diff sat/plugins/plugin_comp_ap_gateway/http_server.py @ 4015:2913313ca58f

component AP gateway (http): add verbose log when signature verification fails on POST request
author Goffi <goffi@goffi.org>
date Sat, 18 Mar 2023 20:12:38 +0100
parents 4ef473116499
children 97df34151c6d
line wrap: on
line diff
--- a/sat/plugins/plugin_comp_ap_gateway/http_server.py	Sat Mar 18 16:53:21 2023 +0100
+++ b/sat/plugins/plugin_comp_ap_gateway/http_server.py	Sat Mar 18 20:12:38 2023 +0100
@@ -932,6 +932,27 @@
           }
         }
 
+    def _get_to_log(
+        self,
+        request: "HTTPRequest",
+        data: Optional[dict] = None,
+    ) -> List[str]:
+        """Get base data to logs in verbose mode"""
+        from pprint import pformat
+        to_log = [
+            "",
+            f"<<< got {request.method.decode()} request - {request.uri.decode()}"
+        ]
+        if data is not None:
+            to_log.append(pformat(data))
+        if self.apg.verbose>=3:
+            headers = "\n".join(
+                f"    {k.decode()}: {v.decode()}"
+                for k,v in request.getAllHeaders().items()
+            )
+            to_log.append(f"  headers:\n{headers}")
+        return to_log
+
     async def APRequest(
         self,
         request: "HTTPRequest",
@@ -939,19 +960,7 @@
         signing_actor: Optional[str] = None
     ) -> None:
         if self.apg.verbose:
-            from pprint import pformat
-            to_log = [
-                "",
-                f"<<< got {request.method.decode()} request - {request.uri.decode()}"
-            ]
-            if data is not None:
-                to_log.append(pformat(data))
-            if self.apg.verbose>=3:
-                headers = "\n".join(
-                    f"    {k.decode()}: {v.decode()}"
-                    for k,v in request.getAllHeaders().items()
-                )
-                to_log.append(f"  headers:\n{headers}")
+            to_log = self._get_to_log(request, data)
 
         path = request.path.decode()
         ap_url = parse.urljoin(
@@ -1073,6 +1082,11 @@
         try:
             signing_actor = await self.checkSignature(request)
         except exceptions.EncryptionError as e:
+            if self.apg.verbose:
+                to_log = self._get_to_log(request)
+                to_log.append(f"  body: {request.content.read()!r}")
+                request.content.seek(0)
+                log.info("\n".join(to_log))
             self.responseCode(
                 request,
                 http.FORBIDDEN,