proxy: only use logrus

2020-09-30 12:03:18 +02:00 · 2020-09-30 12:03:18 +02:00 · 68e9b7e140
parent b42bca4e3e
commit 68e9b7e140
4 changed files with 35 additions and 85 deletions
--- a/proxy/pkg/proxy/oauthproxy.go
+++ b/proxy/pkg/proxy/oauthproxy.go
@ -24,7 +24,6 @@ import (
 	"github.com/oauth2-proxy/oauth2-proxy/pkg/cookies"
 	"github.com/oauth2-proxy/oauth2-proxy/pkg/encryption"
 	"github.com/oauth2-proxy/oauth2-proxy/pkg/ip"
-	"github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
 	"github.com/oauth2-proxy/oauth2-proxy/pkg/middleware"
 	"github.com/oauth2-proxy/oauth2-proxy/pkg/sessions"
 	"github.com/oauth2-proxy/oauth2-proxy/pkg/upstream"
@ -117,7 +116,7 @@ func NewOAuthProxy(opts *options.Options) (*OAuthProxy, error) {
 		return nil, fmt.Errorf("error initialising session store: %v", err)
 	}

-	templates := loadTemplates(opts.CustomTemplatesDir)
+	templates := getTemplates()
 	proxyErrorHandler := upstream.NewProxyErrorHandler(templates.Lookup("error.html"), opts.ProxyPrefix)
 	upstreamProxy, err := upstream.NewProxy(opts.UpstreamServers, opts.GetSignatureData(), proxyErrorHandler)
 	if err != nil {
@ -336,7 +335,7 @@ func (p *OAuthProxy) makeCookie(req *http.Request, name string, value string, ex
 			domain = h
 		}
 		if !strings.HasSuffix(domain, cookieDomain) {
-			logger.Errorf("Warning: request host is %q but using configured cookie domain of %q", domain, cookieDomain)
+			p.logger.Errorf("Warning: request host is %q but using configured cookie domain of %q", domain, cookieDomain)
 		}
 	}

@ -383,7 +382,7 @@ func (p *OAuthProxy) SaveSession(rw http.ResponseWriter, req *http.Request, s *s
 func (p *OAuthProxy) RobotsTxt(rw http.ResponseWriter) {
 	_, err := fmt.Fprintf(rw, "User-agent: *\nDisallow: /")
 	if err != nil {
-		logger.Printf("Error writing robots.txt: %v", err)
+		p.logger.Printf("Error writing robots.txt: %v", err)
 		p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", err.Error())
 		return
 	}
@ -404,7 +403,7 @@ func (p *OAuthProxy) ErrorPage(rw http.ResponseWriter, code int, title string, m
 	}
 	err := p.templates.ExecuteTemplate(rw, "error.html", t)
 	if err != nil {
-		logger.Printf("Error rendering error.html template: %v", err)
+		p.logger.Printf("Error rendering error.html template: %v", err)
 		http.Error(rw, "Internal Server Error", http.StatusInternalServerError)
 	}
 }
@ -414,7 +413,7 @@ func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
 	prepareNoCache(rw)
 	err := p.ClearSessionCookie(rw, req)
 	if err != nil {
-		logger.Printf("Error clearing session cookie: %v", err)
+		p.logger.Printf("Error clearing session cookie: %v", err)
 		p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", err.Error())
 		return
 	}
@ -422,7 +421,7 @@ func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code

 	redirectURL, err := p.GetRedirect(req)
 	if err != nil {
-		logger.Errorf("Error obtaining redirect: %v", err)
+		p.logger.Errorf("Error obtaining redirect: %v", err)
 		p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", err.Error())
 		return
 	}
@ -455,7 +454,7 @@ func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
 	}
 	err = p.templates.ExecuteTemplate(rw, "sign_in.html", t)
 	if err != nil {
-		logger.Printf("Error rendering sign_in.html template: %v", err)
+		p.logger.Printf("Error rendering sign_in.html template: %v", err)
 		p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", err.Error())
 	}
 }
@ -472,10 +471,10 @@ func (p *OAuthProxy) ManualSignIn(req *http.Request) (string, bool) {
 	}
 	// check auth
 	if p.basicAuthValidator.Validate(user, passwd) {
-		logger.PrintAuthf(user, req, logger.AuthSuccess, "Authenticated via HtpasswdFile")
+		p.logger.WithField("user", user).WithField("status", "AuthSuccess").Info("Authenticated via HtpasswdFile")
 		return user, true
 	}
-	logger.PrintAuthf(user, req, logger.AuthFailure, "Invalid authentication via HtpasswdFile")
+	p.logger.WithField("user", user).WithField("status", "AuthFailure").Info("Invalid authentication via HtpasswdFile")
 	return "", false
 }

@ -550,7 +549,7 @@ func (p *OAuthProxy) IsValidRedirect(redirect string) bool {
 	case strings.HasPrefix(redirect, "http://") || strings.HasPrefix(redirect, "https://"):
 		redirectURL, err := url.Parse(redirect)
 		if err != nil {
-			logger.Printf("Rejecting invalid redirect %q: scheme unsupported or missing", redirect)
+			p.logger.Printf("Rejecting invalid redirect %q: scheme unsupported or missing", redirect)
 			return false
 		}
 		redirectHostname := redirectURL.Hostname()
@ -575,10 +574,10 @@ func (p *OAuthProxy) IsValidRedirect(redirect string) bool {
 			}
 		}

-		logger.Printf("Rejecting invalid redirect %q: domain / port not in whitelist", redirect)
+		p.logger.Printf("Rejecting invalid redirect %q: domain / port not in whitelist", redirect)
 		return false
 	default:
-		logger.Printf("Rejecting invalid redirect %q: not an absolute or relative URL", redirect)
+		p.logger.Printf("Rejecting invalid redirect %q: not an absolute or relative URL", redirect)
 		return false
 	}
 }
@ -622,7 +621,7 @@ func (p *OAuthProxy) IsTrustedIP(req *http.Request) bool {

 	remoteAddr, err := ip.GetClientIP(p.realClientIPParser, req)
 	if err != nil {
-		logger.Errorf("Error obtaining real IP for trusted IP list: %v", err)
+		p.logger.Errorf("Error obtaining real IP for trusted IP list: %v", err)
 		// Possibly spoofed X-Real-IP header
 		return false
 	}
@ -665,7 +664,7 @@ func (p *OAuthProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 func (p *OAuthProxy) SignIn(rw http.ResponseWriter, req *http.Request) {
 	redirect, err := p.GetRedirect(req)
 	if err != nil {
-		logger.Errorf("Error obtaining redirect: %v", err)
+		p.logger.Errorf("Error obtaining redirect: %v", err)
 		p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", err.Error())
 		return
 	}
@ -675,7 +674,7 @@ func (p *OAuthProxy) SignIn(rw http.ResponseWriter, req *http.Request) {
 		session := &sessionsapi.SessionState{User: user}
 		err = p.SaveSession(rw, req, session)
 		if err != nil {
-			logger.Printf("Error saving session: %v", err)
+			p.logger.Printf("Error saving session: %v", err)
 			p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", err.Error())
 			return
 		}
@ -708,7 +707,7 @@ func (p *OAuthProxy) UserInfo(rw http.ResponseWriter, req *http.Request) {
 	rw.WriteHeader(http.StatusOK)
 	err = json.NewEncoder(rw).Encode(userInfo)
 	if err != nil {
-		logger.Printf("Error encoding user info: %v", err)
+		p.logger.Printf("Error encoding user info: %v", err)
 		p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", err.Error())
 	}
 }
@ -717,13 +716,13 @@ func (p *OAuthProxy) UserInfo(rw http.ResponseWriter, req *http.Request) {
 func (p *OAuthProxy) SignOut(rw http.ResponseWriter, req *http.Request) {
 	redirect, err := p.GetRedirect(req)
 	if err != nil {
-		logger.Errorf("Error obtaining redirect: %v", err)
+		p.logger.Errorf("Error obtaining redirect: %v", err)
 		p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", err.Error())
 		return
 	}
 	err = p.ClearSessionCookie(rw, req)
 	if err != nil {
-		logger.Errorf("Error clearing session cookie: %v", err)
+		p.logger.Errorf("Error clearing session cookie: %v", err)
 		p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", err.Error())
 		return
 	}
@ -735,14 +734,14 @@ func (p *OAuthProxy) OAuthStart(rw http.ResponseWriter, req *http.Request) {
 	prepareNoCache(rw)
 	nonce, err := encryption.Nonce()
 	if err != nil {
-		logger.Errorf("Error obtaining nonce: %v", err)
+		p.logger.Errorf("Error obtaining nonce: %v", err)
 		p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", err.Error())
 		return
 	}
 	p.SetCSRFCookie(rw, req, nonce)
 	redirect, err := p.GetRedirect(req)
 	if err != nil {
-		logger.Errorf("Error obtaining redirect: %v", err)
+		p.logger.Errorf("Error obtaining redirect: %v", err)
 		p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", err.Error())
 		return
 	}
@ -758,27 +757,27 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) {
 	// finish the oauth cycle
 	err := req.ParseForm()
 	if err != nil {
-		logger.Errorf("Error while parsing OAuth2 callback: %v", err)
+		p.logger.Errorf("Error while parsing OAuth2 callback: %v", err)
 		p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", err.Error())
 		return
 	}
 	errorString := req.Form.Get("error")
 	if errorString != "" {
-		logger.Errorf("Error while parsing OAuth2 callback: %s", errorString)
+		p.logger.Errorf("Error while parsing OAuth2 callback: %s", errorString)
 		p.ErrorPage(rw, http.StatusForbidden, "Permission Denied", errorString)
 		return
 	}

 	session, err := p.redeemCode(req.Context(), req.Host, req.Form.Get("code"))
 	if err != nil {
-		logger.Errorf("Error redeeming code during OAuth2 callback: %v", err)
+		p.logger.Errorf("Error redeeming code during OAuth2 callback: %v", err)
 		p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", "Internal Error")
 		return
 	}

 	s := strings.SplitN(req.Form.Get("state"), ":", 2)
 	if len(s) != 2 {
-		logger.Error("Error while parsing OAuth2 state: invalid length")
+		p.logger.Error("Error while parsing OAuth2 state: invalid length")
 		p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", "Invalid State")
 		return
 	}
@ -786,13 +785,13 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) {
 	redirect := s[1]
 	c, err := req.Cookie(p.CSRFCookieName)
 	if err != nil {
-		logger.PrintAuthf(session.Email, req, logger.AuthFailure, "Invalid authentication via OAuth2: unable to obtain CSRF cookie")
+		p.logger.WithField("user", session.Email).WithField("status", "AuthFailure").Info("Invalid authentication via OAuth2: unable to obtain CSRF cookie")
 		p.ErrorPage(rw, http.StatusForbidden, "Permission Denied", err.Error())
 		return
 	}
 	p.ClearCSRFCookie(rw, req)
 	if c.Value != nonce {
-		logger.PrintAuthf(session.Email, req, logger.AuthFailure, "Invalid authentication via OAuth2: CSRF token mismatch, potential attack")
+		p.logger.WithField("user", session.Email).WithField("status", "AuthFailure").Info("Invalid authentication via OAuth2: CSRF token mismatch, potential attack")
 		p.ErrorPage(rw, http.StatusForbidden, "Permission Denied", "CSRF Failed")
 		return
 	}
@ -803,16 +802,16 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) {

 	// set cookie, or deny
 	if p.provider.ValidateGroup(session.Email) {
-		logger.PrintAuthf(session.Email, req, logger.AuthSuccess, "Authenticated via OAuth2: %s", session)
+		p.logger.WithField("user", session.Email).WithField("status", "AuthFailure").Infof("Authenticated via OAuth2: %s", session)
 		err := p.SaveSession(rw, req, session)
 		if err != nil {
-			logger.Printf("Error saving session state for %s: %v", remoteAddr, err)
+			p.logger.Printf("Error saving session state for %s: %v", remoteAddr, err)
 			p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", err.Error())
 			return
 		}
 		http.Redirect(rw, req, redirect, http.StatusFound)
 	} else {
-		logger.PrintAuthf(session.Email, req, logger.AuthFailure, "Invalid authentication via OAuth2: unauthorized")
+		p.logger.WithField("user", session.Email).WithField("status", "AuthFailure").Info("Invalid authentication via OAuth2: unauthorized")
 		p.ErrorPage(rw, http.StatusForbidden, "Permission Denied", "Invalid Account")
 	}
 }
@ -864,7 +863,7 @@ func (p *OAuthProxy) Proxy(rw http.ResponseWriter, req *http.Request) {

 	default:
 		// unknown error
-		logger.Errorf("Unexpected internal error: %v", err)
+		p.logger.Errorf("Unexpected internal error: %v", err)
 		p.ErrorPage(rw, http.StatusInternalServerError,
 			"Internal Error", "Internal Error")
 	}
--- a/proxy/pkg/proxy/templates.go
+++ b/proxy/pkg/proxy/templates.go
@ -2,28 +2,10 @@ package proxy

 import (
 	"html/template"
-	"path"
-	"strings"

-	"github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
+	log "github.com/sirupsen/logrus"
 )

-func loadTemplates(dir string) *template.Template {
-	if dir == "" {
-		return getTemplates()
-	}
-	logger.Printf("using custom template directory %q", dir)
-	funcMap := template.FuncMap{
-		"ToUpper": strings.ToUpper,
-		"ToLower": strings.ToLower,
-	}
-	t, err := template.New("").Funcs(funcMap).ParseFiles(path.Join(dir, "sign_in.html"), path.Join(dir, "error.html"))
-	if err != nil {
-		logger.Fatalf("failed parsing template %s", err)
-	}
-	return t
-}
-
 func getTemplates() *template.Template {
 	t, err := template.New("foo").Parse(`{{define "sign_in.html"}}
 <!DOCTYPE html>
@ -163,7 +145,7 @@ func getTemplates() *template.Template {
 </html>
 {{end}}`)
 	if err != nil {
-		logger.Fatalf("failed parsing template %s", err)
+		log.Fatalf("failed parsing template %s", err)
 	}

 	t, err = t.Parse(`{{define "error.html"}}
@ -181,7 +163,7 @@ func getTemplates() *template.Template {
 </body>
 </html>{{end}}`)
 	if err != nil {
-		logger.Fatalf("failed parsing template %s", err)
+		log.Fatalf("failed parsing template %s", err)
 	}
 	return t
 }
--- a/proxy/pkg/proxy/templates_test.go
+++ b/proxy/pkg/proxy/templates_test.go
@ -2,10 +2,6 @@ package proxy

 import (
 	"bytes"
-	"io/ioutil"
-	"log"
-	"os"
-	"path/filepath"
 	"testing"

 	"github.com/stretchr/testify/assert"
@ -18,7 +14,7 @@ func TestLoadTemplates(t *testing.T) {
 		TestString: "Testing",
 	}

-	templates := loadTemplates("")
+	templates := getTemplates()
 	assert.NotEqual(t, templates, nil)

 	var defaultSignin bytes.Buffer
@ -28,32 +24,6 @@ func TestLoadTemplates(t *testing.T) {
 	var defaultError bytes.Buffer
 	templates.ExecuteTemplate(&defaultError, "error.html", data)
 	assert.Equal(t, "\n<!DOCTYPE html>", defaultError.String()[0:16])
-
-	dir, err := ioutil.TempDir("", "templatetest")
-	if err != nil {
-		log.Fatal(err)
-	}
-	defer os.RemoveAll(dir)
-
-	templateHTML := `{{.TestString}} {{.TestString | ToLower}} {{.TestString | ToUpper}}`
-	signInFile := filepath.Join(dir, "sign_in.html")
-	if err := ioutil.WriteFile(signInFile, []byte(templateHTML), 0666); err != nil {
-		log.Fatal(err)
-	}
-	errorFile := filepath.Join(dir, "error.html")
-	if err := ioutil.WriteFile(errorFile, []byte(templateHTML), 0666); err != nil {
-		log.Fatal(err)
-	}
-	templates = loadTemplates(dir)
-	assert.NotEqual(t, templates, nil)
-
-	var sitpl bytes.Buffer
-	templates.ExecuteTemplate(&sitpl, "sign_in.html", data)
-	assert.Equal(t, "Testing testing TESTING", sitpl.String())
-
-	var errtpl bytes.Buffer
-	templates.ExecuteTemplate(&errtpl, "error.html", data)
-	assert.Equal(t, "Testing testing TESTING", errtpl.String())
 }

 func TestTemplatesCompile(t *testing.T) {
--- a/proxy/pkg/server/middleware.go
+++ b/proxy/pkg/server/middleware.go
@ -8,7 +8,6 @@ import (
 	"net/http"
 	"time"

-	"github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
 	log "github.com/sirupsen/logrus"
 )

@ -114,7 +113,7 @@ func (h loggingHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 		"RequestMethod":   req.Method,
 		"ResponseSize":    responseLogger.Size(),
 		"StatusCode":      responseLogger.Status(),
-		"Timestamp":       logger.FormatTimestamp(t),
+		"Timestamp":       t,
 		"Upstream":        responseLogger.upstream,
 		"UserAgent":       req.UserAgent(),
 		"Username":        responseLogger.authInfo,