From b2255bb3d5ca255d22ab0b1bfa2614aca3a51be7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn=20Friedrich=20Dreyer?= Date: Wed, 26 Jun 2024 18:22:25 +0200 Subject: [PATCH] Log user agent and remote addr on auth errors MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jörn Friedrich Dreyer --- changelog/unreleased/log-useragent-and-remoteaddr.md | 5 +++++ services/proxy/pkg/middleware/oidc_auth.go | 6 ++++++ 2 files changed, 11 insertions(+) create mode 100644 changelog/unreleased/log-useragent-and-remoteaddr.md diff --git a/changelog/unreleased/log-useragent-and-remoteaddr.md b/changelog/unreleased/log-useragent-and-remoteaddr.md new file mode 100644 index 0000000000..7172854f5a --- /dev/null +++ b/changelog/unreleased/log-useragent-and-remoteaddr.md @@ -0,0 +1,5 @@ +Enhancement: Log user agent and remote addr on auth errors + +The proxy will now log `user_agent`, `client.address`, `network.peer.address` and `network.peer.port` to help operations debug authentication errors. The latter three follow the [Semantic Conventions 1.26.0 / General / Attributes](https://opentelemetry.io/docs/specs/semconv/general/attributes/) naming to better integrate with log aggregation tools. + +https://github.com/owncloud/ocis/pull/9475 diff --git a/services/proxy/pkg/middleware/oidc_auth.go b/services/proxy/pkg/middleware/oidc_auth.go index fd3f466a31..fea68dc5f1 100644 --- a/services/proxy/pkg/middleware/oidc_auth.go +++ b/services/proxy/pkg/middleware/oidc_auth.go @@ -3,6 +3,7 @@ package middleware import ( "context" "encoding/base64" + "net" "net/http" "strings" "time" @@ -181,10 +182,15 @@ func (m *OIDCAuthenticator) Authenticate(r *http.Request) (*http.Request, bool) claims, err := m.getClaims(token, r) if err != nil { + host, port, _ := net.SplitHostPort(r.RemoteAddr) m.Logger.Error(). Err(err). Str("authenticator", "oidc"). Str("path", r.URL.Path). + Str("user_agent", r.UserAgent()). + Str("client.address", r.Header.Get("X-Forwarded-For")). + Str("network.peer.address", host). + Str("network.peer.port", port). Msg("failed to authenticate the request") return nil, false }