-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix logging public nkey on auth violation #894
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's make this a small func on client that returns a string and just pass that to Errorf, Noticef etc.
server/client.go
Outdated
c.Errorf("Subscription Violation - User %q, Subject %q, SID %s", | ||
c.opts.Username, sub.subject, sub.sid) | ||
|
||
var userInfo string |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think better to make this a small function on client.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good, just updated to use a small func on the client.
server/client.go
Outdated
@@ -2455,12 +2462,26 @@ sendToRoutes: | |||
|
|||
func (c *client) pubPermissionViolation(subject []byte) { | |||
c.sendErr(fmt.Sprintf("Permissions Violation for Publish to %q", subject)) | |||
c.Errorf("Publish Violation - User %q, Subject %q", c.opts.Username, subject) | |||
|
|||
var userInfo string |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can call same small func here.
cebaafc
to
f778cf3
Compare
server/client.go
Outdated
} | ||
|
||
func (c *client) replySubjectViolation(reply []byte) { | ||
c.sendErr(fmt.Sprintf("Permissions Violation for Publish with Reply of %q", reply)) | ||
c.Errorf("Publish Violation - User %q, Reply %q", c.opts.Username, reply) | ||
c.Errorf("Publish Violation - %s, Reply %q", c.getUserInfo(), reply) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Might still want to %q since it encloses in quotes..
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If I use %q
here then the quotes from the returned string would be escaped, for example:
Publish Violation - "Nkey \"UD6AYQSOIN2IN5OGC6VQZCR4H3UFMIOXSW6NNS6N53CLJA4PB56CEJJI\"", Subject "ngs.echo"```
return fmt.Sprintf("Nkey %q", c.opts.Nkey) | ||
case c.opts.Username != "": | ||
return fmt.Sprintf("User %q", c.opts.Username) | ||
default: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since we are looking for an auth user here (maybe rename it that), I don't think default should be cid, we get that in client logging. Maybe N/A or unauthorized?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changed the function to getAuthUser
instead here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also replaced logging cid to instead logging User "N/A"
Signed-off-by: Waldemar Quevedo <wally@synadia.com>
f778cf3
to
e4a4c98
Compare
LGTM |
Fixes a few logging entries where the public nkey would be missing in the log:
git pull --rebase origin master
)Fixes #862
/cc @nats-io/core
Signed-off-by: Waldemar Quevedo wally@synadia.com