryly error level

- "log spam" to be controlled via loglevel flag on startup
2025-07-23 12:51:40 +02:00 · 2023-01-31 18:28:44 +01:00
parent 25eb3bb481
commit b77bd078e5
22 changed files with 214 additions and 14 deletions
--- a/internal/auth/jwt.go
+++ b/internal/auth/jwt.go
@@ -45,11 +45,13 @@ func (ja *JWTAuthenticator) Init(auth *Authentication, conf interface{}) error {
 	} else {
 		bytes, err := base64.StdEncoding.DecodeString(pubKey)
 		if err != nil {
+			log.Error("Could not decode JWT public key")
 			return err
 		}
 		ja.publicKey = ed25519.PublicKey(bytes)
 		bytes, err = base64.StdEncoding.DecodeString(privKey)
 		if err != nil {
+			log.Error("Could not decode JWT private key")
 			return err
 		}
 		ja.privateKey = ed25519.PrivateKey(bytes)
@@ -58,6 +60,7 @@ func (ja *JWTAuthenticator) Init(auth *Authentication, conf interface{}) error {
 	if pubKey = os.Getenv("CROSS_LOGIN_JWT_HS512_KEY"); pubKey != "" {
 		bytes, err := base64.StdEncoding.DecodeString(pubKey)
 		if err != nil {
+			log.Error("Could not decode cross login JWT HS512 key")
 			return err
 		}
 		ja.loginTokenKey = bytes
@@ -68,6 +71,7 @@ func (ja *JWTAuthenticator) Init(auth *Authentication, conf interface{}) error {
 	if keyFound && pubKeyCrossLogin != "" {
 		bytes, err := base64.StdEncoding.DecodeString(pubKeyCrossLogin)
 		if err != nil {
+			log.Error("Could not decode cross login JWT public key")
 			return err
 		}
 		ja.publicKeyCrossLogin = ed25519.PublicKey(bytes)
@@ -126,10 +130,12 @@ func (ja *JWTAuthenticator) Login(
 		return nil, fmt.Errorf("AUTH/JWT > unkown signing method for login token: %s (known: HS256, HS512, EdDSA)", t.Method.Alg())
 	})
 	if err != nil {
+		log.Error("Error while parsing jwt token")
 		return nil, err
 	}

 	if err := token.Claims.Valid(); err != nil {
+		log.Warn("jwt token claims are not valid")
 		return nil, err
 	}

@@ -151,6 +157,7 @@ func (ja *JWTAuthenticator) Login(
 	if user == nil {
 		user, err = ja.auth.GetUser(sub)
 		if err != nil && err != sql.ErrNoRows {
+			log.Errorf("Error while loading user '%#v'", sub)
 			return nil, err
 		} else if user == nil {
 			user = &User{
@@ -159,6 +166,7 @@ func (ja *JWTAuthenticator) Login(
 				AuthSource: AuthViaToken,
 			}
 			if err := ja.auth.AddUser(user); err != nil {
+				log.Errorf("Error while adding user '%#v' to auth from token", user.Username)
 				return nil, err
 			}
 		}
@@ -223,11 +231,13 @@ func (ja *JWTAuthenticator) Auth(
 		return ja.publicKey, nil
 	})
 	if err != nil {
+		log.Error("Error while parsing token")
 		return nil, err
 	}

 	// Check token validity
 	if err := token.Claims.Valid(); err != nil {
+		log.Warn("jwt token claims are not valid")
 		return nil, err
 	}