From dc47bf0861fccdb48360e34d7c4883ac0e969cf8 Mon Sep 17 00:00:00 2001
From: Knut Ahlers <knut@ahlers.me>
Date: Thu, 23 Nov 2023 10:36:36 +0100
Subject: [PATCH] [#154] Add debug logging for rejected attachment types &
 strip meta-info from mime-type (#155)

---
 cmd/ots-cli/cmd_root.go |  3 +++
 cmd/ots-cli/main.go     |  4 +++-
 pkg/client/client.go    | 11 +++++++++++
 pkg/client/sanity.go    |  4 +++-
 4 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/cmd/ots-cli/cmd_root.go b/cmd/ots-cli/cmd_root.go
index 48928f8..43316a3 100644
--- a/cmd/ots-cli/cmd_root.go
+++ b/cmd/ots-cli/cmd_root.go
@@ -3,6 +3,7 @@ package main
 import (
 	"fmt"
 
+	"github.com/Luzifer/ots/pkg/client"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 )
@@ -28,5 +29,7 @@ func rootPersistentPreRunE(cmd *cobra.Command, _ []string) error {
 	}
 	logrus.SetLevel(ll)
 
+	client.Logger = logrus.NewEntry(logrus.StandardLogger())
+
 	return nil
 }
diff --git a/cmd/ots-cli/main.go b/cmd/ots-cli/main.go
index 2e7006e..068527e 100644
--- a/cmd/ots-cli/main.go
+++ b/cmd/ots-cli/main.go
@@ -1,6 +1,8 @@
 package main
 
-import "os"
+import (
+	"os"
+)
 
 func main() {
 	if err := rootCmd.Execute(); err != nil {
diff --git a/pkg/client/client.go b/pkg/client/client.go
index 1a59e46..decc283 100644
--- a/pkg/client/client.go
+++ b/pkg/client/client.go
@@ -17,6 +17,7 @@ import (
 	"time"
 
 	"github.com/Luzifer/go-openssl/v4"
+	"github.com/sirupsen/logrus"
 )
 
 type (
@@ -41,6 +42,10 @@ var HTTPClient HTTPClientIntf = http.DefaultClient
 // source code.
 var KeyDerivationFunc = openssl.NewPBKDF2Generator(sha512.New, 300000) //nolint:gomnd // that's the definition
 
+// Logger can be set to enable logging from the library. By default
+// all log-messages will be discarded.
+var Logger *logrus.Entry
+
 // PasswordLength defines the length of the generated encryption password
 var PasswordLength = 20
 
@@ -54,6 +59,12 @@ var RequestTimeout = 5 * time.Second
 // provide an URL to useful information about your tool.
 var UserAgent = "ots-client/1.x +https://github.com/Luzifer/ots"
 
+func init() {
+	l := logrus.New()
+	l.SetOutput(io.Discard)
+	Logger = logrus.NewEntry(l)
+}
+
 // Create serializes the secret and creates a new secret on the
 // instance given by its URL.
 //
diff --git a/pkg/client/sanity.go b/pkg/client/sanity.go
index 6c7ad68..0cfa717 100644
--- a/pkg/client/sanity.go
+++ b/pkg/client/sanity.go
@@ -72,11 +72,12 @@ func SanityCheck(instanceURL string, secret Secret) error {
 }
 
 func attachmentAllowed(file SecretAttachment, allowed []string) bool {
+	mimeType, _, _ := strings.Cut(file.Type, ";")
 	for _, a := range allowed {
 		switch {
 		case mimeRegex.MatchString(a):
 			// That's a mime type
-			if glob.Glob(a, file.Type) {
+			if glob.Glob(a, mimeType) {
 				// The mime "glob" matches the file type
 				return true
 			}
@@ -90,6 +91,7 @@ func attachmentAllowed(file SecretAttachment, allowed []string) bool {
 		}
 	}
 
+	Logger.WithField("content-type", mimeType).Debug("attachment type not allowed")
 	return false
 }