debug.go 2.7 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798
  1. package middleware // import "github.com/docker/docker/api/server/middleware"
  2. import (
  3. "bufio"
  4. "context"
  5. "encoding/json"
  6. "io"
  7. "net/http"
  8. "strings"
  9. "github.com/docker/docker/api/server/httputils"
  10. "github.com/docker/docker/pkg/ioutils"
  11. "github.com/sirupsen/logrus"
  12. )
  13. // DebugRequestMiddleware dumps the request to logger
  14. func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error) func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
  15. return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
  16. logrus.Debugf("Calling %s %s", r.Method, r.RequestURI)
  17. if r.Method != "POST" {
  18. return handler(ctx, w, r, vars)
  19. }
  20. if err := httputils.CheckForJSON(r); err != nil {
  21. return handler(ctx, w, r, vars)
  22. }
  23. maxBodySize := 4096 // 4KB
  24. if r.ContentLength > int64(maxBodySize) {
  25. return handler(ctx, w, r, vars)
  26. }
  27. body := r.Body
  28. bufReader := bufio.NewReaderSize(body, maxBodySize)
  29. r.Body = ioutils.NewReadCloserWrapper(bufReader, func() error { return body.Close() })
  30. b, err := bufReader.Peek(maxBodySize)
  31. if err != io.EOF {
  32. // either there was an error reading, or the buffer is full (in which case the request is too large)
  33. return handler(ctx, w, r, vars)
  34. }
  35. var postForm map[string]interface{}
  36. if err := json.Unmarshal(b, &postForm); err == nil {
  37. maskSecretKeys(postForm, r.RequestURI)
  38. formStr, errMarshal := json.Marshal(postForm)
  39. if errMarshal == nil {
  40. logrus.Debugf("form data: %s", string(formStr))
  41. } else {
  42. logrus.Debugf("form data: %q", postForm)
  43. }
  44. }
  45. return handler(ctx, w, r, vars)
  46. }
  47. }
  48. func maskSecretKeys(inp interface{}, path string) {
  49. // Remove any query string from the path
  50. idx := strings.Index(path, "?")
  51. if idx != -1 {
  52. path = path[:idx]
  53. }
  54. // Remove trailing / characters
  55. path = strings.TrimRight(path, "/")
  56. if arr, ok := inp.([]interface{}); ok {
  57. for _, f := range arr {
  58. maskSecretKeys(f, path)
  59. }
  60. return
  61. }
  62. if form, ok := inp.(map[string]interface{}); ok {
  63. scrub := []string{
  64. // Note: The Data field contains the base64-encoded secret in 'secret'
  65. // and 'config' create and update requests. Currently, no other POST
  66. // API endpoints use a data field, so we scrub this field unconditionally.
  67. // Change this handling to be conditional if a new endpoint is added
  68. // in future where this field should not be scrubbed.
  69. "data",
  70. "jointoken",
  71. "password",
  72. "secret",
  73. "signingcakey",
  74. "unlockkey",
  75. }
  76. loop0:
  77. for k, v := range form {
  78. for _, m := range scrub {
  79. if strings.EqualFold(m, k) {
  80. form[k] = "*****"
  81. continue loop0
  82. }
  83. }
  84. maskSecretKeys(v, path)
  85. }
  86. }
  87. }