[PEBCAK] is there a way to capture 403 errors in the logs?

[d03j]

Have you read the documentation?

• [ x] Yes, but it does not include related information regarding my question.
• Yes, but the steps described in the documentation do not work on my machine.
• Yes, but I am having difficulty understanding it and wants clarification.

You are setting up gotify in

• [ x] Docker
• Linux native platform
• Windows native platform

Describe your problem

Any errors, logs, or other information that might help us identify your problem

Ex: docker-compose.yml, nginx.conf, android logcat, browser requests, etc.

I can't see attempts to use the API with the wrong token in the log

Hi again,
I have been having a look at gotify's logs before I start parsing them into crowdsec and gotify doesn't seem to be logging token errors.
When I use curl to send a message using the right token, I get a confirmation reply and can see a 200 /  POST     "/message?token=[masked]" entry in the log.
When I use curl to send a message using a wrong token, I get a forbidden message but can't any entries in the log.
Is this a matter of me setting up a different log level, or should I post this as a bug/enhancement?
Thanks!
$ curl "https://gotify.example.com/message?token=MYTOKEN" -F "message=Right Token"
{"id":4,"appid":1,"message":"Right Token","title":"test","priority":0,"date":"2023-11-07T15:31:13.105785065+11:00"}
$ curl "https://gotify.example.com/message?token=NOTMYTOKEN" -F "message=Wrong Token""
Forbidden
$ tail -n5  /path/to/log/gotify.log 
2023-11-07T15:20:32.119845081+11:00 stdout F 2023-11-07T15:20:32+11:00 | 200 |      2.2989ms |   x.x.x.x | GET      "/current/user"
2023-11-07T15:21:03.256265820+11:00 stdout F 2023-11-07T15:21:03+11:00 | 200 |    2.473123ms |   x.x.x.x | GET      "/current/user"
2023-11-07T15:21:33.529716049+11:00 stdout F 2023-11-07T15:21:33+11:00 | 200 |    2.484208ms |   x.x.x.x | GET      "/current/user"
2023-11-07T15:22:04.378334600+11:00 stdout F 2023-11-07T15:22:04+11:00 | 200 |  384.444342ms |   x.x.x.x | GET      "/stream?token=[masked]"
2023-11-07T15:31:13.384037109+11:00 stdout F 2023-11-07T15:31:13+11:00 | 200 |  553.689311ms |   x.x.x.x | POST     "/message?token=[masked]"

[jmattheis]

Cannot reproduce. Your "Forbidden" response is likely returned by your reverse proxy. Add your reverse proxy config to this ticket.

$ docker run -d --name gotify -p 8080:8080 -e GOTIFY_SERVER_PORT=8080 gotify/server:2.4.0
4b33e8cc29eafd66bd993b0b37e16adf437056736ec8c3079ea2116bc3ea6d85
$ curl "http://localhost:8080/message?token=A9BVqcGMzb8j8Dl" -F 'message=Right Token'
{"id":1,"appid":1,"message":"Right Token","title":"aeou","priority":0,"date":"2023-11-07T09:04:10.302250934Z"}%
$ curl "http://localhost:8080/message?token=oops" -F 'message=Wrong Token'
{"error":"Unauthorized","errorCode":401,"errorDescription":"you need to provide a valid access token or user credentials to access this api"}%
$ docker logs gotify
2023-11-07T09:04:10Z | 200 |    7.923651ms |      172.17.0.1 | POST     "/message?token=[masked]"
2023-11-07T09:04:18Z | 401 |     264.748µs |      172.17.0.1 | POST     "/message?token=[masked]"
Error #01: you need to provide a valid access token or user credentials to access this api

[d03j]

my bad! due to a quirk in my network config traffic from the machine I was using to test the API sometimes appears as coming from the LAN and others from the WAN. The 403/forbidden was indeed my reverse proxy blocking wan connections. Now I get the exact same as you. Thank you for checking, the prompt reply and apologies for wasting your time.