logger: add cipher suite

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-11-21 15:10:23 +00:00 · 2024-11-13 18:33:07 +01:00 · 2024-11-13 18:33:07 +01:00 · 0f073a40fd
commit 0f073a40fd
parent 618723c457
2 changed files with 30 additions and 12 deletions
--- a/internal/logger/request_logger.go
+++ b/internal/logger/request_logger.go
@ -15,6 +15,7 @@
 package logger

 import (
+	"crypto/tls"
 	"fmt"
 	"net"
 	"net/http"
@ -50,17 +51,21 @@ func NewStructuredLogger(logger *zerolog.Logger) func(next http.Handler) http.Ha
 // NewLogEntry creates a new log entry for an HTTP request
 func (l *StructuredLogger) NewLogEntry(r *http.Request) middleware.LogEntry {
 	scheme := "http"
+	cipherSuite := ""
 	if r.TLS != nil {
 		scheme = "https"
+		cipherSuite = tls.CipherSuiteName(r.TLS.CipherSuite)
 	}

 	fields := map[string]any{
-		"local_addr":  getLocalAddress(r),
-		"remote_addr": r.RemoteAddr,
-		"proto":       r.Proto,
-		"method":      r.Method,
-		"user_agent":  r.UserAgent(),
-		"uri":         fmt.Sprintf("%s://%s%s", scheme, r.Host, r.RequestURI)}
+		"local_addr":   getLocalAddress(r),
+		"remote_addr":  r.RemoteAddr,
+		"proto":        r.Proto,
+		"method":       r.Method,
+		"user_agent":   r.UserAgent(),
+		"uri":          fmt.Sprintf("%s://%s%s", scheme, r.Host, r.RequestURI),
+		"cipher_suite": cipherSuite,
+	}

 	reqID := middleware.GetReqID(r.Context())
 	if reqID != "" {
--- a/internal/webdavd/server.go
+++ b/internal/webdavd/server.go
@ -34,6 +34,7 @@ import (
 	"github.com/go-chi/chi/v5/middleware"
 	"github.com/rs/cors"
 	"github.com/rs/xid"
+	"github.com/rs/zerolog"
 	"github.com/sftpgo/sdk/plugin/notifier"

 	"github.com/drakkan/sftpgo/v2/internal/common"
@ -390,15 +391,19 @@ func (s *webDavServer) checkRemoteAddress(r *http.Request) string {

 func writeLog(r *http.Request, status int, err error) {
 	scheme := "http"
+	cipherSuite := ""
 	if r.TLS != nil {
 		scheme = "https"
+		cipherSuite = tls.CipherSuiteName(r.TLS.CipherSuite)
 	}
 	fields := map[string]any{
-		"remote_addr": r.RemoteAddr,
-		"proto":       r.Proto,
-		"method":      r.Method,
-		"user_agent":  r.UserAgent(),
-		"uri":         fmt.Sprintf("%s://%s%s", scheme, r.Host, r.RequestURI)}
+		"remote_addr":  r.RemoteAddr,
+		"proto":        r.Proto,
+		"method":       r.Method,
+		"user_agent":   r.UserAgent(),
+		"uri":          fmt.Sprintf("%s://%s%s", scheme, r.Host, r.RequestURI),
+		"cipher_suite": cipherSuite,
+	}
 	if reqID, ok := r.Context().Value(requestIDKey).(string); ok {
 		fields["request_id"] = reqID
 	}
@ -417,7 +422,15 @@ func writeLog(r *http.Request, status int, err error) {
 	if status != 0 {
 		fields["resp_status"] = status
 	}
-	logger.GetLogger().Info().
+	var ev *zerolog.Event
+	if status >= http.StatusInternalServerError {
+		ev = logger.GetLogger().Error()
+	} else if status >= http.StatusBadRequest {
+		ev = logger.GetLogger().Warn()
+	} else {
+		ev = logger.GetLogger().Debug()
+	}
+	ev.
 		Timestamp().
 		Str("sender", logSender).
 		Fields(fields).