comparison sat/plugins/plugin_comp_ap_gateway/http_server.py @ 4015:2913313ca58f

component AP gateway (http): add verbose log when signature verification fails on POST request
author Goffi <goffi@goffi.org>
date Sat, 18 Mar 2023 20:12:38 +0100
parents 4ef473116499
children 97df34151c6d
comparison
equal deleted inserted replaced
4014:4ef473116499 4015:2913313ca58f
930 "id": url, 930 "id": url,
931 "orderedItems": following 931 "orderedItems": following
932 } 932 }
933 } 933 }
934 934
935 def _get_to_log(
936 self,
937 request: "HTTPRequest",
938 data: Optional[dict] = None,
939 ) -> List[str]:
940 """Get base data to logs in verbose mode"""
941 from pprint import pformat
942 to_log = [
943 "",
944 f"<<< got {request.method.decode()} request - {request.uri.decode()}"
945 ]
946 if data is not None:
947 to_log.append(pformat(data))
948 if self.apg.verbose>=3:
949 headers = "\n".join(
950 f" {k.decode()}: {v.decode()}"
951 for k,v in request.getAllHeaders().items()
952 )
953 to_log.append(f" headers:\n{headers}")
954 return to_log
955
935 async def APRequest( 956 async def APRequest(
936 self, 957 self,
937 request: "HTTPRequest", 958 request: "HTTPRequest",
938 data: Optional[dict] = None, 959 data: Optional[dict] = None,
939 signing_actor: Optional[str] = None 960 signing_actor: Optional[str] = None
940 ) -> None: 961 ) -> None:
941 if self.apg.verbose: 962 if self.apg.verbose:
942 from pprint import pformat 963 to_log = self._get_to_log(request, data)
943 to_log = [
944 "",
945 f"<<< got {request.method.decode()} request - {request.uri.decode()}"
946 ]
947 if data is not None:
948 to_log.append(pformat(data))
949 if self.apg.verbose>=3:
950 headers = "\n".join(
951 f" {k.decode()}: {v.decode()}"
952 for k,v in request.getAllHeaders().items()
953 )
954 to_log.append(f" headers:\n{headers}")
955 964
956 path = request.path.decode() 965 path = request.path.decode()
957 ap_url = parse.urljoin( 966 ap_url = parse.urljoin(
958 f"https://{self.apg.public_url}", 967 f"https://{self.apg.public_url}",
959 path 968 path
1071 pass 1080 pass
1072 1081
1073 try: 1082 try:
1074 signing_actor = await self.checkSignature(request) 1083 signing_actor = await self.checkSignature(request)
1075 except exceptions.EncryptionError as e: 1084 except exceptions.EncryptionError as e:
1085 if self.apg.verbose:
1086 to_log = self._get_to_log(request)
1087 to_log.append(f" body: {request.content.read()!r}")
1088 request.content.seek(0)
1089 log.info("\n".join(to_log))
1076 self.responseCode( 1090 self.responseCode(
1077 request, 1091 request,
1078 http.FORBIDDEN, 1092 http.FORBIDDEN,
1079 f"invalid signature: {e}" 1093 f"invalid signature: {e}"
1080 ) 1094 )