From 0f073a40fd08c0a8a1cb0a976c885c24a4a6147c Mon Sep 17 00:00:00 2001
From: Nicola Murino <nicola.murino@gmail.com>
Date: Wed, 13 Nov 2024 18:33:07 +0100
Subject: [PATCH] logger: add cipher suite

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
---
 internal/logger/request_logger.go | 17 +++++++++++------
 internal/webdavd/server.go        | 25 +++++++++++++++++++------
 2 files changed, 30 insertions(+), 12 deletions(-)

diff --git a/internal/logger/request_logger.go b/internal/logger/request_logger.go
index fa269d7e..325f44b9 100644
--- a/internal/logger/request_logger.go
+++ b/internal/logger/request_logger.go
@@ -15,6 +15,7 @@
 package logger
 
 import (
+	"crypto/tls"
 	"fmt"
 	"net"
 	"net/http"
@@ -50,17 +51,21 @@ func NewStructuredLogger(logger *zerolog.Logger) func(next http.Handler) http.Ha
 // NewLogEntry creates a new log entry for an HTTP request
 func (l *StructuredLogger) NewLogEntry(r *http.Request) middleware.LogEntry {
 	scheme := "http"
+	cipherSuite := ""
 	if r.TLS != nil {
 		scheme = "https"
+		cipherSuite = tls.CipherSuiteName(r.TLS.CipherSuite)
 	}
 
 	fields := map[string]any{
-		"local_addr":  getLocalAddress(r),
-		"remote_addr": r.RemoteAddr,
-		"proto":       r.Proto,
-		"method":      r.Method,
-		"user_agent":  r.UserAgent(),
-		"uri":         fmt.Sprintf("%s://%s%s", scheme, r.Host, r.RequestURI)}
+		"local_addr":   getLocalAddress(r),
+		"remote_addr":  r.RemoteAddr,
+		"proto":        r.Proto,
+		"method":       r.Method,
+		"user_agent":   r.UserAgent(),
+		"uri":          fmt.Sprintf("%s://%s%s", scheme, r.Host, r.RequestURI),
+		"cipher_suite": cipherSuite,
+	}
 
 	reqID := middleware.GetReqID(r.Context())
 	if reqID != "" {
diff --git a/internal/webdavd/server.go b/internal/webdavd/server.go
index 4cd849fe..b271af49 100644
--- a/internal/webdavd/server.go
+++ b/internal/webdavd/server.go
@@ -34,6 +34,7 @@ import (
 	"github.com/go-chi/chi/v5/middleware"
 	"github.com/rs/cors"
 	"github.com/rs/xid"
+	"github.com/rs/zerolog"
 	"github.com/sftpgo/sdk/plugin/notifier"
 
 	"github.com/drakkan/sftpgo/v2/internal/common"
@@ -390,15 +391,19 @@ func (s *webDavServer) checkRemoteAddress(r *http.Request) string {
 
 func writeLog(r *http.Request, status int, err error) {
 	scheme := "http"
+	cipherSuite := ""
 	if r.TLS != nil {
 		scheme = "https"
+		cipherSuite = tls.CipherSuiteName(r.TLS.CipherSuite)
 	}
 	fields := map[string]any{
-		"remote_addr": r.RemoteAddr,
-		"proto":       r.Proto,
-		"method":      r.Method,
-		"user_agent":  r.UserAgent(),
-		"uri":         fmt.Sprintf("%s://%s%s", scheme, r.Host, r.RequestURI)}
+		"remote_addr":  r.RemoteAddr,
+		"proto":        r.Proto,
+		"method":       r.Method,
+		"user_agent":   r.UserAgent(),
+		"uri":          fmt.Sprintf("%s://%s%s", scheme, r.Host, r.RequestURI),
+		"cipher_suite": cipherSuite,
+	}
 	if reqID, ok := r.Context().Value(requestIDKey).(string); ok {
 		fields["request_id"] = reqID
 	}
@@ -417,7 +422,15 @@ func writeLog(r *http.Request, status int, err error) {
 	if status != 0 {
 		fields["resp_status"] = status
 	}
-	logger.GetLogger().Info().
+	var ev *zerolog.Event
+	if status >= http.StatusInternalServerError {
+		ev = logger.GetLogger().Error()
+	} else if status >= http.StatusBadRequest {
+		ev = logger.GetLogger().Warn()
+	} else {
+		ev = logger.GetLogger().Debug()
+	}
+	ev.
 		Timestamp().
 		Str("sender", logSender).
 		Fields(fields).