package main import ( "encoding/json" "io" "net/http" "net/url" "os" "path" "strings" "sync" "time" "github.com/pkg/errors" "github.com/Luzifer/go_helpers/str" ) type auditEvent string const ( auditEventAccessDenied = "access_denied" auditEventLoginFailure = "login_failure" auditEventLoginSuccess auditEvent = "login_success" auditEventLogout = "logout" auditEventValidate = "validate" ) type auditLogger struct { Targets []string `yaml:"targets"` Events []string `yaml:"events"` Headers []string `yaml:"headers"` TrustedIPHeaders []string `yaml:"trusted_ip_headers"` lock sync.Mutex } func (a *auditLogger) Log(event auditEvent, r *http.Request, extraFields map[string]string) error { if len(a.Targets) == 0 { return nil } if !str.StringInSlice(string(event), a.Events) { return nil } // Ensure order of logs, prevent file operation collisions a.lock.Lock() defer a.lock.Unlock() // Compile log event evt := map[string]interface{}{} evt["timestamp"] = time.Now().Format(time.RFC3339) evt["event_type"] = event evt["remote_addr"] = a.findIP(r) for k, v := range extraFields { evt[k] = v } headers := map[string]string{} for _, k := range a.Headers { if v := r.Header.Get(k); v != "" { headers[k] = v } } evt["headers"] = headers // Submit event to all specified targets for _, target := range a.Targets { if err := a.submitLog(target, evt); err != nil { return errors.Wrapf(err, "Could not submit log to target %q", target) } } return nil } func (a *auditLogger) findIP(r *http.Request) string { remoteAddr := strings.SplitN(r.RemoteAddr, ":", 2)[0] for _, hdr := range a.TrustedIPHeaders { if value := r.Header.Get(hdr); value != "" { return strings.SplitN(value, ",", 2)[0] } } return remoteAddr } func (a *auditLogger) submitLog(target string, event map[string]interface{}) error { u, err := url.Parse(target) if err != nil { return errors.Wrap(err, "Unable to parse target") } switch u.Scheme { case "fd": return a.submitLogFileDescriptor(u.Host, event) case "file": return a.submitLogFile(u.Path, event) default: return errors.Errorf("Unsupported target scheme %q", u.Scheme) } } func (a *auditLogger) submitLogFile(filename string, event map[string]interface{}) error { if err := os.MkdirAll(path.Dir(filename), 0600); err != nil { return errors.Wrap(err, "Unable to create required paths") } f, err := os.OpenFile(filename, os.O_APPEND|os.O_WRONLY|os.O_CREATE, 0600) if err != nil { return errors.Wrap(err, "Unable to open audit file") } defer f.Close() return json.NewEncoder(f).Encode(event) } func (a *auditLogger) submitLogFileDescriptor(descriptor string, event map[string]interface{}) error { var w io.Writer switch descriptor { case "stdout": w = os.Stdout case "stderr": w = os.Stderr default: return errors.Errorf("Unsupported file descriptor %q", descriptor) } return errors.Wrap(json.NewEncoder(w).Encode(event), "Unable to marshal event") }