diff --git a/internal/apps/oauth/audit.go b/internal/apps/oauth/audit.go new file mode 100644 index 0000000..da7fc33 --- /dev/null +++ b/internal/apps/oauth/audit.go @@ -0,0 +1,50 @@ +/* + * MIT License + * + * Copyright (c) 2025 linux.do + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +package oauth + +import ( + "context" + "encoding/json" + + "github.com/gin-gonic/gin" + "github.com/linux-do/cdk/internal/logger" +) + +func LogForAudit(ctx context.Context, user *User, c *gin.Context) { + auditLog := loginRequiredAuditLog{ + UserID: user.ID, + Username: user.Username, + ClientIP: c.ClientIP(), + Method: c.Request.Method, + Path: c.Request.URL.Path, + RequestURI: c.Request.RequestURI, + UserAgent: c.Request.UserAgent(), + Referer: c.Request.Referer(), + } + auditJSON, err := json.Marshal(auditLog) + if err != nil { + logger.ErrorF(ctx, "[LoginRequiredAudit] marshal failed: %v", err) + logger.InfoF(ctx, "[LoginRequiredAudit] %s %d %s", c.ClientIP(), user.ID, user.Username) + } else { + logger.InfoF(ctx, "[LoginRequiredAudit] %s", auditJSON) + } +} diff --git a/internal/apps/oauth/middlewares.go b/internal/apps/oauth/middlewares.go index fa58518..06fcb6d 100644 --- a/internal/apps/oauth/middlewares.go +++ b/internal/apps/oauth/middlewares.go @@ -25,12 +25,10 @@ package oauth import ( - "encoding/json" "net/http" "github.com/gin-gonic/gin" "github.com/linux-do/cdk/internal/db" - "github.com/linux-do/cdk/internal/logger" "github.com/linux-do/cdk/internal/otel_trace" ) @@ -66,23 +64,8 @@ func LoginRequired() gin.HandlerFunc { return } - auditLog := loginRequiredAuditLog{ - UserID: user.ID, - Username: user.Username, - ClientIP: c.ClientIP(), - Method: c.Request.Method, - Path: c.Request.URL.Path, - RequestURI: c.Request.RequestURI, - UserAgent: c.Request.UserAgent(), - Referer: c.Request.Referer(), - } - auditJSON, err := json.Marshal(auditLog) - if err != nil { - logger.ErrorF(ctx, "[LoginRequiredAudit] marshal failed: %v", err) - logger.InfoF(ctx, "[LoginRequiredAudit] %s %d %s", c.ClientIP(), user.ID, user.Username) - } else { - logger.InfoF(ctx, "[LoginRequiredAudit] %s", auditJSON) - } + // log + LogForAudit(ctx, &user, c) // set user info SetUserToContext(c, &user) diff --git a/internal/apps/oauth/routers.go b/internal/apps/oauth/routers.go index 7e2ab97..1a632ee 100644 --- a/internal/apps/oauth/routers.go +++ b/internal/apps/oauth/routers.go @@ -26,12 +26,13 @@ package oauth import ( "fmt" + "net/http" + "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" "github.com/google/uuid" "github.com/linux-do/cdk/internal/db" "github.com/linux-do/cdk/internal/logger" - "net/http" ) type GetLoginURLResponse struct { @@ -100,9 +101,11 @@ func Callback(c *gin.Context) { c.JSON(http.StatusInternalServerError, CallbackResponse{ErrorMsg: err.Error()}) return } + // log + LogForAudit(c.Request.Context(), user, c) + logger.InfoF(c.Request.Context(), "[OAuthCallback] %d %s", user.ID, user.Username) // response c.JSON(http.StatusOK, CallbackResponse{}) - logger.InfoF(c.Request.Context(), "[OAuthCallback] %d %s", user.ID, user.Username) } type BasicUserInfo struct {