Replace default console output with timestamped log messages

This commit is contained in:
Christian Claus 2018-04-14 20:49:39 +02:00
parent f0612c6422
commit 785a6182bf
6 changed files with 189 additions and 99 deletions

120
Readme.md
View file

@ -21,6 +21,7 @@ It perfectly fits if you would like to give some people the possibility to uploa
* [TLS](#tls) * [TLS](#tls)
* [Behind a proxy](#behind-a-proxy) * [Behind a proxy](#behind-a-proxy)
* [User management](#user-management) * [User management](#user-management)
* [Logging](#logging)
* [Live reload](#live-reload) * [Live reload](#live-reload)
- [Installation](#installation) - [Installation](#installation)
* [Binary-Installation](#binary-installation) * [Binary-Installation](#binary-installation)
@ -41,15 +42,15 @@ The configuration is done in form of a yaml file. _swd_ will scan the following
Here an example of a very simple but functional configuration: Here an example of a very simple but functional configuration:
address: "127.0.0.1" # the bind address address: "127.0.0.1" # the bind address
port: "8000" # the listening port port: "8000" # the listening port
dir: "/home/webdav" # the provided base dir dir: "/home/webdav" # the provided base dir
users: users:
user: # with password 'foo' and jailed access to '/home/webdav/user' user: # with password 'foo' and jailed access to '/home/webdav/user'
password: "$2a$10$yITzSSNJZAdDZs8iVBQzkuZCzZ49PyjTiPIrmBUKUpB0pwX7eySvW" password: "$2a$10$yITzSSNJZAdDZs8iVBQzkuZCzZ49PyjTiPIrmBUKUpB0pwX7eySvW"
subdir: "/user" subdir: "/user"
admin: # with password 'foo' and access to '/home/webdav' admin: # with password 'foo' and access to '/home/webdav'
password: "$2a$10$DaWhagZaxWnWAOXY0a55.eaYccgtMOL3lGlqI3spqIBGyM0MD.EN6" password: "$2a$10$DaWhagZaxWnWAOXY0a55.eaYccgtMOL3lGlqI3spqIBGyM0MD.EN6"
### TLS ### TLS
@ -58,21 +59,21 @@ At first, use your favorite toolchain to obtain a SSL certificate and keyfile (i
Here an example with `openssl`: Here an example with `openssl`:
# Generate a keypair # Generate a keypair
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365
# Remove the passphrase from the key file # Remove the passphrase from the key file
openssl rsa -in key.pem -out clean_key.pem openssl rsa -in key.pem -out clean_key.pem
Now you can reference your keypair in the configuration via: Now you can reference your keypair in the configuration via:
address: "127.0.0.1" # the bind address address: "127.0.0.1" # the bind address
port: "8000" # the listening port port: "8000" # the listening port
dir: "/home/webdav" # the provided base directory dir: "/home/webdav" # the provided base directory
tls: tls:
keyFile: clean_key.pem keyFile: clean_key.pem
certFile: cert.pem certFile: cert.pem
users: users:
... ...
The presence of the `tls` section is completely enough to let the server start with a TLS secured https connection. The presence of the `tls` section is completely enough to let the server start with a TLS secured https connection.
@ -84,11 +85,11 @@ If you'd like to move your setup behind a proxy / gateway under a specific path,
For example: If you have a rule that proxies all requests of `https://domain.com/webdav` to `https://localhost:8000`, you have to set the prefix to `/webdav`. For example: If you have a rule that proxies all requests of `https://domain.com/webdav` to `https://localhost:8000`, you have to set the prefix to `/webdav`.
address: "127.0.0.1" # the bind address address: "127.0.0.1" # the bind address
port: "8000" # the listening port port: "8000" # the listening port
prefix: "/webdav" # the url-prefix of the original url prefix: "/webdav" # the url-prefix of the original url
dir: "/home/webdav" # the provided base directory dir: "/home/webdav" # the provided base directory
... ...
### User management ### User management
@ -98,16 +99,41 @@ The password must be in form of a BCrypt hash. You can generate one calling the
If a subdirectory is configured for a user, the user is jailed within it and can't see anything that exists outside of this directory. If no subdirectory is configured for an user, the user can see and modify all files within the base directory. If a subdirectory is configured for a user, the user is jailed within it and can't see anything that exists outside of this directory. If no subdirectory is configured for an user, the user can see and modify all files within the base directory.
### Logging
You can enable / disable logging for the following operations:
- **C**reation of files or directories
- **R**eading of files or directories
- **U**pdating of files or directories
- **D**eletion of files or directories
All logs are disabled per default until you will turn it on via the following config entries:
address: "127.0.0.1" # the bind address
port: "8000" # the listening port
dir: "/home/webdav" # the provided base directory
log:
create: true
read: true
update: true
delete: true
...
Be aware, that the log pattern of an attached tty differs from the log pattern of a detached tty.
Example of an attached tty:
INFO[0000] Server is starting and listening address=0.0.0.0 port=8000 security=none
Example of a detached tty:
time="2018-04-14T20:46:00+02:00" level=info msg="Server is starting and listening" address=0.0.0.0 port=8000 security=none
### Live reload ### Live reload
If you're editing the user section of the configuration to: There is no need to restart the server itself, if you're editing the user or log section of the configuration. The config file will be re-read and the application will update it's own configuration silently in background.
- Remove a user
- Add a user
- Add, remove or change a user's subdirectory
- Update a users password
There is no need to restart the server itself. The config file will be re-read and the application will update it's own configuration silently in background.
## Installation ## Installation
@ -119,7 +145,7 @@ You can check out the [releases page](https://github.com/micromata/swd/releases)
At first you have to clone the repository with: At first you have to clone the repository with:
git clone git@github.com:micromata/swd.git git clone git@github.com:micromata/swd.git
To build and install from sources you have two major possibilites: To build and install from sources you have two major possibilites:
@ -133,20 +159,20 @@ You can also use mage to build the project.
Please ensure you've got [mage](https://magefile.org) installed. This can be done with the following steps: Please ensure you've got [mage](https://magefile.org) installed. This can be done with the following steps:
go get -u -d github.com/magefile/mage go get -u -d github.com/magefile/mage
cd $GOPATH/src/github.com/magefile/mage cd $GOPATH/src/github.com/magefile/mage
go run bootstrap.go go run bootstrap.go
Now you can call `mage install` to build and install the binaries. If you just call `mage`, you'll get a list of possible targets: Now you can call `mage install` to build and install the binaries. If you just call `mage`, you'll get a list of possible targets:
Targets: Targets:
build Builds swd and swdcli and moves it to the dist directory build Builds swd and swdcli and moves it to the dist directory
buildReleases Builds swd and swdcli for different OS and package them to a zip file for each os buildReleases Builds swd and swdcli for different OS and package them to a zip file for each os
check Runs golint and go tool vet on each .go file. check Runs golint and go tool vet on each .go file.
clean Removes the dist directory clean Removes the dist directory
fmt Formats the code via gofmt fmt Formats the code via gofmt
install Installs swd and swdcli to your $GOPATH/bin folder install Installs swd and swdcli to your $GOPATH/bin folder
installDeps Runs dep ensure and installs additional dependencies. installDeps Runs dep ensure and installs additional dependencies.
## Connecting ## Connecting
@ -162,8 +188,8 @@ to get an idea of it.
If you'd like to contribute, please make sure to use the [magefile](#magefile) and execute and check the following commands before starting a PR: If you'd like to contribute, please make sure to use the [magefile](#magefile) and execute and check the following commands before starting a PR:
mage fmt mage fmt
mage check mage check
If you've got an idea of a function that should find it's way into this If you've got an idea of a function that should find it's way into this
project, but you won't implement it by yourself, please create a new project, but you won't implement it by yourself, please create a new

View file

@ -3,8 +3,8 @@ package app
import ( import (
"fmt" "fmt"
"github.com/fsnotify/fsnotify" "github.com/fsnotify/fsnotify"
log "github.com/sirupsen/logrus"
"github.com/spf13/viper" "github.com/spf13/viper"
"log"
"os" "os"
"path/filepath" "path/filepath"
) )
@ -16,9 +16,18 @@ type Config struct {
Prefix string Prefix string
Dir string Dir string
TLS *TLS TLS *TLS
Log Logging
Users map[string]*UserInfo Users map[string]*UserInfo
} }
// Logging allows definition for logging each CRUD method.
type Logging struct {
Create bool
Read bool
Update bool
Delete bool
}
// TLS allows specification of a certificate and private key file. // TLS allows specification of a certificate and private key file.
type TLS struct { type TLS struct {
CertFile string CertFile string
@ -75,14 +84,18 @@ func setDefaults() {
viper.SetDefault("Prefix", "") viper.SetDefault("Prefix", "")
viper.SetDefault("Dir", "/tmp") viper.SetDefault("Dir", "/tmp")
viper.SetDefault("TLS", nil) viper.SetDefault("TLS", nil)
viper.SetDefault("Log.Create", false)
viper.SetDefault("Log.Read", false)
viper.SetDefault("Log.Update", false)
viper.SetDefault("Log.Delete", false)
} }
func (cfg *Config) updateConfig(e fsnotify.Event) { func (cfg *Config) updateConfig(e fsnotify.Event) {
fmt.Println("Config file changed:", e.Name) log.WithField("path", e.Name).Info("Config file changed")
file, err := os.Open(e.Name) file, err := os.Open(e.Name)
if err != nil { if err != nil {
fmt.Println("Error reloading config", e.Name) log.WithField("path", e.Name).Warn("Error reloading config")
} }
var updatedCfg = &Config{} var updatedCfg = &Config{}
@ -91,30 +104,50 @@ func (cfg *Config) updateConfig(e fsnotify.Event) {
for username := range cfg.Users { for username := range cfg.Users {
if updatedCfg.Users[username] == nil { if updatedCfg.Users[username] == nil {
fmt.Printf("Removed User from configuration: %s\n", username) log.WithField("user", username).Info("Removed User from configuration")
cfg.Users[username] = nil cfg.Users[username] = nil
} }
} }
for username, v := range updatedCfg.Users { for username, v := range updatedCfg.Users {
if cfg.Users[username] == nil { if cfg.Users[username] == nil {
fmt.Printf("Added User to configuration: %s\n", username) log.WithField("user", username).Info("Added User to configuration")
cfg.Users[username] = v cfg.Users[username] = v
} else { } else {
if cfg.Users[username].Password != v.Password { if cfg.Users[username].Password != v.Password {
fmt.Printf("Updated password of user: %s\n", username) log.WithField("user", username).Info("Updated password of user")
cfg.Users[username].Password = v.Password cfg.Users[username].Password = v.Password
} }
} }
} }
cfg.ensureUserDirs() cfg.ensureUserDirs()
if cfg.Log.Create != updatedCfg.Log.Create {
cfg.Log.Create = updatedCfg.Log.Create
log.WithField("enabled", cfg.Log.Create).Info("Set logging for create operations")
}
if cfg.Log.Read != updatedCfg.Log.Read {
cfg.Log.Read = updatedCfg.Log.Read
log.WithField("enabled", cfg.Log.Read).Info("Set logging for read operations")
}
if cfg.Log.Update != updatedCfg.Log.Update {
cfg.Log.Update = updatedCfg.Log.Update
log.WithField("enabled", cfg.Log.Update).Info("Set logging for update operations")
}
if cfg.Log.Delete != updatedCfg.Log.Delete {
cfg.Log.Delete = updatedCfg.Log.Delete
log.WithField("enabled", cfg.Log.Delete).Info("Set logging for delete operations")
}
} }
func (cfg *Config) ensureUserDirs() { func (cfg *Config) ensureUserDirs() {
if _, err := os.Stat(cfg.Dir); os.IsNotExist(err) { if _, err := os.Stat(cfg.Dir); os.IsNotExist(err) {
os.Mkdir(cfg.Dir, os.ModePerm) os.Mkdir(cfg.Dir, os.ModePerm)
fmt.Printf("Created base dir: %s\n", cfg.Dir) log.WithField("path", cfg.Dir).Info("Created base dir")
} }
for _, user := range cfg.Users { for _, user := range cfg.Users {
@ -122,7 +155,7 @@ func (cfg *Config) ensureUserDirs() {
path := filepath.Join(cfg.Dir, *user.Subdir) path := filepath.Join(cfg.Dir, *user.Subdir)
if _, err := os.Stat(path); os.IsNotExist(err) { if _, err := os.Stat(path); os.IsNotExist(err) {
os.Mkdir(path, os.ModePerm) os.Mkdir(path, os.ModePerm)
fmt.Printf("Created user dir: %s\n", path) log.WithField("path", path).Info("Created user dir")
} }
} }
} }

View file

@ -3,6 +3,7 @@ package app
import ( import (
"context" "context"
"github.com/abbot/go-http-auth" "github.com/abbot/go-http-auth"
log "github.com/sirupsen/logrus"
"golang.org/x/net/webdav" "golang.org/x/net/webdav"
"os" "os"
"path" "path"
@ -18,6 +19,15 @@ type Dir struct {
Config *Config Config *Config
} }
func (d Dir) resolveUser(ctx context.Context) string {
authInfo := auth.FromContext(ctx)
if authInfo != nil && authInfo.Authenticated {
return authInfo.Username
}
return ""
}
// resolve tries to gain authentication information and suffixes the BaseDir with the // resolve tries to gain authentication information and suffixes the BaseDir with the
// username of the authentication information. If none authentication information can // username of the authentication information. If none authentication information can
// achieved during the process, the BaseDir is used // achieved during the process, the BaseDir is used
@ -48,7 +58,19 @@ func (d Dir) Mkdir(ctx context.Context, name string, perm os.FileMode) error {
if name = d.resolve(ctx, name); name == "" { if name = d.resolve(ctx, name); name == "" {
return os.ErrNotExist return os.ErrNotExist
} }
return os.Mkdir(name, perm) err := os.Mkdir(name, perm)
if err != nil {
return err
}
if d.Config.Log.Create {
log.WithFields(log.Fields{
"path": name,
"user": d.resolveUser(ctx),
}).Info("Created directory")
}
return err
} }
// OpenFile resolves the physical file and delegates this to an os.OpenFile execution // OpenFile resolves the physical file and delegates this to an os.OpenFile execution
@ -60,6 +82,14 @@ func (d Dir) OpenFile(ctx context.Context, name string, flag int, perm os.FileMo
if err != nil { if err != nil {
return nil, err return nil, err
} }
if d.Config.Log.Read {
log.WithFields(log.Fields{
"path": name,
"user": d.resolveUser(ctx),
}).Info("Opened file")
}
return f, nil return f, nil
} }
@ -72,7 +102,20 @@ func (d Dir) RemoveAll(ctx context.Context, name string) error {
// Prohibit removing the virtual root directory. // Prohibit removing the virtual root directory.
return os.ErrInvalid return os.ErrInvalid
} }
return os.RemoveAll(name)
err := os.RemoveAll(name)
if err != nil {
return err
}
if d.Config.Log.Delete {
log.WithFields(log.Fields{
"path": name,
"user": d.resolveUser(ctx),
}).Info("Deleted file or directory")
}
return nil
} }
// Rename resolves the physical file and delegates this to an os.Rename execution // Rename resolves the physical file and delegates this to an os.Rename execution
@ -87,7 +130,21 @@ func (d Dir) Rename(ctx context.Context, oldName, newName string) error {
// Prohibit renaming from or to the virtual root directory. // Prohibit renaming from or to the virtual root directory.
return os.ErrInvalid return os.ErrInvalid
} }
return os.Rename(oldName, newName)
err := os.Rename(oldName, newName)
if err != nil {
return err
}
if d.Config.Log.Update {
log.WithFields(log.Fields{
"oldPath": oldName,
"newPath": newName,
"user": d.resolveUser(ctx),
}).Info("Renamed file or directory")
}
return nil
} }
// Stat resolves the physical file and delegates this to an os.Stat execution // Stat resolves the physical file and delegates this to an os.Stat execution

View file

@ -1,34 +0,0 @@
package app
import (
"github.com/abbot/go-http-auth"
log "github.com/sirupsen/logrus"
"net/http"
)
// ModificationLogHandler logs each incoming request, which has a method
// to create, update or delete a file or directory. If the request carries
// authentication information, the respective username will also be logged.
func ModificationLogHandler(r *http.Request, e error) {
if r.Method == "PUT" || r.Method == "POST" || r.Method == "MKCOL" ||
r.Method == "DELETE" || r.Method == "COPY" || r.Method == "MOVE" {
var contextLogger *log.Entry
authInfo := auth.FromContext(r.Context())
if authInfo == nil || !authInfo.Authenticated {
contextLogger = log.WithFields(log.Fields{
"url": r.URL.Path,
"method": r.Method,
})
} else {
contextLogger = log.WithFields(log.Fields{
"url": r.URL.Path,
"method": r.Method,
"user": authInfo.Username,
})
}
contextLogger.Info("File modified")
}
}

View file

@ -2,8 +2,8 @@ package app
import ( import (
"context" "context"
"fmt"
"github.com/abbot/go-http-auth" "github.com/abbot/go-http-auth"
log "github.com/sirupsen/logrus"
"net/http" "net/http"
) )
@ -16,7 +16,7 @@ func Authorize(config *Config) auth.SecretProvider {
return user.Password return user.Password
} }
fmt.Printf("Username not found: %s\n", username) log.WithField("user", username).Warn("Username not found")
return "" return ""
} }
} }

View file

@ -3,12 +3,14 @@ package main
import ( import (
"fmt" "fmt"
"github.com/micromata/swd/app" "github.com/micromata/swd/app"
log "github.com/sirupsen/logrus"
"golang.org/x/net/webdav" "golang.org/x/net/webdav"
"log"
"net/http" "net/http"
) )
func main() { func main() {
log.SetFormatter(&log.TextFormatter{})
config := app.ParseConfig() config := app.ParseConfig()
wdHandler := &webdav.Handler{ wdHandler := &webdav.Handler{
@ -19,8 +21,6 @@ func main() {
LockSystem: webdav.NewMemLS(), LockSystem: webdav.NewMemLS(),
} }
//wdHandler.Logger = app.ModificationLogHandler
a := &app.App{ a := &app.App{
Config: config, Config: config,
Handler: wdHandler, Handler: wdHandler,
@ -31,10 +31,18 @@ func main() {
connAddr := fmt.Sprintf("%s:%s", config.Address, config.Port) connAddr := fmt.Sprintf("%s:%s", config.Address, config.Port)
if config.TLS != nil { if config.TLS != nil {
fmt.Printf("TLS Server is starting and listening at: %s\n", connAddr) log.WithFields(log.Fields{
"address": config.Address,
"port": config.Port,
"security": "TLS",
}).Info("Server is starting and listening")
log.Fatal(http.ListenAndServeTLS(connAddr, config.TLS.CertFile, config.TLS.KeyFile, nil)) log.Fatal(http.ListenAndServeTLS(connAddr, config.TLS.CertFile, config.TLS.KeyFile, nil))
} else { } else {
fmt.Printf("Server is starting and listening at: %s\n", connAddr) log.WithFields(log.Fields{
"address": config.Address,
"port": config.Port,
"security": "none",
}).Info("Server is starting and listening")
log.Fatal(http.ListenAndServe(connAddr, nil)) log.Fatal(http.ListenAndServe(connAddr, nil))
} }
} }