From 467d19d8c3cfe61176d6306ce486db1c7103c0e1 Mon Sep 17 00:00:00 2001
From: Vaxry <vaxry@vaxry.net>
Date: Mon, 28 Apr 2025 17:43:57 +0100
Subject: [PATCH] logging: improve action

---
 src/config/Config.cpp         |  2 +-
 src/config/Config.hpp         |  2 +-
 src/core/Challenge.cpp        | 11 +++--------
 src/core/Handler.cpp          | 20 +++++++++++++-------
 src/core/Handler.hpp          | 12 ++++++------
 src/logging/TrafficLogger.cpp | 15 ++-------------
 src/logging/TrafficLogger.hpp |  4 ++--
 7 files changed, 28 insertions(+), 38 deletions(-)

diff --git a/src/config/Config.cpp b/src/config/Config.cpp
index 67c89c0..f186d32 100644
--- a/src/config/Config.cpp
+++ b/src/config/Config.cpp
@@ -38,7 +38,7 @@ CConfig::CConfig() {
     for (const auto& ic : m_config.rules) {
         CConfigRule rule;
         rule.action = strToAction(ic.action);
-        
+
         if (ic.difficulty != -1)
             rule.difficulty = ic.difficulty;
 
diff --git a/src/config/Config.hpp b/src/config/Config.hpp
index 41d7458..cf5494a 100644
--- a/src/config/Config.hpp
+++ b/src/config/Config.hpp
@@ -39,7 +39,7 @@ class CConfig {
         std::vector<SProxyRule>  proxy_rules;
 
         struct {
-            bool log_traffic = false;
+            bool        log_traffic = false;
             std::string traffic_log_schema;
             std::string traffic_log_file;
         } logging;
diff --git a/src/core/Challenge.cpp b/src/core/Challenge.cpp
index 3150a0a..9873ea4 100644
--- a/src/core/Challenge.cpp
+++ b/src/core/Challenge.cpp
@@ -49,17 +49,12 @@ CChallenge::CChallenge(const std::string& jsonResponse) {
 CChallenge::CChallenge(const Pistache::Http::Request& reqResponse) {
     auto& q = reqResponse.query();
 
-    if (!q.has("solution")
-        || !q.has("fingerprint")
-        || !q.has("challenge")
-        || !q.has("timestamp")
-        || !q.has("sig")
-        || !q.has("difficulty"))
+    if (!q.has("solution") || !q.has("fingerprint") || !q.has("challenge") || !q.has("timestamp") || !q.has("sig") || !q.has("difficulty"))
         return;
 
-    m_challenge = q.get("challenge").value();
+    m_challenge   = q.get("challenge").value();
     m_fingerprint = q.get("fingerprint").value();
-    m_sig = q.get("sig").value();
+    m_sig         = q.get("sig").value();
 
     try {
         m_issued = std::chrono::system_clock::time_point(std::chrono::seconds(std::stoull(q.get("timestamp").value())));
diff --git a/src/core/Handler.cpp b/src/core/Handler.cpp
index fc5fdf2..6628cf5 100644
--- a/src/core/Handler.cpp
+++ b/src/core/Handler.cpp
@@ -167,14 +167,14 @@ void CServerHandler::onRequest(const Pistache::Http::Request& req, Pistache::Htt
                 Debug::log(TRACE, "Request looks like it is coming from git (UA + GP). Accepting.");
 
                 proxyPass(req, response);
-                g_pTrafficLogger->logTraffic(req, IP_ACTION_ALLOW);
+                g_pTrafficLogger->logTraffic(req, "PASS (git)");
                 return;
             } else if (userAgentHeader->agent().starts_with("git/")) {
                 Debug::log(LOG, " | Action: PASS (git)");
                 Debug::log(TRACE, "Request looks like it is coming from git (UA git). Accepting.");
 
                 proxyPass(req, response);
-                g_pTrafficLogger->logTraffic(req, IP_ACTION_ALLOW);
+                g_pTrafficLogger->logTraffic(req, "PASS (git)");
                 return;
             }
         }
@@ -190,12 +190,12 @@ void CServerHandler::onRequest(const Pistache::Http::Request& req, Pistache::Htt
                     case IP_ACTION_DENY:
                         Debug::log(LOG, " | Action: DENY (rule)");
                         response.send(Pistache::Http::Code::Forbidden, "Blocked by checkpoint");
-                        g_pTrafficLogger->logTraffic(req, IP_ACTION_DENY);
+                        g_pTrafficLogger->logTraffic(req, "DENY (rule)");
                         return;
                     case IP_ACTION_ALLOW:
                         Debug::log(LOG, " | Action: PASS (rule)");
                         proxyPass(req, response);
-                        g_pTrafficLogger->logTraffic(req, IP_ACTION_ALLOW);
+                        g_pTrafficLogger->logTraffic(req, "PASS (rule)");
                         return;
                     case IP_ACTION_CHALLENGE:
                         Debug::log(LOG, " | Action: CHALLENGE (rule)");
@@ -218,7 +218,7 @@ void CServerHandler::onRequest(const Pistache::Http::Request& req, Pistache::Htt
                 std::chrono::duration_cast<std::chrono::milliseconds>(TOKEN.issued().time_since_epoch()).count();
             if (AGE <= TOKEN_MAX_AGE_MS && TOKEN.fingerprint() == NRequestUtils::fingerprintForRequest(req)) {
                 Debug::log(LOG, " | Action: PASS (token)");
-                g_pTrafficLogger->logTraffic(req, IP_ACTION_ALLOW);
+                g_pTrafficLogger->logTraffic(req, "PASS (token)");
                 proxyPass(req, response);
                 return;
             } else { // token has been used from a different IP or is expired. Nuke it.
@@ -239,7 +239,7 @@ void CServerHandler::onRequest(const Pistache::Http::Request& req, Pistache::Htt
         const auto        PATH_RAW      = NFsUtils::htmlPath(RESOURCE_PATH);
 
         std::error_code   ec;
-        auto        PATH_ABSOLUTE = std::filesystem::canonical(PATH_RAW, ec);
+        auto              PATH_ABSOLUTE = std::filesystem::canonical(PATH_RAW, ec);
 
         if (ec) {
             // bad resource, try .html
@@ -249,12 +249,14 @@ void CServerHandler::onRequest(const Pistache::Http::Request& req, Pistache::Htt
         if (ec) {
             // bad resource
             response.send(Pistache::Http::Code::Bad_Request, "Bad Request");
+            g_pTrafficLogger->logTraffic(req, "BAD_CHECKPOINT_RESOURCE");
             return;
         }
 
         if (!PATH_ABSOLUTE.string().starts_with(HTML_ROOT)) {
             // directory traversal
             response.send(Pistache::Http::Code::Bad_Request, "Bad Request");
+            g_pTrafficLogger->logTraffic(req, "BAD_CHECKPOINT_RESOURCE");
             return;
         }
 
@@ -270,10 +272,11 @@ void CServerHandler::onRequest(const Pistache::Http::Request& req, Pistache::Htt
 
         auto body = NFsUtils::readFileAsString(PATH_ABSOLUTE).value_or("");
         response.send(body.empty() ? Pistache::Http::Code::Internal_Server_Error : Pistache::Http::Code::Ok, body);
+        g_pTrafficLogger->logTraffic(req, "PASS (Checkpoint resource)");
         return;
     }
 
-    g_pTrafficLogger->logTraffic(req, IP_ACTION_CHALLENGE);
+    g_pTrafficLogger->logTraffic(req, "CHALLENGE");
 
     serveStop(req, response, challengeDifficulty);
 }
@@ -294,6 +297,7 @@ void CServerHandler::challengeSubmitted(const Pistache::Http::Request& req, Pist
 
     if (!CHALLENGE.valid()) {
         response.send(Pistache::Http::Code::Bad_Request, "Bad request");
+        g_pTrafficLogger->logTraffic(req, "CHALLENGE_FAIL");
         return;
     }
 
@@ -322,6 +326,8 @@ void CServerHandler::challengeSubmitted(const Pistache::Http::Request& req, Pist
         response.headers().add<Pistache::Http::Header::Location>("/");
         response.send(Pistache::Http::Code::Moved_Permanently, "");
     }
+
+    g_pTrafficLogger->logTraffic(req, "CHALLENGE_PASS");
 }
 
 void CServerHandler::serveStop(const Pistache::Http::Request& req, Pistache::Http::ResponseWriter& response, int difficulty) {
diff --git a/src/core/Handler.hpp b/src/core/Handler.hpp
index 8427871..0f5c358 100644
--- a/src/core/Handler.hpp
+++ b/src/core/Handler.hpp
@@ -17,13 +17,13 @@ class CServerHandler : public Pistache::Http::Handler {
     void onTimeout(const Pistache::Http::Request& request, Pistache::Http::ResponseWriter response);
 
   private:
-    void        serveStop(const Pistache::Http::Request& req, Pistache::Http::ResponseWriter& response, int difficulty);
-    void        proxyPass(const Pistache::Http::Request& req, Pistache::Http::ResponseWriter& response);
-    void        proxyPassInternal(const Pistache::Http::Request& req, Pistache::Http::ResponseWriter& response, bool async = false);
-    void        proxyPassAsync(const Pistache::Http::Request& req, Pistache::Http::ResponseWriter& response);
-    void        challengeSubmitted(const Pistache::Http::Request& req, Pistache::Http::ResponseWriter& response, bool js);
+    void serveStop(const Pistache::Http::Request& req, Pistache::Http::ResponseWriter& response, int difficulty);
+    void proxyPass(const Pistache::Http::Request& req, Pistache::Http::ResponseWriter& response);
+    void proxyPassInternal(const Pistache::Http::Request& req, Pistache::Http::ResponseWriter& response, bool async = false);
+    void proxyPassAsync(const Pistache::Http::Request& req, Pistache::Http::ResponseWriter& response);
+    void challengeSubmitted(const Pistache::Http::Request& req, Pistache::Http::ResponseWriter& response, bool js);
 
-    bool        isResourceCheckpoint(const std::string_view& res);
+    bool isResourceCheckpoint(const std::string_view& res);
 
     struct SChallengeResponse {
         std::string       challenge;
diff --git a/src/logging/TrafficLogger.cpp b/src/logging/TrafficLogger.cpp
index a7cb310..31724ff 100644
--- a/src/logging/TrafficLogger.cpp
+++ b/src/logging/TrafficLogger.cpp
@@ -74,18 +74,7 @@ static std::string sanitize(const std::string& s) {
     return cpy;
 }
 
-static const char* actionToString(eConfigIPAction a) {
-    switch (a) {
-        case IP_ACTION_CHALLENGE: return "CHALLENGE";
-        case IP_ACTION_ALLOW: return "ALLOW";
-        case IP_ACTION_DENY: return "DENY";
-        case IP_ACTION_NONE: return "NONE";
-    }
-
-    return "ERROR";
-}
-
-void CTrafficLogger::logTraffic(const Pistache::Http::Request& req, eConfigIPAction actionTaken) {
+void CTrafficLogger::logTraffic(const Pistache::Http::Request& req, const char* actionTaken) {
     if (!g_pConfig->m_config.logging.log_traffic)
         return;
 
@@ -125,7 +114,7 @@ void CTrafficLogger::logTraffic(const Pistache::Http::Request& req, eConfigIPAct
             }
 
             case TRAFFIC_ACTION: {
-                ss << fmt::format("{},", actionToString(actionTaken));
+                ss << fmt::format("{},", actionTaken);
                 break;
             }
         }
diff --git a/src/logging/TrafficLogger.hpp b/src/logging/TrafficLogger.hpp
index bd47546..29c7d56 100644
--- a/src/logging/TrafficLogger.hpp
+++ b/src/logging/TrafficLogger.hpp
@@ -14,7 +14,7 @@ class CTrafficLogger {
     CTrafficLogger();
     ~CTrafficLogger();
 
-    void logTraffic(const Pistache::Http::Request& req, eConfigIPAction actionTaken);
+    void logTraffic(const Pistache::Http::Request& req, const char* actionTaken);
 
   private:
     enum eTrafficLoggerProps : uint8_t {
@@ -27,7 +27,7 @@ class CTrafficLogger {
     };
 
     std::vector<eTrafficLoggerProps> m_logSchema;
-    std::ofstream m_file;
+    std::ofstream                    m_file;
 };
 
 inline std::unique_ptr<CTrafficLogger> g_pTrafficLogger;
\ No newline at end of file