logging: improve action

2025-04-28 17:43:57 +01:00
parent fd9baeeab8
commit 467d19d8c3
7 changed files with 28 additions and 38 deletions
--- a/src/config/Config.cpp
+++ b/src/config/Config.cpp
@@ -38,7 +38,7 @@ CConfig::CConfig() {
    for (const auto& ic : m_config.rules) {
        CConfigRule rule;
        rule.action = strToAction(ic.action);
-        
+
        if (ic.difficulty != -1)
            rule.difficulty = ic.difficulty;

--- a/src/config/Config.hpp
+++ b/src/config/Config.hpp
@@ -39,7 +39,7 @@ class CConfig {
        std::vector<SProxyRule>  proxy_rules;

        struct {
-            bool log_traffic = false;
+            bool        log_traffic = false;
            std::string traffic_log_schema;
            std::string traffic_log_file;
        } logging;
--- a/src/core/Challenge.cpp
+++ b/src/core/Challenge.cpp
@@ -49,17 +49,12 @@ CChallenge::CChallenge(const std::string& jsonResponse) {
 CChallenge::CChallenge(const Pistache::Http::Request& reqResponse) {
    auto& q = reqResponse.query();

-    if (!q.has("solution")
-        || !q.has("fingerprint")
-        || !q.has("challenge")
-        || !q.has("timestamp")
-        || !q.has("sig")
-        || !q.has("difficulty"))
+    if (!q.has("solution") || !q.has("fingerprint") || !q.has("challenge") || !q.has("timestamp") || !q.has("sig") || !q.has("difficulty"))
        return;

-    m_challenge = q.get("challenge").value();
+    m_challenge   = q.get("challenge").value();
    m_fingerprint = q.get("fingerprint").value();
-    m_sig = q.get("sig").value();
+    m_sig         = q.get("sig").value();

    try {
        m_issued = std::chrono::system_clock::time_point(std::chrono::seconds(std::stoull(q.get("timestamp").value())));
--- a/src/core/Handler.cpp
+++ b/src/core/Handler.cpp
@@ -167,14 +167,14 @@ void CServerHandler::onRequest(const Pistache::Http::Request& req, Pistache::Htt
                Debug::log(TRACE, "Request looks like it is coming from git (UA + GP). Accepting.");

                proxyPass(req, response);
-                g_pTrafficLogger->logTraffic(req, IP_ACTION_ALLOW);
+                g_pTrafficLogger->logTraffic(req, "PASS (git)");
                return;
            } else if (userAgentHeader->agent().starts_with("git/")) {
                Debug::log(LOG, " | Action: PASS (git)");
                Debug::log(TRACE, "Request looks like it is coming from git (UA git). Accepting.");

                proxyPass(req, response);
-                g_pTrafficLogger->logTraffic(req, IP_ACTION_ALLOW);
+                g_pTrafficLogger->logTraffic(req, "PASS (git)");
                return;
            }
        }
@@ -190,12 +190,12 @@ void CServerHandler::onRequest(const Pistache::Http::Request& req, Pistache::Htt
                    case IP_ACTION_DENY:
                        Debug::log(LOG, " | Action: DENY (rule)");
                        response.send(Pistache::Http::Code::Forbidden, "Blocked by checkpoint");
-                        g_pTrafficLogger->logTraffic(req, IP_ACTION_DENY);
+                        g_pTrafficLogger->logTraffic(req, "DENY (rule)");
                        return;
                    case IP_ACTION_ALLOW:
                        Debug::log(LOG, " | Action: PASS (rule)");
                        proxyPass(req, response);
-                        g_pTrafficLogger->logTraffic(req, IP_ACTION_ALLOW);
+                        g_pTrafficLogger->logTraffic(req, "PASS (rule)");
                        return;
                    case IP_ACTION_CHALLENGE:
                        Debug::log(LOG, " | Action: CHALLENGE (rule)");
@@ -218,7 +218,7 @@ void CServerHandler::onRequest(const Pistache::Http::Request& req, Pistache::Htt
                std::chrono::duration_cast<std::chrono::milliseconds>(TOKEN.issued().time_since_epoch()).count();
            if (AGE <= TOKEN_MAX_AGE_MS && TOKEN.fingerprint() == NRequestUtils::fingerprintForRequest(req)) {
                Debug::log(LOG, " | Action: PASS (token)");
-                g_pTrafficLogger->logTraffic(req, IP_ACTION_ALLOW);
+                g_pTrafficLogger->logTraffic(req, "PASS (token)");
                proxyPass(req, response);
                return;
            } else { // token has been used from a different IP or is expired. Nuke it.
@@ -239,7 +239,7 @@ void CServerHandler::onRequest(const Pistache::Http::Request& req, Pistache::Htt
        const auto        PATH_RAW      = NFsUtils::htmlPath(RESOURCE_PATH);

        std::error_code   ec;
-        auto        PATH_ABSOLUTE = std::filesystem::canonical(PATH_RAW, ec);
+        auto              PATH_ABSOLUTE = std::filesystem::canonical(PATH_RAW, ec);

        if (ec) {
            // bad resource, try .html
@@ -249,12 +249,14 @@ void CServerHandler::onRequest(const Pistache::Http::Request& req, Pistache::Htt
        if (ec) {
            // bad resource
            response.send(Pistache::Http::Code::Bad_Request, "Bad Request");
+            g_pTrafficLogger->logTraffic(req, "BAD_CHECKPOINT_RESOURCE");
            return;
        }

        if (!PATH_ABSOLUTE.string().starts_with(HTML_ROOT)) {
            // directory traversal
            response.send(Pistache::Http::Code::Bad_Request, "Bad Request");
+            g_pTrafficLogger->logTraffic(req, "BAD_CHECKPOINT_RESOURCE");
            return;
        }

@@ -270,10 +272,11 @@ void CServerHandler::onRequest(const Pistache::Http::Request& req, Pistache::Htt

        auto body = NFsUtils::readFileAsString(PATH_ABSOLUTE).value_or("");
        response.send(body.empty() ? Pistache::Http::Code::Internal_Server_Error : Pistache::Http::Code::Ok, body);
+        g_pTrafficLogger->logTraffic(req, "PASS (Checkpoint resource)");
        return;
    }

-    g_pTrafficLogger->logTraffic(req, IP_ACTION_CHALLENGE);
+    g_pTrafficLogger->logTraffic(req, "CHALLENGE");

    serveStop(req, response, challengeDifficulty);
 }
@@ -294,6 +297,7 @@ void CServerHandler::challengeSubmitted(const Pistache::Http::Request& req, Pist

    if (!CHALLENGE.valid()) {
        response.send(Pistache::Http::Code::Bad_Request, "Bad request");
+        g_pTrafficLogger->logTraffic(req, "CHALLENGE_FAIL");
        return;
    }

@@ -322,6 +326,8 @@ void CServerHandler::challengeSubmitted(const Pistache::Http::Request& req, Pist
        response.headers().add<Pistache::Http::Header::Location>("/");
        response.send(Pistache::Http::Code::Moved_Permanently, "");
    }
+
+    g_pTrafficLogger->logTraffic(req, "CHALLENGE_PASS");
 }

 void CServerHandler::serveStop(const Pistache::Http::Request& req, Pistache::Http::ResponseWriter& response, int difficulty) {
--- a/src/core/Handler.hpp
+++ b/src/core/Handler.hpp
@@ -17,13 +17,13 @@ class CServerHandler : public Pistache::Http::Handler {
    void onTimeout(const Pistache::Http::Request& request, Pistache::Http::ResponseWriter response);

  private:
-    void        serveStop(const Pistache::Http::Request& req, Pistache::Http::ResponseWriter& response, int difficulty);
-    void        proxyPass(const Pistache::Http::Request& req, Pistache::Http::ResponseWriter& response);
-    void        proxyPassInternal(const Pistache::Http::Request& req, Pistache::Http::ResponseWriter& response, bool async = false);
-    void        proxyPassAsync(const Pistache::Http::Request& req, Pistache::Http::ResponseWriter& response);
-    void        challengeSubmitted(const Pistache::Http::Request& req, Pistache::Http::ResponseWriter& response, bool js);
+    void serveStop(const Pistache::Http::Request& req, Pistache::Http::ResponseWriter& response, int difficulty);
+    void proxyPass(const Pistache::Http::Request& req, Pistache::Http::ResponseWriter& response);
+    void proxyPassInternal(const Pistache::Http::Request& req, Pistache::Http::ResponseWriter& response, bool async = false);
+    void proxyPassAsync(const Pistache::Http::Request& req, Pistache::Http::ResponseWriter& response);
+    void challengeSubmitted(const Pistache::Http::Request& req, Pistache::Http::ResponseWriter& response, bool js);

-    bool        isResourceCheckpoint(const std::string_view& res);
+    bool isResourceCheckpoint(const std::string_view& res);

    struct SChallengeResponse {
        std::string       challenge;
--- a/src/logging/TrafficLogger.cpp
+++ b/src/logging/TrafficLogger.cpp
@@ -74,18 +74,7 @@ static std::string sanitize(const std::string& s) {
    return cpy;
 }

-static const char* actionToString(eConfigIPAction a) {
-    switch (a) {
-        case IP_ACTION_CHALLENGE: return "CHALLENGE";
-        case IP_ACTION_ALLOW: return "ALLOW";
-        case IP_ACTION_DENY: return "DENY";
-        case IP_ACTION_NONE: return "NONE";
-    }
-
-    return "ERROR";
-}
-
-void CTrafficLogger::logTraffic(const Pistache::Http::Request& req, eConfigIPAction actionTaken) {
+void CTrafficLogger::logTraffic(const Pistache::Http::Request& req, const char* actionTaken) {
    if (!g_pConfig->m_config.logging.log_traffic)
        return;

@@ -125,7 +114,7 @@ void CTrafficLogger::logTraffic(const Pistache::Http::Request& req, eConfigIPAct
            }

            case TRAFFIC_ACTION: {
-                ss << fmt::format("{},", actionToString(actionTaken));
+                ss << fmt::format("{},", actionTaken);
                break;
            }
        }
--- a/src/logging/TrafficLogger.hpp
+++ b/src/logging/TrafficLogger.hpp
@@ -14,7 +14,7 @@ class CTrafficLogger {
    CTrafficLogger();
    ~CTrafficLogger();

-    void logTraffic(const Pistache::Http::Request& req, eConfigIPAction actionTaken);
+    void logTraffic(const Pistache::Http::Request& req, const char* actionTaken);

  private:
    enum eTrafficLoggerProps : uint8_t {
@@ -27,7 +27,7 @@ class CTrafficLogger {
    };

    std::vector<eTrafficLoggerProps> m_logSchema;
-    std::ofstream m_file;
+    std::ofstream                    m_file;
 };

 inline std::unique_ptr<CTrafficLogger> g_pTrafficLogger;