mirror of
https://github.com/grafana/grafana.git
synced 2024-11-29 20:24:18 -06:00
c2d3c90bc8
* Auth: check of auth_token in url and resolve user if present * check if auth_token is passed in url * Auth: Pass auth_token for request if present in path * no need to decode token in index * temp * use loadURLToken and set authorization header * cache token in memory and strip it from url * Use loadURLToken * Keep token in url * strip sensitive query strings from url used by context logger * adapt login by url to jwt token * add jwt iframe devenv * add jwt iframe devenv instructions * add access note * add test for cleaning request * ensure jwt token is not carried into handlers * do not reshuffle queries, might be important * add correct db dump location * prefer set token instead of cached token Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Karl Persson <kalle.persson@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
101 lines
2.5 KiB
Go
101 lines
2.5 KiB
Go
// Copyright 2013 Martini Authors
|
|
// Copyright 2014 Unknwon
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License"): you may
|
|
// not use this file except in compliance with the License. You may obtain
|
|
// a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
// License for the specific language governing permissions and limitations
|
|
// under the License.
|
|
|
|
package middleware
|
|
|
|
import (
|
|
"net/http"
|
|
"net/url"
|
|
"time"
|
|
|
|
"github.com/grafana/grafana/pkg/infra/tracing"
|
|
"github.com/grafana/grafana/pkg/models"
|
|
"github.com/grafana/grafana/pkg/services/contexthandler"
|
|
"github.com/grafana/grafana/pkg/setting"
|
|
"github.com/grafana/grafana/pkg/web"
|
|
)
|
|
|
|
func Logger(cfg *setting.Cfg) web.Handler {
|
|
return func(res http.ResponseWriter, req *http.Request, c *web.Context) {
|
|
start := time.Now()
|
|
|
|
rw := res.(web.ResponseWriter)
|
|
c.Next()
|
|
|
|
timeTaken := time.Since(start) / time.Millisecond
|
|
duration := time.Since(start).String()
|
|
ctx := contexthandler.FromContext(c.Req.Context())
|
|
if ctx != nil && ctx.PerfmonTimer != nil {
|
|
ctx.PerfmonTimer.Observe(float64(timeTaken))
|
|
}
|
|
|
|
status := rw.Status()
|
|
if status == 200 || status == 304 {
|
|
if !cfg.RouterLogging {
|
|
return
|
|
}
|
|
}
|
|
|
|
if ctx != nil {
|
|
logParams := []interface{}{
|
|
"method", req.Method,
|
|
"path", req.URL.Path,
|
|
"status", status,
|
|
"remote_addr", c.RemoteAddr(),
|
|
"time_ms", int64(timeTaken),
|
|
"duration", duration,
|
|
"size", rw.Size(),
|
|
"referer", SanitizeURL(ctx, req.Referer()),
|
|
}
|
|
|
|
traceID := tracing.TraceIDFromContext(ctx.Req.Context(), false)
|
|
if traceID != "" {
|
|
logParams = append(logParams, "traceID", traceID)
|
|
}
|
|
|
|
if status >= 500 {
|
|
ctx.Logger.Error("Request Completed", logParams...)
|
|
} else {
|
|
ctx.Logger.Info("Request Completed", logParams...)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
var sensitiveQueryStrings = [...]string{
|
|
"auth_token",
|
|
}
|
|
|
|
func SanitizeURL(ctx *models.ReqContext, s string) string {
|
|
if s == "" {
|
|
return s
|
|
}
|
|
|
|
u, err := url.ParseRequestURI(s)
|
|
if err != nil {
|
|
ctx.Logger.Warn("Received invalid referer in request headers, removed for log forgery prevention")
|
|
return ""
|
|
}
|
|
|
|
// strip out sensitive query strings
|
|
values := u.Query()
|
|
for _, query := range sensitiveQueryStrings {
|
|
values.Del(query)
|
|
}
|
|
u.RawQuery = values.Encode()
|
|
|
|
return u.String()
|
|
}
|