replace debug() with our custom logger
mostly we want trace() and log(). trace() can be enabled whenever we want by flipping a flag and restarting box
This commit is contained in:
Girish Ramakrishnan
@@ -7,7 +7,7 @@ import branding from './branding.js';
|
||||
import constants from './constants.js';
|
||||
import crypto from 'node:crypto';
|
||||
import dashboard from './dashboard.js';
|
||||
import debugModule from 'debug';
|
||||
import logger from './logger.js';
|
||||
import dns from './dns.js';
|
||||
import ejs from 'ejs';
|
||||
import express from 'express';
|
||||
@@ -33,7 +33,7 @@ import util from 'node:util';
|
||||
import Provider from 'oidc-provider';
|
||||
import mailpasswords from './mailpasswords.js';
|
||||
|
||||
const debug = debugModule('box:oidcserver');
|
||||
const { log, trace } = logger('oidcserver');
|
||||
|
||||
|
||||
// 1. Index.vue starts the OIDC flow by navigating to /openid/auth. Webadmin sets callback url to authcallback.html + implicit flow
|
||||
@@ -83,12 +83,12 @@ class StorageAdapter {
|
||||
}
|
||||
|
||||
constructor(name) {
|
||||
debug(`Creating OpenID storage adapter for ${name}`);
|
||||
log(`Creating OpenID storage adapter for ${name}`);
|
||||
this.name = name;
|
||||
}
|
||||
|
||||
async upsert(id, payload, expiresIn) {
|
||||
debug(`[${this.name}] upsert: ${id}`);
|
||||
log(`[${this.name}] upsert: ${id}`);
|
||||
|
||||
const expiresAt = expiresIn ? new Date(Date.now() + (expiresIn * 1000)) : 0;
|
||||
|
||||
@@ -102,7 +102,7 @@ class StorageAdapter {
|
||||
|
||||
const [error] = await safe(tokens.add({ clientId: payload.clientId, identifier: user.id, expires, accessToken: id, allowedIpRanges: '' }));
|
||||
if (error) {
|
||||
debug('Error adding access token', error);
|
||||
log('Error adding access token', error);
|
||||
throw error;
|
||||
}
|
||||
} else {
|
||||
@@ -111,12 +111,12 @@ class StorageAdapter {
|
||||
}
|
||||
|
||||
async find(id) {
|
||||
debug(`[${this.name}] find: ${id}`);
|
||||
log(`[${this.name}] find: ${id}`);
|
||||
|
||||
if (this.name === 'Client') {
|
||||
const [error, client] = await safe(oidcClients.get(id));
|
||||
if (error || !client) {
|
||||
debug('find: error getting client', error);
|
||||
log('find: error getting client', error);
|
||||
return null;
|
||||
}
|
||||
|
||||
@@ -132,7 +132,7 @@ class StorageAdapter {
|
||||
if (client.appId) {
|
||||
const [appError, app] = await safe(apps.get(client.appId));
|
||||
if (appError || !app) {
|
||||
debug(`find: Unknown app for client with appId ${client.appId}`);
|
||||
log(`find: Unknown app for client with appId ${client.appId}`);
|
||||
return null;
|
||||
}
|
||||
|
||||
@@ -183,12 +183,12 @@ class StorageAdapter {
|
||||
}
|
||||
|
||||
async findByUserCode(userCode) {
|
||||
debug(`[${this.name}] FIXME findByUserCode userCode:${userCode}`);
|
||||
log(`[${this.name}] FIXME findByUserCode userCode:${userCode}`);
|
||||
}
|
||||
|
||||
// this is called only on Session store. there is a payload.uid
|
||||
async findByUid(uid) {
|
||||
debug(`[${this.name}] findByUid: ${uid}`);
|
||||
log(`[${this.name}] findByUid: ${uid}`);
|
||||
|
||||
const data = await StorageAdapter.getData(this.name);
|
||||
for (const d in data) {
|
||||
@@ -199,19 +199,19 @@ class StorageAdapter {
|
||||
}
|
||||
|
||||
async consume(id) {
|
||||
debug(`[${this.name}] consume: ${id}`);
|
||||
log(`[${this.name}] consume: ${id}`);
|
||||
|
||||
await StorageAdapter.updateData(this.name, (data) => data[id].consumed = true);
|
||||
}
|
||||
|
||||
async destroy(id) {
|
||||
debug(`[${this.name}] destroy: ${id}`);
|
||||
log(`[${this.name}] destroy: ${id}`);
|
||||
|
||||
await StorageAdapter.updateData(this.name, (data) => delete data[id]);
|
||||
}
|
||||
|
||||
async revokeByGrantId(grantId) {
|
||||
debug(`[${this.name}] revokeByGrantId: ${grantId}`);
|
||||
log(`[${this.name}] revokeByGrantId: ${grantId}`);
|
||||
|
||||
await StorageAdapter.updateData(this.name, (data) => {
|
||||
for (const d in data) {
|
||||
@@ -256,7 +256,7 @@ async function consumeAuthCode(authCode) {
|
||||
|
||||
// This exposed to run on a cron job
|
||||
async function cleanupExpired() {
|
||||
debug('cleanupExpired');
|
||||
log('cleanupExpired');
|
||||
|
||||
const types = [ 'AuthorizationCode', 'AccessToken', 'Grant', 'Interaction', 'RefreshToken', 'Session' ];
|
||||
for (const type of types) {
|
||||
@@ -282,7 +282,7 @@ async function renderError(error) {
|
||||
language: await settings.get(settings.LANGUAGE_KEY),
|
||||
};
|
||||
|
||||
debug('renderError: %o', error);
|
||||
log('renderError: %o', error);
|
||||
|
||||
return ejs.render(TEMPLATE_ERROR, data);
|
||||
}
|
||||
@@ -351,7 +351,7 @@ async function interactionLogin(req, res, next) {
|
||||
const ip = req.headers['x-forwarded-for'] || req.socket.remoteAddress || null;
|
||||
const clientId = details.params.client_id;
|
||||
|
||||
debug(`interactionLogin: for OpenID client ${clientId} from ${ip}`);
|
||||
log(`interactionLogin: for OpenID client ${clientId} from ${ip}`);
|
||||
|
||||
if (req.body.autoLoginToken) { // auto login for first admin/owner
|
||||
if (typeof req.body.autoLoginToken !== 'string') return next(new HttpError(400, 'autoLoginToken must be string if provided'));
|
||||
@@ -394,10 +394,10 @@ async function interactionLogin(req, res, next) {
|
||||
if (userPasskeys.length > 0) {
|
||||
const [passkeyError] = await safe(passkeys.verifyAuthentication(user, passkeyResponse));
|
||||
if (passkeyError) {
|
||||
debug(`interactionLogin: passkey verification failed for ${username}: ${passkeyError.message}`);
|
||||
log(`interactionLogin: passkey verification failed for ${username}: ${passkeyError.message}`);
|
||||
return next(new HttpError(401, 'Invalid passkey'));
|
||||
}
|
||||
debug(`interactionLogin: passkey verified for ${username}`);
|
||||
log(`interactionLogin: passkey verified for ${username}`);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -446,7 +446,7 @@ async function interactionConfirm(req, res, next) {
|
||||
if (detailsError) return next(new HttpError(detailsError.statusCode, detailsError.error_description));
|
||||
const { grantId, uid, prompt: { name, details }, params, session: { accountId }, lastSubmission } = interactionDetails;
|
||||
|
||||
debug(`route interaction confirm post uid:${uid} prompt.name:${name} accountId:${accountId}`);
|
||||
log(`route interaction confirm post uid:${uid} prompt.name:${name} accountId:${accountId}`);
|
||||
|
||||
const client = await oidcClients.get(params.client_id);
|
||||
if (!client) return next(new Error('Client not found'));
|
||||
@@ -510,7 +510,7 @@ async function interactionConfirm(req, res, next) {
|
||||
const auditSource = AuditSource.fromOidcRequest(req);
|
||||
|
||||
await eventlog.add(user.ghost ? eventlog.ACTION_USER_LOGIN_GHOST : eventlog.ACTION_USER_LOGIN, auditSource, { userId: user.id, user: users.removePrivateFields(user), appId: client.appId || null });
|
||||
await safe(users.notifyLoginLocation(user, ip, userAgent, auditSource), { debug });
|
||||
await safe(users.notifyLoginLocation(user, ip, userAgent, auditSource), { debug: log });
|
||||
|
||||
const result = { consent };
|
||||
await gOidcProvider.interactionFinished(req, res, result, { mergeWithLastSubmission: true });
|
||||
@@ -586,31 +586,31 @@ async function start() {
|
||||
|
||||
let keyEdDsa = await blobs.getString(blobs.OIDC_KEY_EDDSA);
|
||||
if (!keyEdDsa) {
|
||||
debug('Generating new OIDC EdDSA key');
|
||||
log('Generating new OIDC EdDSA key');
|
||||
const { privateKey } = await jose.generateKeyPair('EdDSA', { extractable: true });
|
||||
keyEdDsa = Object.assign(await jose.exportJWK(privateKey), { alg: 'EdDSA' }); // alg is optional, but wp requires it
|
||||
await blobs.setString(blobs.OIDC_KEY_EDDSA, JSON.stringify(keyEdDsa));
|
||||
jwksKeys.push(keyEdDsa);
|
||||
} else {
|
||||
debug('Using existing OIDC EdDSA key');
|
||||
log('Using existing OIDC EdDSA key');
|
||||
jwksKeys.push(JSON.parse(keyEdDsa));
|
||||
}
|
||||
|
||||
let keyRs256 = await blobs.getString(blobs.OIDC_KEY_RS256);
|
||||
if (!keyRs256) {
|
||||
debug('Generating new OIDC RS256 key');
|
||||
log('Generating new OIDC RS256 key');
|
||||
const { privateKey } = await jose.generateKeyPair('RS256', { extractable: true });
|
||||
keyRs256 = Object.assign(await jose.exportJWK(privateKey), { alg: 'RS256' }); // alg is optional, but wp requires it
|
||||
await blobs.setString(blobs.OIDC_KEY_RS256, JSON.stringify(keyRs256));
|
||||
jwksKeys.push(keyRs256);
|
||||
} else {
|
||||
debug('Using existing OIDC RS256 key');
|
||||
log('Using existing OIDC RS256 key');
|
||||
jwksKeys.push(JSON.parse(keyRs256));
|
||||
}
|
||||
|
||||
let cookieSecret = await settings.get(settings.OIDC_COOKIE_SECRET_KEY);
|
||||
if (!cookieSecret) {
|
||||
debug('Generating new cookie secret');
|
||||
log('Generating new cookie secret');
|
||||
cookieSecret = crypto.randomBytes(256).toString('base64');
|
||||
await settings.set(settings.OIDC_COOKIE_SECRET_KEY, cookieSecret);
|
||||
}
|
||||
@@ -725,7 +725,7 @@ async function start() {
|
||||
|
||||
const { subdomain, domain } = await dashboard.getLocation();
|
||||
const fqdn = dns.fqdn(subdomain, domain);
|
||||
debug(`start: create provider for ${fqdn} at ${ROUTE_PREFIX}`);
|
||||
log(`start: create provider for ${fqdn} at ${ROUTE_PREFIX}`);
|
||||
|
||||
gOidcProvider = new Provider(`https://${fqdn}${ROUTE_PREFIX}`, configuration);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user