Log API errors in server log

and hide error details from client in order not to expose secrets

Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
Knut Ahlers 2023-06-14 15:20:14 +02:00
parent f0fd162b4e
commit 777aad5483
No known key found for this signature in database
GPG Key ID: D91C3E91E4CAD6F5
5 changed files with 23 additions and 13 deletions

24
api.go
View File

@ -2,11 +2,14 @@ package main
import (
"encoding/json"
"errors"
"net/http"
"strings"
"time"
"github.com/gofrs/uuid"
"github.com/gorilla/mux"
"github.com/sirupsen/logrus"
)
type apiServer struct {
@ -41,7 +44,7 @@ func (a apiServer) handleCreate(res http.ResponseWriter, r *http.Request) {
if strings.HasPrefix(r.Header.Get("Content-Type"), "application/json") {
tmp := apiRequest{}
if err := json.NewDecoder(r.Body).Decode(&tmp); err != nil {
a.errorResponse(res, http.StatusBadRequest, err.Error())
a.errorResponse(res, http.StatusBadRequest, err, "decoding request body")
return
}
secret = tmp.Secret
@ -50,13 +53,13 @@ func (a apiServer) handleCreate(res http.ResponseWriter, r *http.Request) {
}
if secret == "" {
a.errorResponse(res, http.StatusBadRequest, "Secret missing")
a.errorResponse(res, http.StatusBadRequest, errors.New("secret missing"), "")
return
}
id, err := a.store.Create(secret, time.Duration(cfg.SecretExpiry)*time.Second)
if err != nil {
a.errorResponse(res, http.StatusInternalServerError, err.Error())
a.errorResponse(res, http.StatusInternalServerError, err, "creating secret")
return
}
@ -70,7 +73,7 @@ func (a apiServer) handleRead(res http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r)
id := vars["id"]
if id == "" {
a.errorResponse(res, http.StatusBadRequest, "ID missing")
a.errorResponse(res, http.StatusBadRequest, errors.New("id missing"), "")
return
}
@ -80,7 +83,7 @@ func (a apiServer) handleRead(res http.ResponseWriter, r *http.Request) {
if err == errSecretNotFound {
status = http.StatusNotFound
}
a.errorResponse(res, status, err.Error())
a.errorResponse(res, status, err, "reading & destroying secret")
return
}
@ -90,9 +93,16 @@ func (a apiServer) handleRead(res http.ResponseWriter, r *http.Request) {
})
}
func (a apiServer) errorResponse(res http.ResponseWriter, status int, msg string) {
func (a apiServer) errorResponse(res http.ResponseWriter, status int, err error, desc string) {
errID := uuid.Must(uuid.NewV4()).String()
if desc != "" {
// No description: Nothing interesting for the server log
logrus.WithField("err_id", errID).WithError(err).Error(desc)
}
a.jsonResponse(res, status, apiResponse{
Error: msg,
Error: errID,
})
}

4
go.mod
View File

@ -5,11 +5,12 @@ go 1.20
require (
github.com/Luzifer/go_helpers/v2 v2.18.0
github.com/Luzifer/rconfig/v2 v2.4.0
github.com/gofrs/uuid/v3 v3.1.2
github.com/gofrs/uuid v4.4.0+incompatible
github.com/gorilla/mux v1.8.0
github.com/pkg/errors v0.9.1
github.com/redis/go-redis/v9 v9.0.5
github.com/sirupsen/logrus v1.9.3
gopkg.in/yaml.v2 v2.4.0
)
require (
@ -18,5 +19,4 @@ require (
github.com/spf13/pflag v1.0.5 // indirect
golang.org/x/sys v0.8.0 // indirect
gopkg.in/validator.v2 v2.0.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
)

4
go.sum
View File

@ -12,8 +12,8 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
github.com/gofrs/uuid/v3 v3.1.2 h1:V3IBv1oU82x6YIr5txe3azVHgmOKYdyKQTowm9moBlY=
github.com/gofrs/uuid/v3 v3.1.2/go.mod h1:xPwMqoocQ1L5G6pXX5BcE7N5jlzn2o19oqAKxwZW/kI=
github.com/gofrs/uuid v4.4.0+incompatible h1:3qXRTX8/NbyulANqlc0lchS1gqAVxRgsuW1YrTJupqA=
github.com/gofrs/uuid v4.4.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=

View File

@ -3,7 +3,7 @@ package main
import (
"time"
"github.com/gofrs/uuid/v3"
"github.com/gofrs/uuid"
)
type memStorageSecret struct {

View File

@ -7,7 +7,7 @@ import (
"strings"
"time"
"github.com/gofrs/uuid/v3"
"github.com/gofrs/uuid"
"github.com/pkg/errors"
redis "github.com/redis/go-redis/v9"
)