ZMS-31: Log updates stream if configured

Author: NickOvt

config/default.toml

@@ -32,7 +32,7 @@ type = "softfail"
 # fail -> Fail auth only if the password is Pwned
 # softfail -> Auth succeeds even if password is Pwned but a flag is added to API response
 # none -> No check is conducted
-apiUrl = "" # url of the PwnedPasswords API. If not set then uses the public url, if set then you can use your own API that uses HIBP Passwords downloaded via official PwnedPasswordsDownloader
+apiUrl = "https://hibp.tll01.zoneas.eu/range/" # url of the PwnedPasswords API. If not set then uses the public url, if set then you can use your own API that uses HIBP Passwords downloaded via official PwnedPasswordsDownloader
 
 [webauthn]
 rpId = "example.com"             # origin domain
@@ -49,6 +49,7 @@ authenticatorUserVerification = "discouraged"
 level = "silly"
 
 skipFetchLog = false # if true, then does not output individual * FETCH responses to log
+updateStream = false # if true, then logs EventSource updates stream lifecycle and emitted events to console
 
 # delete authentication log entries after 30 days
 # changing this value only affects new entries

lib/api/updates.js

@@ -1,8 +1,10 @@
 'use strict';
 
+const config = require('@zone-eu/wild-config');
 const crypto = require('crypto');
 const Joi = require('joi');
 const ObjectId = require('mongodb').ObjectId;
+const log = require('npmlog');
 const tools = require('../tools');
 const roles = require('../roles');
 const base32 = require('base32.js');
@@ -16,6 +18,52 @@ const getMailboxCounterCb = (db, mailbox, type, callback) => {
         .catch(err => callback(err));
 };
 
+const hasUpdatesStreamLogging = !!(config.log && config.log.updateStream);
+
+const formatLogValue = value => String(value);
+
+const logUpdatesStream = (level, session, message, ...args) => {
+    if (!hasUpdatesStreamLogging) {
+        return;
+    }
+
+    log[level]('API', '[%s] ' + message, session.id, ...args);
+};
+
+const logUpdatesEvent = (session, source, entry) => {
+    if (!hasUpdatesStreamLogging || !entry) {
+        return;
+    }
+
+    if (entry.command === 'COUNTERS') {
+        return log.verbose(
+            'API',
+            '[%s] action=updates-event source=%s user=%s event=%s eventId=%s mailbox=%s total=%s unseen=%s',
+            session.id,
+            source,
+            formatLogValue(session.user.id),
+            entry.command,
+            formatLogValue(entry._id),
+            formatLogValue(entry.mailbox),
+            formatLogValue(entry.total),
+            formatLogValue(entry.unseen)
+        );
+    }
+
+    log.verbose(
+        'API',
+        '[%s] action=updates-event source=%s user=%s event=%s eventId=%s mailbox=%s message=%s modseq=%s',
+        session.id,
+        source,
+        formatLogValue(session.user.id),
+        formatLogValue(entry.command),
+        formatLogValue(entry._id),
+        formatLogValue(entry.mailbox),
+        formatLogValue(entry.message),
+        formatLogValue(entry.modseq)
+    );
+};
+
 module.exports = (db, server, notifier) => {
     server.get(
         {
@@ -116,6 +164,8 @@ module.exports = (db, server, notifier) => {
                 }
             };
 
+            let remoteAddress = req.headers['x-forwarded-for'] || req.connection.remoteAddress || '';
+            let opened = Date.now();
             let closed = false;
             let idleTimer = false;
             let idleCounter = 0;
@@ -144,45 +194,109 @@ module.exports = (db, server, notifier) => {
                 }
 
                 if (message) {
-                    return res.write(formatJournalData(message));
+                    try {
+                        res.write(formatJournalData(message));
+                        logUpdatesEvent(session, 'live', message);
+                        resetIdleComment();
+                    } catch (err) {
+                        log.error(
+                            'API',
+                            '[%s] action=updates-event-write-fail source=live user=%s error=%s',
+                            session.id,
+                            session.user.id.toString(),
+                            err.stack || err
+                        );
+                    }
+                    return;
                 }
 
                 journalReading = true;
-                loadJournalStream(db, req, res, user, lastEventId, (err, info) => {
-                    if (err) {
-                        // ignore?
-                    }
-                    lastEventId = info && info.lastEventId;
-                    journalReading = false;
-                    if (info && info.processed) {
-                        resetIdleComment();
-                    }
-                });
+                logUpdatesStream(
+                    'verbose',
+                    session,
+                    'action=updates-replay-start user=%s lastEventId=%s',
+                    session.user.id.toString(),
+                    formatLogValue(lastEventId)
+                );
+
+                loadJournalStream(
+                    db,
+                    res,
+                    user,
+                    lastEventId,
+                    (err, info) => {
+                        if (err) {
+                            logUpdatesStream(
+                                'error',
+                                session,
+                                'action=updates-replay-error user=%s lastEventId=%s error=%s',
+                                session.user.id.toString(),
+                                formatLogValue(lastEventId),
+                                err.message
+                            );
+                        }
+
+                        lastEventId = info && info.lastEventId;
+                        journalReading = false;
+
+                        logUpdatesStream(
+                            'verbose',
+                            session,
+                            'action=updates-replay-complete user=%s processed=%s lastEventId=%s',
+                            session.user.id.toString(),
+                            formatLogValue(info && info.processed),
+                            formatLogValue(lastEventId)
+                        );
+
+                        if (info && info.processed) {
+                            resetIdleComment();
+                        }
+                    },
+                    (source, entry) => logUpdatesEvent(session, source, entry)
+                );
             };
 
-            let close = () => {
+            let close = reason => {
+                if (closed) {
+                    return;
+                }
+
                 closed = true;
                 clearTimeout(idleTimer);
                 notifier.removeListener(session, journalReader);
+
+                logUpdatesStream(
+                    'info',
+                    session,
+                    'action=updates-close user=%s reason=%s duration=%s idle=%s lastEventId=%s',
+                    session.user.id.toString(),
+                    reason,
+                    Date.now() - opened,
+                    idleCounter,
+                    formatLogValue(lastEventId)
+                );
             };
 
             let setup = () => {
                 notifier.addListener(session, journalReader);
 
                 let finished = false;
-                let done = () => {
+                let done = reason => {
                     if (finished) {
                         return;
                     }
                     finished = true;
-                    return close();
+                    return close(reason);
                 };
 
                 // force close after 30 min, otherwise we might end with connections that never close
-                req.connection.setTimeout(30 * 60 * 1000, done);
-                req.connection.on('end', done);
-                req.connection.on('close', done);
-                req.connection.on('error', done);
+                req.connection.setTimeout(30 * 60 * 1000, () => done('timeout'));
+                req.connection.on('end', () => done('end'));
+                req.connection.on('close', () => done('close'));
+                req.connection.on('error', err => {
+                    logUpdatesStream('error', session, 'action=updates-connection-error user=%s error=%s', session.user.id.toString(), err.message);
+                    done('error');
+                });
             };
 
             res.writeHead(200, {
@@ -192,18 +306,57 @@ module.exports = (db, server, notifier) => {
             });
 
             if (lastEventId) {
-                loadJournalStream(db, req, res, user, lastEventId, (err, info) => {
-                    if (err) {
-                        res.write('event: error\ndata: ' + err.message.split('\n').join('\ndata: ') + '\n\n');
-                        // ignore
-                    }
-                    setup();
-                    if (info && info.processed) {
-                        resetIdleComment();
-                    } else {
-                        sendIdleComment();
-                    }
-                });
+                logUpdatesStream(
+                    'info',
+                    session,
+                    'action=updates-open user=%s remote=%s sess=%s ip=%s lastEventId=%s replay=yes',
+                    session.user.id.toString(),
+                    remoteAddress,
+                    formatLogValue(req.params.sess),
+                    formatLogValue(req.params.ip),
+                    lastEventId.toString()
+                );
+
+                logUpdatesStream('verbose', session, 'action=updates-replay-start user=%s lastEventId=%s', session.user.id.toString(), lastEventId.toString());
+
+                loadJournalStream(
+                    db,
+                    res,
+                    user,
+                    lastEventId,
+                    (err, info) => {
+                        if (err) {
+                            logUpdatesStream(
+                                'error',
+                                session,
+                                'action=updates-replay-error user=%s lastEventId=%s error=%s',
+                                session.user.id.toString(),
+                                formatLogValue(lastEventId),
+                                err.message
+                            );
+                            res.write('event: error\ndata: ' + err.message.split('\n').join('\ndata: ') + '\n\n');
+                        }
+
+                        lastEventId = info && info.lastEventId;
+
+                        logUpdatesStream(
+                            'verbose',
+                            session,
+                            'action=updates-replay-complete user=%s processed=%s lastEventId=%s',
+                            session.user.id.toString(),
+                            formatLogValue(info && info.processed),
+                            formatLogValue(lastEventId)
+                        );
+
+                        setup();
+                        if (info && info.processed) {
+                            resetIdleComment();
+                        } else {
+                            sendIdleComment();
+                        }
+                    },
+                    (source, entry) => logUpdatesEvent(session, source, entry)
+                );
             } else {
                 let latest;
                 try {
@@ -215,6 +368,17 @@ module.exports = (db, server, notifier) => {
                     lastEventId = latest._id;
                 }
 
+                logUpdatesStream(
+                    'info',
+                    session,
+                    'action=updates-open user=%s remote=%s sess=%s ip=%s lastEventId=%s replay=no',
+                    session.user.id.toString(),
+                    remoteAddress,
+                    formatLogValue(req.params.sess),
+                    formatLogValue(req.params.ip),
+                    formatLogValue(lastEventId)
+                );
+
                 setup();
                 sendIdleComment();
             }
@@ -242,7 +406,9 @@ function formatJournalData(e) {
     return response.join('\n') + '\n\n';
 }
 
-function loadJournalStream(db, req, res, user, lastEventId, done) {
+function loadJournalStream(db, res, user, lastEventId, done, onEntry) {
+    onEntry = typeof onEntry === 'function' ? onEntry : () => false;
+
     let query = { user };
     if (lastEventId) {
         query._id = { $gt: lastEventId };
@@ -285,15 +451,16 @@ function loadJournalStream(db, req, res, user, lastEventId, done) {
                                     // ignore
                                 }
 
-                                res.write(
-                                    formatJournalData({
-                                        command: 'COUNTERS',
-                                        _id: lastEventId,
-                                        mailbox,
-                                        total,
-                                        unseen
-                                    })
-                                );
+                                let countersEntry = {
+                                    command: 'COUNTERS',
+                                    _id: lastEventId,
+                                    mailbox,
+                                    total,
+                                    unseen
+                                };
+
+                                res.write(formatJournalData(countersEntry));
+                                onEntry('counters', countersEntry);
 
                                 setImmediate(emitCounters);
                             });
@@ -327,9 +494,9 @@ function loadJournalStream(db, req, res, user, lastEventId, done) {
             try {
                 let data = formatJournalData(e);
                 res.write(data);
+                onEntry('replay', e);
             } catch (err) {
-                console.error(err);
-                console.error(e);
+                log.error('API', 'action=updates-event-write-fail user=%s event=%s error=%s', user.toString(), e.command, err.stack || err);
             }
 
             processed++;