Dont log IP by default, to be GDPR compliant #119

internal/configuration/setup/Setup.go

@@ -118,8 +118,9 @@ func startSetupWebserver() {
 		srv.Addr = "127.0.0.1:" + port
 		fmt.Println("Authentication is disabled by debug flag. Setup only accessible by localhost")
 		fmt.Println("Please open http://127.0.0.1:" + port + "/setup to setup Gokapi.")
+	} else {
+		fmt.Println("Please open http://" + resolveHostIp() + ":" + port + "/setup to setup Gokapi.")
 	}
-	fmt.Println("Please open http://" + resolveHostIp() + ":" + port + "/setup to setup Gokapi.")
 	listener, err := net.Listen("tcp", ":"+port)
 	if err != nil {
 		if isErrorAddressAlreadyInUse(err) {
@@ -358,6 +359,10 @@ func parseServerSettings(result *models.Configuration, formObjects *[]jsonFormOb
 	if err != nil {
 		return err
 	}
+	result.SaveIp, err = getFormValueBool(formObjects, "logip_sel")
+	if err != nil {
+		return err
+	}
 
 	result.Authentication.Method, err = getFormValueInt(formObjects, "authentication_sel")
 	if err != nil {

internal/configuration/setup/Setup_test.go

@@ -334,6 +334,7 @@ func TestIntegration(t *testing.T) {
 	test.IsEqualBool(t, strings.Contains(settings.Port, "127.0.0.1"), true)
 	test.IsEqualBool(t, strings.Contains(settings.Port, ":53842"), true)
 	test.IsEqualBool(t, settings.UseSsl, false)
+	test.IsEqualBool(t, settings.SaveIp, false)
 	test.IsEqualString(t, settings.ServerUrl, "http://127.0.0.1:53842/")
 	test.IsEqualString(t, settings.RedirectUrl, "https://github.com/Forceu/Gokapi/")
 	cconfig, ok := cloudconfig.Load()
@@ -413,6 +414,7 @@ func TestIntegration(t *testing.T) {
 	test.IsEqualBool(t, strings.Contains(settings.Port, "127.0.0.1"), false)
 	test.IsEqualBool(t, strings.Contains(settings.Port, ":53842"), true)
 	test.IsEqualBool(t, settings.UseSsl, true)
+	test.IsEqualBool(t, settings.SaveIp, true)
 	test.IsEqualString(t, settings.ServerUrl, "http://127.0.0.1:53842/")
 	test.IsEqualString(t, settings.RedirectUrl, "https://test.com")
 	test.IsEqualBool(t, settings.PicturesAlwaysLocal, false)
@@ -457,6 +459,7 @@ func TestIntegration(t *testing.T) {
 type setupValues struct {
 	BindLocalhost        setupEntry `form:"localhost_sel" isBool:"true"`
 	UseSsl               setupEntry `form:"ssl_sel" isBool:"true"`
+	SaveIp               setupEntry `form:"logip_sel" isBool:"true"`
 	Port                 setupEntry `form:"port" isInt:"true"`
 	PublicName           setupEntry `form:"public_name"`
 	ExtUrl               setupEntry `form:"url"`
@@ -589,6 +592,7 @@ func createInputInternalAuth() setupValues {
 	values.S3Endpoint.Value = "testendpoint"
 	values.EncryptionLevel.Value = "0"
 	values.PicturesAlwaysLocal.Value = "nochange"
+	values.SaveIp.Value = "0"
 
 	return values
 }
@@ -608,6 +612,7 @@ func createInputHeaderAuth() setupValues {
 	values.AuthHeaderUsers.Value = "test1 ;test2"
 	values.StorageSelection.Value = "local"
 	values.EncryptionLevel.Value = "0"
+	values.SaveIp.Value = "1"
 
 	return values
 }

internal/configuration/setup/templates/setup.tmpl

@@ -88,13 +88,19 @@
 								<option value="1">Yes</option>
 {{ end }}
 
-						</select><br><br>
+						</select><br>
 							
 							  <label for="ssl_sel">Use SSL (a self-signed certificate will be generated that can be replaced)</label>
 						<select name="ssl_sel" id="ssl_sel" style="width:350px;" onChange="urlParamChanged()" class="select form-control">
 								<option value="0" selected>No</option>
 								<option value="1">Yes</option>
 
+						</select><br>
+						
+							  <label for="logip_sel">Log IP address on download <i>(might not be GDPR compliant)</i></label>
+						<select name="logip_sel" id="logip_sel" style="width:350px;" class="select form-control">
+								<option value="0" selected>No</option>
+								<option value="1">Yes</option>
 						</select>
 					</div>
 				</div>
@@ -619,6 +625,9 @@ function TestAWS(button) {
 	{{ end }}
 	{{ if .Settings.UseSsl }}
 				document.getElementById("ssl_sel").selectedIndex = 1;
+	{{ end }}
+	{{ if .Settings.SaveIp }}
+				document.getElementById("logip_sel").selectedIndex = 1;
 	{{ end }}
 				document.getElementById("port").value = "{{ .Port }}";
 				document.getElementById("url").value = "{{ .Settings.ServerUrl }}";

internal/logging/Logging.go

@@ -31,8 +31,12 @@ func GetLogPath() string {
 }
 
 // AddDownload adds a line to the logfile when a download was requested. Non-Blocking
-func AddDownload(file *models.File, r *http.Request) {
-	AddString(fmt.Sprintf("Download: Filename %s, IP %s, ID %s, Useragent %s", file.Name, getIpAddress(r), file.Id, r.UserAgent()))
+func AddDownload(file *models.File, r *http.Request, saveIp bool) {
+	if saveIp {
+		AddString(fmt.Sprintf("Download: Filename %s, IP %s, ID %s, Useragent %s", file.Name, getIpAddress(r), file.Id, r.UserAgent()))
+	} else {
+		AddString(fmt.Sprintf("Download: Filename %s, ID %s, Useragent %s", file.Name, file.Id, r.UserAgent()))
+	}
 }
 
 func writeToFile(text string) {

internal/logging/Logging_test.go

@@ -1,7 +1,6 @@
 package logging
 
 import (
-	"fmt"
 	"github.com/forceu/gokapi/internal/models"
 	"github.com/forceu/gokapi/internal/test"
 	"github.com/forceu/gokapi/internal/test/testconfiguration"
@@ -56,12 +55,17 @@ func TestAddDownload(t *testing.T) {
 	r := httptest.NewRequest("GET", "/test", nil)
 	r.Header.Set("User-Agent", "testAgent")
 	r.Header.Add("X-REAL-IP", "1.1.1.1")
-	AddDownload(&file, r)
+	AddDownload(&file, r, true)
 	// Need sleep, as AddDownload() is non-blocking
 	time.Sleep(500 * time.Millisecond)
 	content, _ := os.ReadFile("test/log.txt")
-	fmt.Println(string(content))
 	test.IsEqualBool(t, strings.Contains(string(content), "UTC   Download: Filename testName, IP 1.1.1.1, ID testId, Useragent testAgent"), true)
+	r.Header.Add("X-REAL-IP", "2.2.2.2")
+	AddDownload(&file, r, false)
+	// Need sleep, as AddDownload() is non-blocking
+	time.Sleep(500 * time.Millisecond)
+	content, _ = os.ReadFile("test/log.txt")
+	test.IsEqualBool(t, strings.Contains(string(content), "2.2.2.2"), false)
 }
 
 func TestGetLogPath(t *testing.T) {

internal/models/Configuration.go

@@ -20,6 +20,7 @@ type Configuration struct {
 	MaxFileSizeMB       int                  `json:"MaxFileSizeMB"`
 	Encryption          Encryption           `json:"Encryption"`
 	PicturesAlwaysLocal bool                 `json:"PicturesAlwaysLocal"`
+	SaveIp              bool                 `json:"SaveIp"`
 }
 
 // Encryption hold information about the encryption used on this file

internal/models/Configuration_test.go

@@ -48,4 +48,4 @@ func TestConfiguration_ToString(t *testing.T) {
 	test.IsEqualString(t, testConfig.ToString(), exptectedUnidentedOutput)
 }
 
-const exptectedUnidentedOutput = `{"Authentication":{"Method":0,"SaltAdmin":"saltadmin","SaltFiles":"saltfiles","Username":"admin","Password":"adminpwhashed","HeaderKey":"","OauthProvider":"","OAuthClientId":"","OAuthClientSecret":"","HeaderUsers":null,"OauthUsers":null},"Port":":12345","ServerUrl":"https://testserver.com/","RedirectUrl":"https://test.com","PublicName":"public-name","ConfigVersion":14,"LengthId":5,"DataDir":"test","MaxMemory":50,"UseSsl":true,"MaxFileSizeMB":20,"Encryption":{"Level":1,"Cipher":"AA==","Salt":"encsalt","Checksum":"encsum","ChecksumSalt":"encsumsalt"},"PicturesAlwaysLocal":true}`
+const exptectedUnidentedOutput = `{"Authentication":{"Method":0,"SaltAdmin":"saltadmin","SaltFiles":"saltfiles","Username":"admin","Password":"adminpwhashed","HeaderKey":"","OauthProvider":"","OAuthClientId":"","OAuthClientSecret":"","HeaderUsers":null,"OauthUsers":null},"Port":":12345","ServerUrl":"https://testserver.com/","RedirectUrl":"https://test.com","PublicName":"public-name","ConfigVersion":14,"LengthId":5,"DataDir":"test","MaxMemory":50,"UseSsl":true,"MaxFileSizeMB":20,"Encryption":{"Level":1,"Cipher":"AA==","Salt":"encsalt","Checksum":"encsum","ChecksumSalt":"encsumsalt"},"PicturesAlwaysLocal":true,"SaveIp":false}`

internal/storage/FileServing.go

@@ -523,7 +523,7 @@ func ServeFile(file models.File, w http.ResponseWriter, r *http.Request, forceDo
 	file.DownloadsRemaining = file.DownloadsRemaining - 1
 	file.DownloadCount = file.DownloadCount + 1
 	database.SaveMetaData(file)
-	logging.AddDownload(&file, r)
+	logging.AddDownload(&file, r, configuration.Get().SaveIp)
 
 	if !file.IsLocalStorage() {
 		// We are not setting a download complete status as there is no reliable way to