feat: version v0.0.2

2026-04-22 12:01:52 -07:00 · 2025-06-14 19:14:30 -04:00 · 2025-06-14 19:14:30 -04:00 · 7ff317756f
commit 7ff317756f
parent 0dceaf017a
36 changed files with 336 additions and 160 deletions
--- a/engine/middleware/middleware.go
+++ b/engine/middleware/middleware.go
@ -3,6 +3,7 @@ package middleware
 import (
 	"context"
 	"crypto/rand"
+	"fmt"
 	"math/big"
 	"net/http"
 	"runtime/debug"
@ -63,9 +64,21 @@ func Logger(baseLogger *zerolog.Logger) func(next http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		fn := func(w http.ResponseWriter, r *http.Request) {
 			reqID := GetRequestID(r.Context())
-			l := baseLogger.With().Str("request_id", reqID).Logger()

-			// Inject logger with request_id into the context
+			loggerCtx := baseLogger.With().Str("request_id", reqID)
+
+			for key, values := range r.URL.Query() {
+				if strings.Contains(strings.ToLower(key), "password") {
+					continue
+				}
+				if len(values) > 0 {
+					loggerCtx = loggerCtx.Str(fmt.Sprintf("query.%s", key), values[0])
+				}
+			}
+
+			l := loggerCtx.Logger()
+
+			// Inject logger into context
 			r = logger.Inject(r, &l)

 			ww := middleware.NewWrapResponseWriter(w, r.ProtoMajor)
@ -82,20 +95,18 @@ func Logger(baseLogger *zerolog.Logger) func(next http.Handler) http.Handler {
 					utils.WriteError(ww, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
 					return
 				}
-				pathS := strings.Split(r.URL.Path, "/")
-				if len(pathS) > 1 && pathS[1] == "apis" {
-					l.Info().
-						Str("type", "access").
-						Timestamp().
-						Msgf("Received %s %s - Responded with %d in %.2fms", r.Method, r.URL.Path, ww.Status(), float64(t2.Sub(t1).Nanoseconds())/1_000_000.0)
-				} else {
-					l.Debug().
-						Str("type", "access").
-						Timestamp().
-						Msgf("Received %s %s - Responded with %d in %.2fms", r.Method, r.URL.Path, ww.Status(), float64(t2.Sub(t1).Nanoseconds())/1_000_000.0)
-				}

+				pathS := strings.Split(r.URL.Path, "/")
+				msg := fmt.Sprintf("Received %s %s - Responded with %d in %.2fms",
+					r.Method, r.URL.Path, ww.Status(), float64(t2.Sub(t1).Nanoseconds())/1_000_000.0)
+
+				if len(pathS) > 1 && pathS[1] == "apis" {
+					l.Info().Str("type", "access").Timestamp().Msg(msg)
+				} else {
+					l.Debug().Str("type", "access").Timestamp().Msg(msg)
+				}
 			}()
+
 			next.ServeHTTP(ww, r)
 		}
 		return http.HandlerFunc(fn)
--- a/engine/middleware/validate.go
+++ b/engine/middleware/validate.go
@ -2,6 +2,7 @@ package middleware

 import (
 	"context"
+	"fmt"
 	"net/http"
 	"strings"
 	"time"
@ -24,25 +25,34 @@ func ValidateSession(store db.DB) func(next http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			l := logger.FromContext(r.Context())
+
+			l.Debug().Msgf("ValidateSession: Checking user authentication via session cookie")
+
 			cookie, err := r.Cookie("koito_session")
 			var sid uuid.UUID
 			if err == nil {
 				sid, err = uuid.Parse(cookie.Value)
 				if err != nil {
+					l.Err(err).Msg("ValidateSession: Could not parse UUID from session cookie")
 					utils.WriteError(w, "session cookie is invalid", http.StatusUnauthorized)
 					return
 				}
+			} else {
+				l.Debug().Msgf("ValidateSession: No session cookie found; attempting API key authentication")
+				utils.WriteError(w, "session cookie is missing", http.StatusUnauthorized)
+				return
 			}

-			l.Debug().Msg("Retrieved login cookie from request")
+			l.Debug().Msg("ValidateSession: Retrieved login cookie from request")

 			u, err := store.GetUserBySession(r.Context(), sid)
 			if err != nil {
-				l.Err(err).Msg("Failed to get user from session")
+				l.Err(fmt.Errorf("ValidateSession: %w", err)).Msg("Error accessing database")
 				utils.WriteError(w, "internal server error", http.StatusInternalServerError)
 				return
 			}
 			if u == nil {
+				l.Debug().Msg("ValidateSession: No user with session id found")
 				utils.WriteError(w, "unauthorized", http.StatusUnauthorized)
 				return
 			}
@ -50,11 +60,11 @@ func ValidateSession(store db.DB) func(next http.Handler) http.Handler {
 			ctx := context.WithValue(r.Context(), UserContextKey, u)
 			r = r.WithContext(ctx)

-			l.Debug().Msgf("Refreshing session for user '%s'", u.Username)
+			l.Debug().Msgf("ValidateSession: Refreshing session for user '%s'", u.Username)

 			store.RefreshSession(r.Context(), sid, time.Now().Add(30*24*time.Hour))

-			l.Debug().Msgf("Refreshed session for user '%s'", u.Username)
+			l.Debug().Msgf("ValidateSession: Refreshed session for user '%s'", u.Username)

 			next.ServeHTTP(w, r)
 		})
@ -67,10 +77,19 @@ func ValidateApiKey(store db.DB) func(next http.Handler) http.Handler {
 			ctx := r.Context()
 			l := logger.FromContext(ctx)

+			l.Debug().Msg("ValidateApiKey: Checking if user is already authenticated")
+
+			u := GetUserFromContext(ctx)
+			if u != nil {
+				l.Debug().Msg("ValidateApiKey: User is already authenticated; skipping API key authentication")
+				next.ServeHTTP(w, r)
+				return
+			}
+
 			authh := r.Header.Get("Authorization")
 			s := strings.Split(authh, "Token ")
 			if len(s) < 2 {
-				l.Debug().Msg("Authorization header must be formatted 'Token {token}'")
+				l.Debug().Msg("ValidateApiKey: Authorization header must be formatted 'Token {token}'")
 				utils.WriteError(w, "unauthorized", http.StatusUnauthorized)
 				return
 			}