feat(Logging): Added support for JWT user logging

dfradehubs · dfradehubs · commit 853cc009bef9 · 2025-01-23T16:09:04.000+01:00
diff --git a/README.md b/README.md
@@ -44,6 +44,10 @@ akamai:
   accessToken: "your-access-token"
 logs:
   show_access_logs: true
+  # If you want to log an user from a JWT Token, you can enable the jwt_user option and set the header name
+  #jwt_user:
+  #  enabled: true
+  #  header: "Test"
   access_logs_fields:
     - REQUEST:method
     - REQUEST:host
diff --git a/api/v1alpha1/config_types.go b/api/v1alpha1/config_types.go
@@ -15,7 +15,11 @@ type ConfigSpec struct {
 		AccessToken  string `yaml:"access_token"`
 	} `yaml:"akamai"`
 	Logs struct {
-		ShowAccessLogs   bool     `yaml:"show_access_logs"`
+		ShowAccessLogs bool `yaml:"show_access_logs"`
+		JwtUser        struct {
+			Enabled bool   `yaml:"enabled"`
+			Header  string `yaml:"header"`
+		} `yaml:"jwt_user"`
 		AccessLogsFields []string `yaml:"access_logs_fields"`
 	} `yaml:"logs"`
 }
diff --git a/config/samples/config.yaml b/config/samples/config.yaml
@@ -10,6 +10,9 @@ akamai:
   access_token: "your-access-token"
 logs:
   show_access_logs: true
+  jwt_user:
+    enabled: true
+    header: "Cookie"
   access_logs_fields:
     - REQUEST:method
     - REQUEST:host
diff --git a/go.mod b/go.mod
@@ -7,6 +7,7 @@ require (
 	github.com/go-ini/ini v1.67.0
 	github.com/gofiber/fiber/v2 v2.52.6
 	github.com/gofiber/template/html/v2 v2.1.3
+	github.com/golang-jwt/jwt/v5 v5.2.1
 	github.com/spf13/cobra v1.8.1
 	github.com/valyala/fasthttp v1.58.0
 	go.uber.org/zap v1.27.0
diff --git a/go.sum b/go.sum
@@ -17,6 +17,8 @@ github.com/gofiber/template/html/v2 v2.1.3 h1:n1LYBtmr9C0V/k/3qBblXyMxV5B0o/gpb6
 github.com/gofiber/template/html/v2 v2.1.3/go.mod h1:U5Fxgc5KpyujU9OqKzy6Kn6Qup6Tm7zdsISR+VpnHRE=
 github.com/gofiber/utils v1.1.0 h1:vdEBpn7AzIUJRhe+CiTOJdUcTg4Q9RK+pEa0KPbLdrM=
 github.com/gofiber/utils v1.1.0/go.mod h1:poZpsnhBykfnY1Mc0KeEa6mSHrS3dV0+oBWyeQmb2e0=
+github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
+github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
diff --git a/internal/commons/commons.go b/internal/commons/commons.go
@@ -2,6 +2,8 @@ package commons
 
 import (
 	"akapurgo/api/v1alpha1"
+	"encoding/base64"
+	"encoding/json"
 	"github.com/gofiber/fiber/v2"
 	"github.com/valyala/fasthttp"
 	"regexp"
@@ -74,9 +76,13 @@ func replaceRequestHeaderTags(req *fasthttp.Request, textToProcess string) (resu
 }
 
 // GetRequestLogFields returns the fields attached to a log message for the given HTTP request
-func GetRequestLogFields(req *fasthttp.Request, configurationFields []string) []interface{} {
+func GetRequestLogFields(req *fasthttp.Request, configurationFields []string, ctx v1alpha1.Context) []interface{} {
 	var logFields []interface{}
 
+	if ctx.Config.Logs.JwtUser.Enabled {
+		logFields = addJwtUser(ctx, logFields, req)
+	}
+
 	for _, field := range configurationFields {
 
 		result := replaceRequestTags(req, field)
@@ -166,6 +172,43 @@ func GetResponseLogFields(resp *fasthttp.Response, configurationFields []string,
 	return logFields
 }
 
+// addJwtUser
+func addJwtUser(ctx v1alpha1.Context, logFields []interface{}, req *fasthttp.Request) []interface{} {
+	cookie := string(req.Header.Peek(ctx.Config.Logs.JwtUser.Header))
+	if cookie != "" {
+		jwtPayload := strings.Split(cookie, ".")
+		if len(jwtPayload) != 3 {
+			ctx.Logger.Errorf("Invalid JWT format: expected 3 parts but got %d\n", len(jwtPayload))
+			return logFields
+		}
+
+		jwtPart := strings.TrimSpace(jwtPayload[1])
+		jwtPart = strings.ReplaceAll(jwtPart, "\n", "")
+		jwtPart = strings.ReplaceAll(jwtPart, "\r", "")
+		jwtPart = strings.ReplaceAll(jwtPart, " ", "")
+
+		jwtDecoded, err := base64.RawURLEncoding.DecodeString(jwtPart)
+		if err != nil {
+			ctx.Logger.Errorf("Failed to decode JWT payload: %v\n", err)
+			return logFields
+		}
+
+		var payload map[string]interface{}
+		if err := json.Unmarshal(jwtDecoded, &payload); err != nil {
+			ctx.Logger.Errorf("Failed to parse JWT payload: %v\n", err)
+			return logFields
+		}
+
+		email, ok := payload["email"].(string)
+		if ok {
+			logFields = append(logFields, "jwt_user", email)
+			return logFields
+		}
+	}
+
+	return logFields
+}
+
 // LogRequest logs the request and response of a given HTTP request
 func LogRequest(ctx v1alpha1.Context) fiber.Handler {
 	return func(c *fiber.Ctx) error {
@@ -181,7 +224,7 @@ func LogRequest(ctx v1alpha1.Context) fiber.Handler {
 		// Log the request
 		if ctx.Config.Logs.ShowAccessLogs {
 			logFieldsReq := GetResponseLogFields(c.Response(), ctx.Config.Logs.AccessLogsFields, duration)
-			logFieldsResp := GetRequestLogFields(c.Request(), ctx.Config.Logs.AccessLogsFields)
+			logFieldsResp := GetRequestLogFields(c.Request(), ctx.Config.Logs.AccessLogsFields, ctx)
 			logFields := append(logFieldsReq, logFieldsResp...)
 			ctx.Logger.Infow("request", logFields...)
 		}
