Standardize logging and improve sensitive data handling

2025-07-02 19:10:19 +00:00 · 2025-04-05 08:57:33 +05:30 · 2025-04-05 08:57:33 +05:30 · 2548eb569a
commit 2548eb569a
parent d7097e76e4
8 changed files with 86 additions and 69 deletions
--- a/internal/proxy/modifier.go
+++ b/internal/proxy/modifier.go
@ -9,6 +9,7 @@ import (
 	"strings"

 	"github.com/wso2/open-mcp-auth-proxy/internal/config"
+	"github.com/wso2/open-mcp-auth-proxy/internal/logging"
 )

 // RequestModifier modifies requests before they are proxied
@ -148,6 +149,7 @@ func (m *RegisterModifier) ModifyRequest(req *http.Request) (*http.Request, erro
 	if strings.Contains(contentType, "application/x-www-form-urlencoded") {
 		// Parse form data
 		if err := req.ParseForm(); err != nil {
+			logger.Error("Failed to parse form data: %v", err)
 			return nil, err
 		}

@ -169,12 +171,14 @@ func (m *RegisterModifier) ModifyRequest(req *http.Request) (*http.Request, erro
 		// Read body
 		bodyBytes, err := io.ReadAll(req.Body)
 		if err != nil {
+			logger.Error("Failed to read request body: %v", err)
 			return nil, err
 		}

 		// Parse JSON
 		var jsonData map[string]interface{}
 		if err := json.Unmarshal(bodyBytes, &jsonData); err != nil {
+			logger.Error("Failed to parse JSON body: %v", err)
 			return nil, err
 		}

@ -186,6 +190,7 @@ func (m *RegisterModifier) ModifyRequest(req *http.Request) (*http.Request, erro
 		// Marshal back to JSON
 		modifiedBody, err := json.Marshal(jsonData)
 		if err != nil {
+			logger.Error("Failed to marshal modified JSON: %v", err)
 			return nil, err
 		}

@ -196,4 +201,4 @@ func (m *RegisterModifier) ModifyRequest(req *http.Request) (*http.Request, erro
 	}

 	return req, nil
-}
+}
--- a/internal/proxy/proxy.go
+++ b/internal/proxy/proxy.go
@ -2,7 +2,6 @@ package proxy

 import (
 	"context"
-	"log"
 	"net/http"
 	"net/http/httputil"
 	"net/url"
@ -11,6 +10,7 @@ import (

 	"github.com/wso2/open-mcp-auth-proxy/internal/authz"
 	"github.com/wso2/open-mcp-auth-proxy/internal/config"
+	"github.com/wso2/open-mcp-auth-proxy/internal/logging"
 	"github.com/wso2/open-mcp-auth-proxy/internal/util"
 )

@ -102,11 +102,13 @@ func buildProxyHandler(cfg *config.Config, modifiers map[string]RequestModifier)
 	// Parse the base URLs up front
 	authBase, err := url.Parse(cfg.AuthServerBaseURL)
 	if err != nil {
-		log.Fatalf("Invalid auth server URL: %v", err)
+		logger.Error("Invalid auth server URL: %v", err)
+		panic(err) // Fatal error that prevents startup
 	}
 	mcpBase, err := url.Parse(cfg.MCPServerBaseURL)
 	if err != nil {
-		log.Fatalf("Invalid MCP server URL: %v", err)
+		logger.Error("Invalid MCP server URL: %v", err)
+		panic(err) // Fatal error that prevents startup
 	}

 	// Detect SSE paths from config
@ -123,7 +125,7 @@ func buildProxyHandler(cfg *config.Config, modifiers map[string]RequestModifier)
 		// Handle OPTIONS
 		if r.Method == http.MethodOptions {
 			if allowedOrigin == "" {
-				log.Printf("[proxy] Preflight request from disallowed origin: %s", origin)
+				logger.Warn("Preflight request from disallowed origin: %s", origin)
 				http.Error(w, "CORS origin not allowed", http.StatusForbidden)
 				return
 			}
@ -133,7 +135,7 @@ func buildProxyHandler(cfg *config.Config, modifiers map[string]RequestModifier)
 		}

 		if allowedOrigin == "" {
-			log.Printf("[proxy] Request from disallowed origin: %s for %s", origin, r.URL.Path)
+			logger.Warn("Request from disallowed origin: %s for %s", origin, r.URL.Path)
 			http.Error(w, "CORS origin not allowed", http.StatusForbidden)
 			return
 		}
@ -151,7 +153,7 @@ func buildProxyHandler(cfg *config.Config, modifiers map[string]RequestModifier)
 			// Validate JWT for MCP paths if required
 			// Placeholder for JWT validation logic
 			if err := util.ValidateJWT(r.Header.Get("Authorization")); err != nil {
-				log.Printf("[proxy] Unauthorized request to %s: %v", r.URL.Path, err)
+				logger.Warn("Unauthorized request to %s: %v", r.URL.Path, err)
 				http.Error(w, "Unauthorized", http.StatusUnauthorized)
 				return
 			}
@ -169,7 +171,7 @@ func buildProxyHandler(cfg *config.Config, modifiers map[string]RequestModifier)
 			var err error
 			r, err = modifier.ModifyRequest(r)
 			if err != nil {
-				log.Printf("[proxy] Error modifying request: %v", err)
+				logger.Error("Error modifying request: %v", err)
 				http.Error(w, "Bad Request", http.StatusBadRequest)
 				return
 			}
@ -210,15 +212,15 @@ func buildProxyHandler(cfg *config.Config, modifiers map[string]RequestModifier)

 				req.Header = cleanHeaders

-				log.Printf("[proxy] %s -> %s%s", r.URL.Path, req.URL.Host, req.URL.Path)
+				logger.Debug("%s -> %s%s", r.URL.Path, req.URL.Host, req.URL.Path)
 			},
 			ModifyResponse: func(resp *http.Response) error {
-				log.Printf("[proxy] Response from %s%s: %d", resp.Request.URL.Host, resp.Request.URL.Path, resp.StatusCode)
+				logger.Debug("Response from %s%s: %d", resp.Request.URL.Host, resp.Request.URL.Path, resp.StatusCode)
 				resp.Header.Del("Access-Control-Allow-Origin") // Avoid upstream conflicts
 				return nil
 			},
 			ErrorHandler: func(rw http.ResponseWriter, req *http.Request, err error) {
-				log.Printf("[proxy] Error proxying: %v", err)
+				logger.Error("Error proxying: %v", err)
 				http.Error(rw, "Bad Gateway", http.StatusBadGateway)
 			},
 			FlushInterval: -1, // immediate flush for SSE
@ -253,7 +255,7 @@ func getAllowedOrigin(origin string, cfg *config.Config) string {
 		return cfg.CORSConfig.AllowedOrigins[0] // Default to first allowed origin
 	}
 	for _, allowed := range cfg.CORSConfig.AllowedOrigins {
-		log.Printf("[proxy] Checking CORS origin: %s against allowed: %s", origin, allowed)
+		logger.Debug("Checking CORS origin: %s against allowed: %s", origin, allowed)
 		if allowed == origin {
 			return allowed
 		}
--- a/internal/proxy/sse.go
+++ b/internal/proxy/sse.go
@ -5,11 +5,12 @@ import (
 	"context"
 	"fmt"
 	"io"
-	"log"
 	"net/http"
 	"net/http/httputil"
 	"strings"
 	"time"
+	
+	"github.com/wso2/open-mcp-auth-proxy/internal/logging"
 )

 // HandleSSE sets up a go-routine to wait for context cancellation
@ -20,7 +21,7 @@ func HandleSSE(w http.ResponseWriter, r *http.Request, rp *httputil.ReverseProxy

 	go func() {
 		<-ctx.Done()
-		log.Printf("INFO: SSE connection closed from %s (path: %s)", r.RemoteAddr, r.URL.Path)
+		logger.Info("SSE connection closed from %s (path: %s)", r.RemoteAddr, r.URL.Path)
 		close(done)
 	}()

@ -57,7 +58,7 @@ func (t *sseTransport) RoundTrip(req *http.Request) (*http.Response, error) {
 		return resp, nil
 	}
 	
-	log.Printf("INFO: Intercepting SSE response to modify endpoint events")
+	logger.Info("Intercepting SSE response to modify endpoint events")
 	
 	// Create a response wrapper that modifies the response body
 	originalBody := resp.Body
@ -81,9 +82,9 @@ func (t *sseTransport) RoundTrip(req *http.Request) (*http.Response, error) {
 						endpoint := strings.TrimPrefix(dataLine, "data: ")
 						
 						// Replace the host in the endpoint
-						log.Printf("DEBUG: Original endpoint: %s", endpoint)
+						logger.Debug("Original endpoint: %s", endpoint)
 						endpoint = strings.Replace(endpoint, t.targetHost, t.proxyHost, 1)
-						log.Printf("DEBUG: Modified endpoint: %s", endpoint)
+						logger.Debug("Modified endpoint: %s", endpoint)
 						
 						// Write the modified event lines
 						fmt.Fprintln(pw, line)
@ -98,7 +99,7 @@ func (t *sseTransport) RoundTrip(req *http.Request) (*http.Response, error) {
 		}
 		
 		if err := scanner.Err(); err != nil {
-			log.Printf("Error reading SSE stream: %v", err)
+			logger.Error("Error reading SSE stream: %v", err)
 		}
 	}()