Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve logging #70

Merged
merged 9 commits into from
May 24, 2024
Merged

Improve logging #70

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
e4b944f
disable warning log level for unauthenticated requests
antonengelhardt May 6, 2024
8b7b919
capitalization of logs
antonengelhardt May 6, 2024
725965f
more capitalization of logs
antonengelhardt May 6, 2024
68e994f
rename wasm-oidc-plugin from WASM OIDC plugin
antonengelhardt May 9, 2024
220420e
add codeowners for future prs
antonengelhardt May 13, 2024
b3a7687
missing docker image caching in ci
antonengelhardt May 15, 2024
a15455c
chore(dependabot): second rule to separate patches and other updates
antonengelhardt May 21, 2024
76c5dec
chore(dependabot): comment out second rule :(
antonengelhardt May 21, 2024
d17cf36
Merge branch 'main' into improve-logging
antonengelhardt May 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/CODEOWNERS
View file
Open in desktop
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
* @antonengelhardt @miwig
28 changes: 25 additions & 3 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,34 @@
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates

version: 2

updates:
- package-ecosystem: "cargo" # See documentation for possible values
directory: "/" # Location of package manifests
# This checks for minor and major version updates every week
- package-ecosystem: "cargo"
directory: "/"
labels:
- "dependencies"
schedule:
interval: "weekly"
reviewers:
reviewers:
- "antonengelhardt"
ignore:
- dependency-name: "*"
update-types:
- "version-update:semver-patch"

# Patches are grouped together into one PR every month
# - package-ecosystem: "cargo"
# directory: "/"
# labels:
# - "dependencies"
# schedule:
# interval: "monthly"
# reviewers:
# - "antonengelhardt"

# # Group all patches into one PR
# groups:
# patches:
# update-types:
# - "patch"
Comment on lines +23 to +37
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sadly there can only be one rule for each package-manager (cargo) 😢

5 changes: 4 additions & 1 deletion .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ jobs:
target/
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}

- name: Build WASM OIDC Plugin
- name: Build wasm-oidc-plugin
run: |
cargo build --target wasm32-wasi --release

Expand All @@ -132,6 +132,9 @@ jobs:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}

- name: Pull previous image to cache
run: docker pull antonengelhardt/wasm-oidc-plugin:latest

- name: Push to Docker Hub
uses: docker/build-push-action@v2
with:
Expand Down
5 changes: 4 additions & 1 deletion .github/workflows/test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@ jobs:
target/
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}

- name: Build WASM OIDC Plugin
- name: Build wasm-oidc-plugin
run: |
cargo build --target wasm32-wasi --release

Expand All @@ -129,6 +129,9 @@ jobs:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}

- name: Pull previous image to cache
run: docker pull antonengelhardt/wasm-oidc-plugin:pr-${{ github.event.pull_request.head.ref }} || true

- name: Push to Docker Hub
uses: docker/build-push-action@v2
with:
Expand Down
2 changes: 1 addition & 1 deletion k8s/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ jobs:
target/
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}

- name: Build WASM OIDC Plugin
- name: Build wasm-oidc-plugin
run: |
cargo build --target wasm32-wasi --release

Expand Down
6 changes: 3 additions & 3 deletions src/cookie.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ impl Session {
let encrypted_cookie = cipher.encrypt(&nonce, serde_json::to_vec(&self)?.as_slice())?;
let encoded_cookie = base64engine.encode(encrypted_cookie.as_slice());

debug!("Encrypted with nonce: {}", &encoded_nonce);
debug!("encrypted with nonce: {}", &encoded_nonce);

Ok((encoded_cookie, encoded_nonce))
}
Expand Down Expand Up @@ -148,7 +148,7 @@ impl Session {
encoded_nonce: String,
) -> Result<Session, PluginError> {
// Decode nonce using base64
debug!("Decrypting with nonce: {}", encoded_nonce);
debug!("decrypting with nonce: {}", encoded_nonce);
let decoded_nonce = base64engine.decode(encoded_nonce.as_bytes())?;
let nonce = aes_gcm::Nonce::from_slice(decoded_nonce.as_slice());

Expand All @@ -160,7 +160,7 @@ impl Session {

// Parse cookie into a struct
let state = serde_json::from_slice::<Session>(&decrypted_cookie)?;
debug!("State: {:?}", state);
debug!("state: {:?}", state);
Ok(state)
}
}
21 changes: 12 additions & 9 deletions src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ impl HttpContext for ConfiguredOidc {
.iter()
.any(|x| x.is_match(&host))
{
debug!("Host {} is excluded. Forwarding request.", host);
debug!("host {} is excluded, forwarding request.", host);
self.filter_proxy_cookies();
return Action::Continue;
}
Expand All @@ -136,7 +136,7 @@ impl HttpContext for ConfiguredOidc {
.iter()
.any(|x| x.is_match(&path))
{
debug!("Path {} is excluded. Forwarding request.", path);
debug!("path {} is excluded, forwarding request.", path);
self.filter_proxy_cookies();
return Action::Continue;
}
Expand All @@ -149,7 +149,7 @@ impl HttpContext for ConfiguredOidc {
.iter()
.any(|x| x.is_match(url.as_str()))
{
debug!("Url {} is excluded. Forwarding request.", url.as_str());
debug!("url {} is excluded, forwarding request.", url.as_str());
self.filter_proxy_cookies();
return Action::Continue;
}
Expand Down Expand Up @@ -221,9 +221,12 @@ impl HttpContext for ConfiguredOidc {
// Allow request to pass
return Action::Continue;
}
Err(e) => {
warn!("cookie validation failed: {}", e);
}
Err(e) => match e {
// disable logging for these errors
PluginError::SessionCookieNotFoundError => {}
PluginError::NonceCookieNotFoundError => {}
_ => warn!("cookie validation failed: {}", e),
},
}

// Redirect to `authorization_endpoint` if no cookie is found or previous cases have returned an error.
Expand Down Expand Up @@ -399,7 +402,7 @@ impl ConfiguredOidc {
match validation_result {
Ok(_) => return Ok(()),
Err(e) => {
debug!("Token validation failed: {:?}", e);
debug!("token validation failed: {:?}", e);
continue;
}
}
Expand Down Expand Up @@ -432,9 +435,9 @@ impl ConfiguredOidc {
)?;

// Get state and code from query
let state = callback_params.state;
let code = callback_params.code;
debug!("authorization code: {}", code);
let state = callback_params.state;
debug!("client state: {}", state);
debug!("cookie state: {}", session.state);

Expand Down Expand Up @@ -532,8 +535,8 @@ impl ConfiguredOidc {
match self.get_http_call_response_body(0, body_size) {
Some(body) => {
// Get nonce and cookie
let encoded_nonce = self.get_nonce()?;
let encoded_cookie = self.get_session_cookie_as_string()?;
let encoded_nonce = self.get_nonce()?;

// Get session from cookie
let mut session = Session::decode_and_decrypt(
Expand Down
Loading