From 4fcf6c1863d40411a7af661434532b363b9b8a2c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Juan=20Pablo=20Villaf=C3=A1=C3=B1ez?=
 <jvillafanez@solidgeargroup.com>
Date: Wed, 18 Sep 2024 13:19:16 +0200
Subject: [PATCH 1/2] fix: include additional logging in the wopicontext
 middleware

---
 .../pkg/middleware/wopicontext.go             | 31 ++++++++++++-------
 1 file changed, 20 insertions(+), 11 deletions(-)

diff --git a/services/collaboration/pkg/middleware/wopicontext.go b/services/collaboration/pkg/middleware/wopicontext.go
index c69308a4c1..077169ab28 100644
--- a/services/collaboration/pkg/middleware/wopicontext.go
+++ b/services/collaboration/pkg/middleware/wopicontext.go
@@ -45,8 +45,23 @@ type WopiContext struct {
 // and the WopiContext
 func WopiContextAuthMiddleware(cfg *config.Config, next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		ctx := r.Context()
+
+		// include additional info in the context's logger
+		// we might need to check https://learn.microsoft.com/en-us/microsoft-365/cloud-storage-partner-program/rest/common-headers
+		// although some headers might not be sent depending on the client.
+		logger := zerolog.Ctx(ctx)
+		wopiLogger := logger.With().
+			Str("WopiSessionId", r.Header.Get("X-WOPI-SessionId")).
+			Str("WopiOverride", r.Header.Get("X-WOPI-Override")).
+			Str("WopiProof", r.Header.Get("X-WOPI-Proof")).
+			Str("WopiProofOld", r.Header.Get("X-WOPI-ProofOld")).
+			Str("WopiStamp", r.Header.Get("X-WOPI-TimeStamp")).
+			Logger()
+
 		accessToken := r.URL.Query().Get("access_token")
 		if accessToken == "" {
+			wopiLogger.Error().Msg("missing access token")
 			http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
 			return
 		}
@@ -62,14 +77,14 @@ func WopiContextAuthMiddleware(cfg *config.Config, next http.Handler) http.Handl
 		})
 
 		if err != nil {
+			wopiLogger.Error().Err(err).Msg("failed to parse jwt token")
 			http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
 			return
 		}
 
-		ctx := r.Context()
-
 		wopiContextAccessToken, err := DecryptAES([]byte(cfg.Wopi.Secret), claims.WopiContext.AccessToken)
 		if err != nil {
+			wopiLogger.Error().Err(err).Msg("failed to decrypt reva access token")
 			http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
 			return
 		}
@@ -78,11 +93,13 @@ func WopiContextAuthMiddleware(cfg *config.Config, next http.Handler) http.Handl
 			"expires": int64(24 * 60 * 60),
 		})
 		if err != nil {
+			wopiLogger.Error().Err(err).Msg("failed to get a reva token manager")
 			http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
 			return
 		}
 		user, _, err := tokenManager.DismantleToken(ctx, wopiContextAccessToken)
 		if err != nil {
+			wopiLogger.Error().Err(err).Msg("failed to dismantle reva token manager")
 			http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
 			return
 		}
@@ -94,15 +111,7 @@ func WopiContextAuthMiddleware(cfg *config.Config, next http.Handler) http.Handl
 		ctx = ctxpkg.ContextSetUser(ctx, user)
 
 		// include additional info in the context's logger
-		// we might need to check https://learn.microsoft.com/en-us/microsoft-365/cloud-storage-partner-program/rest/common-headers
-		// although some headers might not be sent depending on the client.
-		logger := zerolog.Ctx(ctx)
-		wopiLogger := logger.With().
-			Str("WopiSessionId", r.Header.Get("X-WOPI-SessionId")).
-			Str("WopiOverride", r.Header.Get("X-WOPI-Override")).
-			Str("WopiProof", r.Header.Get("X-WOPI-Proof")).
-			Str("WopiProofOld", r.Header.Get("X-WOPI-ProofOld")).
-			Str("WopiStamp", r.Header.Get("X-WOPI-TimeStamp")).
+		wopiLogger = wopiLogger.With().
 			Str("FileReference", claims.WopiContext.FileReference.String()).
 			Str("ViewMode", claims.WopiContext.ViewMode.String()).
 			Str("Requester", user.GetId().String()).

From 276e8569f893bfe526a80e6929bbb4ad5465abe3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Juan=20Pablo=20Villaf=C3=A1=C3=B1ez?=
 <jvillafanez@solidgeargroup.com>
Date: Wed, 18 Sep 2024 14:17:25 +0200
Subject: [PATCH 2/2] chore: add changelog entry

---
 changelog/unreleased/collaboration-wopi-logs.md | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 changelog/unreleased/collaboration-wopi-logs.md

diff --git a/changelog/unreleased/collaboration-wopi-logs.md b/changelog/unreleased/collaboration-wopi-logs.md
new file mode 100644
index 0000000000..acd677bede
--- /dev/null
+++ b/changelog/unreleased/collaboration-wopi-logs.md
@@ -0,0 +1,5 @@
+Bugfix: Include additional logs in the collaboration service
+
+More logs have been added in the middlware of the collaboration service to debug 401 error codes. Any error that happens in that middleware should have its corresponding log entry
+
+https://github.com/owncloud/ocis/pull/10101