diff --git a/README.md b/README.md index cbf08d14..0378e249 100644 --- a/README.md +++ b/README.md @@ -193,6 +193,22 @@ USERFRONT_URL=https://sso.example.com - `KRATOS_ALLOWED_RETURN_URLS_EXTRA`: 추가 허용 return URL (선택) - 빈값: `[]` - 다중값: `["https://a.example.com/callback","https://b.example.com/callback"]` 또는 `https://a.example.com/callback,https://b.example.com/callback` +- `CLIENT_LOG_DEBUG`: 클라이언트 로그 디버그 모드 강제 (기본: 비운영 `true`, 운영 `false`) + - 운영(`APP_ENV=production|prod`)에서 `true|1|on|yes` 설정 시 `INFO/DEBUG` 클라이언트 로그 수집 허용 + - 미설정(기본) 시 운영에서는 `WARN/ERROR`만 수집 +- `USERFRONT_DEBUG_LOG`: UserFront 측 디버그 로그 fallback 플래그 + - `CLIENT_LOG_DEBUG`가 없을 때만 UserFront에서 대체로 참조 + +### 클라이언트 로그 정책 (중요) +- 기본 원칙: 운영 환경에서는 민감정보 보호를 우선하며, 과도한 로그 수집을 제한합니다. +- 환경별 동작: + - 비운영(`dev/local/stage` 등): 디버그 로그 허용 (`INFO/DEBUG/WARN/ERROR`) + - 운영(`production/prod`) + `CLIENT_LOG_DEBUG` 미설정: `WARN/ERROR`만 수집 + - 운영(`production/prod`) + `CLIENT_LOG_DEBUG=true`: 디버그 로그 허용 +- 민감정보는 환경과 무관하게 마스킹합니다. + - 예: `password`, `newPassword`, `token`, `authorization`, `cookie`, `sessionJwt` + - 문자열 패턴(`token=...`, `authorization:...`, JSON body 내 민감 key)도 마스킹 +- 상세 정책 문서: `docs/client-log-policy.md` ### `.env` 작성 후 권장 점검 ```bash diff --git a/backend/cmd/server/main.go b/backend/cmd/server/main.go index 2d019cc7..8472373f 100644 --- a/backend/cmd/server/main.go +++ b/backend/cmd/server/main.go @@ -277,6 +277,8 @@ func main() { // 3. Initialize Fiber appEnv := getEnv("APP_ENV", "dev") + clientLogDebugFlag := getEnv("CLIENT_LOG_DEBUG", "") + clientDebugEnabled := logger.ClientDebugEnabled(appEnv, clientLogDebugFlag) app := fiber.New(fiber.Config{ AppName: "Baron SSO Backend", DisableStartupMessage: true, // Clean logs @@ -367,6 +369,10 @@ func main() { } else { slog.Info("🔒 API Docs disabled in production") } + slog.Info("Client log policy configured", + "app_env", appEnv, + "client_debug_enabled", clientDebugEnabled, + ) // Routes app.Get("/", func(c *fiber.Ctx) error { @@ -630,12 +636,20 @@ func main() { if err := c.BodyParser(&req); err != nil { return c.SendStatus(fiber.StatusBadRequest) } + if !logger.ShouldAcceptClientLog(appEnv, clientLogDebugFlag, req.Level) { + return c.SendStatus(fiber.StatusOK) + } + level := logger.NormalizeClientLogLevel(req.Level) + if level == slog.LevelInfo && logger.ShouldFilterNoisyClientInfo(appEnv, clientLogDebugFlag, req.Message) { + return c.SendStatus(fiber.StatusOK) + } // Prepare attributes for flattening attrs := []any{ slog.String("source", "client"), } - for k, v := range req.Data { + sanitizedData := logger.SanitizeClientLogData(req.Data) + for k, v := range sanitizedData { // Skip svc if it's already set by the global logger to avoid confusion, // or keep it as client_svc if k == "svc" { @@ -644,30 +658,7 @@ func main() { attrs = append(attrs, slog.Any(k, v)) } } - - // Map and log with correct level - var level slog.Level - switch req.Level { - case "SEVERE", "ERROR": - level = slog.LevelError - case "WARNING", "WARN": - level = slog.LevelWarn - default: - level = slog.LevelInfo - } - - // Filter out noisy client navigation logs - if level == slog.LevelInfo { - msg := strings.ToLower(req.Message) - if strings.Contains(msg, "navigating to") || - strings.Contains(msg, "going to") || - strings.Contains(msg, "redirecting to") || - strings.Contains(msg, "full paths for routes") { - return c.SendStatus(fiber.StatusOK) - } - } - - slog.Log(c.Context(), level, req.Message, attrs...) + slog.Log(c.Context(), level, logger.SanitizeClientLogMessage(req.Message), attrs...) return c.SendStatus(fiber.StatusOK) }) diff --git a/backend/internal/logger/client_log_policy.go b/backend/internal/logger/client_log_policy.go new file mode 100644 index 00000000..c4be699b --- /dev/null +++ b/backend/internal/logger/client_log_policy.go @@ -0,0 +1,143 @@ +package logger + +import ( + "log/slog" + "regexp" + "strings" +) + +var sensitiveClientLogKeys = map[string]struct{}{ + "password": {}, + "currentpassword": {}, + "newpassword": {}, + "oldpassword": {}, + "token": {}, + "accesstoken": {}, + "refreshtoken": {}, + "secret": {}, + "clientsecret": {}, + "authorization": {}, + "cookie": {}, + "setcookie": {}, + "verificationcode": {}, + "code": {}, + "loginchallenge": {}, + "loginverifier": {}, + "sessionjwt": {}, + "accessjwt": {}, + "refreshjwt": {}, +} + +var ( + logJSONSensitivePattern = regexp.MustCompile(`(?i)"(password|currentpassword|newpassword|oldpassword|token|accesstoken|refreshtoken|secret|clientsecret|authorization|cookie|setcookie|verificationcode|code|loginchallenge|loginverifier|sessionjwt|accessjwt|refreshjwt)"\s*:\s*"[^"]*"`) + logKVPattern = regexp.MustCompile(`(?i)\b(password|current_password|currentpassword|new_password|newpassword|old_password|oldpassword|token|access_token|accesstoken|refresh_token|refreshtoken|authorization|cookie|session_jwt|sessionjwt|access_jwt|accessjwt|refresh_jwt|refreshjwt)\b\s*[:=]\s*([^\s,;]+)`) +) + +func IsProductionEnv(appEnv string) bool { + env := strings.ToLower(strings.TrimSpace(appEnv)) + return env == "prod" || env == "production" +} + +func parseBoolFlag(raw string) bool { + switch strings.ToLower(strings.TrimSpace(raw)) { + case "1", "true", "yes", "y", "on": + return true + default: + return false + } +} + +func ClientDebugEnabled(appEnv, productionDebugFlag string) bool { + if !IsProductionEnv(appEnv) { + return true + } + return parseBoolFlag(productionDebugFlag) +} + +func NormalizeClientLogLevel(level string) slog.Level { + switch strings.ToUpper(strings.TrimSpace(level)) { + case "SEVERE", "ERROR": + return slog.LevelError + case "WARNING", "WARN": + return slog.LevelWarn + case "DEBUG", "FINE", "TRACE": + return slog.LevelDebug + default: + return slog.LevelInfo + } +} + +func ShouldAcceptClientLog(appEnv, productionDebugFlag, level string) bool { + if ClientDebugEnabled(appEnv, productionDebugFlag) { + return true + } + return NormalizeClientLogLevel(level) >= slog.LevelWarn +} + +func ShouldFilterNoisyClientInfo(appEnv, productionDebugFlag, message string) bool { + if ClientDebugEnabled(appEnv, productionDebugFlag) { + return false + } + msg := strings.ToLower(message) + return strings.Contains(msg, "navigating to") || + strings.Contains(msg, "going to") || + strings.Contains(msg, "redirecting to") || + strings.Contains(msg, "full paths for routes") +} + +func SanitizeClientLogMessage(message string) string { + if strings.TrimSpace(message) == "" { + return message + } + sanitized := logJSONSensitivePattern.ReplaceAllStringFunc(message, func(segment string) string { + parts := strings.SplitN(segment, ":", 2) + if len(parts) != 2 { + return segment + } + return parts[0] + `:"*****"` + }) + sanitized = logKVPattern.ReplaceAllString(sanitized, `$1=*****`) + return sanitized +} + +func SanitizeClientLogData(data map[string]interface{}) map[string]interface{} { + if len(data) == 0 { + return data + } + out := make(map[string]interface{}, len(data)) + for k, v := range data { + if isSensitiveClientLogKey(k) { + out[k] = "*****" + continue + } + out[k] = sanitizeClientLogValue(v) + } + return out +} + +func sanitizeClientLogValue(v interface{}) interface{} { + switch val := v.(type) { + case map[string]interface{}: + return SanitizeClientLogData(val) + case []interface{}: + next := make([]interface{}, len(val)) + for i := range val { + next[i] = sanitizeClientLogValue(val[i]) + } + return next + case string: + return SanitizeClientLogMessage(val) + default: + return val + } +} + +func isSensitiveClientLogKey(key string) bool { + normalized := strings.ToLower(strings.TrimSpace(key)) + normalized = strings.ReplaceAll(normalized, "-", "") + normalized = strings.ReplaceAll(normalized, "_", "") + normalized = strings.ReplaceAll(normalized, ".", "") + normalized = strings.ReplaceAll(normalized, " ", "") + _, ok := sensitiveClientLogKeys[normalized] + return ok +} diff --git a/backend/internal/logger/client_log_policy_test.go b/backend/internal/logger/client_log_policy_test.go new file mode 100644 index 00000000..10ee1235 --- /dev/null +++ b/backend/internal/logger/client_log_policy_test.go @@ -0,0 +1,79 @@ +package logger + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestClientDebugEnabled(t *testing.T) { + t.Run("non production enables debug by default", func(t *testing.T) { + assert.True(t, ClientDebugEnabled("dev", "")) + assert.True(t, ClientDebugEnabled("local", "false")) + }) + + t.Run("production disables debug by default", func(t *testing.T) { + assert.False(t, ClientDebugEnabled("production", "")) + assert.False(t, ClientDebugEnabled("prod", "false")) + }) + + t.Run("production accepts explicit debug override", func(t *testing.T) { + assert.True(t, ClientDebugEnabled("production", "true")) + assert.True(t, ClientDebugEnabled("production", "1")) + assert.True(t, ClientDebugEnabled("prod", "on")) + }) +} + +func TestShouldAcceptClientLog(t *testing.T) { + assert.False(t, ShouldAcceptClientLog("production", "", "INFO")) + assert.False(t, ShouldAcceptClientLog("production", "", "DEBUG")) + assert.True(t, ShouldAcceptClientLog("production", "", "WARN")) + assert.True(t, ShouldAcceptClientLog("production", "", "ERROR")) + assert.True(t, ShouldAcceptClientLog("production", "true", "INFO")) + assert.True(t, ShouldAcceptClientLog("dev", "", "INFO")) +} + +func TestShouldFilterNoisyClientInfo(t *testing.T) { + assert.True(t, ShouldFilterNoisyClientInfo("production", "", "Navigating to /ko/signin")) + assert.False(t, ShouldFilterNoisyClientInfo("production", "true", "Navigating to /ko/signin")) + assert.False(t, ShouldFilterNoisyClientInfo("dev", "", "Navigating to /ko/signin")) +} + +func TestSanitizeClientLogData(t *testing.T) { + input := map[string]interface{}{ + "token": "raw-token", + "safe": "ok", + "nested": map[string]interface{}{ + "new_password": "secret-1", + "path": "/ko/profile", + }, + "arr": []interface{}{ + map[string]interface{}{"authorization": "Bearer abc"}, + "token=abc123", + }, + } + + result := SanitizeClientLogData(input) + + assert.Equal(t, "*****", result["token"]) + assert.Equal(t, "ok", result["safe"]) + + nested := result["nested"].(map[string]interface{}) + assert.Equal(t, "*****", nested["new_password"]) + assert.Equal(t, "/ko/profile", nested["path"]) + + arr := result["arr"].([]interface{}) + first := arr[0].(map[string]interface{}) + assert.Equal(t, "*****", first["authorization"]) + assert.Equal(t, "token=*****", arr[1]) +} + +func TestSanitizeClientLogMessage(t *testing.T) { + msg := `FLUTTER_ERROR token=abc123 payload={"password":"hello","safe":"ok"} authorization:BearerX` + sanitized := SanitizeClientLogMessage(msg) + assert.NotContains(t, sanitized, "abc123") + assert.NotContains(t, sanitized, `"password":"hello"`) + assert.Contains(t, sanitized, `"password":"*****"`) + assert.Contains(t, sanitized, "token=*****") + assert.Contains(t, sanitized, "authorization=*****") +} diff --git a/docs/AGENTS.md b/docs/AGENTS.md index 650b3219..00565a0e 100644 --- a/docs/AGENTS.md +++ b/docs/AGENTS.md @@ -48,10 +48,19 @@ - 환경 변수 추가/변경 시 - `.env.sample` 반영 - 문서/가이드 갱신 + - 클라이언트 로그 정책 영향 확인 (`CLIENT_LOG_DEBUG`, `USERFRONT_DEBUG_LOG`) - 배포/운영 변경 시 - `Makefile`/compose 실행 절차 영향 확인 - 최소 Smoke 테스트 수행 + - 로그 수집 레벨이 운영 기본 정책(`WARN/ERROR`)을 유지하는지 확인 + +## 클라이언트 로그 정책 +- 상세 정책은 `docs/client-log-policy.md`를 기준으로 유지합니다. +- 원칙: + - 운영 기본값은 `WARN/ERROR`만 수집 + - 운영 디버그는 `CLIENT_LOG_DEBUG=true`로만 일시 허용 + - 민감정보 마스킹은 환경과 무관하게 항상 적용 ## 테스트 참고 - 테스트 계획 및 수동 실행 기준은 `docs/test-plan.md`를 따른다. diff --git a/docs/client-log-policy.md b/docs/client-log-policy.md new file mode 100644 index 00000000..6d781ef5 --- /dev/null +++ b/docs/client-log-policy.md @@ -0,0 +1,67 @@ +# Client Log Policy + +## 1. 목적 +- 운영 환경에서 클라이언트 로그를 최소권한으로 수집하고, 민감정보 유출을 방지합니다. +- 장애 분석이 필요한 경우에만 명시적 디버그 옵션으로 로그 레벨을 확장합니다. + +## 2. 환경별 수집 정책 + +### 2.1 기준 변수 +- `APP_ENV` +- `CLIENT_LOG_DEBUG` +- (UserFront fallback) `USERFRONT_DEBUG_LOG` + +### 2.2 동작 매트릭스 +- `APP_ENV != production|prod` + - 클라이언트 로그: `DEBUG/INFO/WARN/ERROR` 수집 허용 +- `APP_ENV == production|prod` AND `CLIENT_LOG_DEBUG` 미설정 + - 클라이언트 로그: `WARN/ERROR`만 수집 + - `INFO` 네비게이션 노이즈 로그는 필터 +- `APP_ENV == production|prod` AND `CLIENT_LOG_DEBUG=true|1|on|yes` + - 클라이언트 로그: `DEBUG/INFO/WARN/ERROR` 수집 허용 + +## 3. 민감정보 마스킹 규칙 + +### 3.1 Key 기반 마스킹 +아래 키는 값 전체를 `*****`로 치환합니다. +- `password`, `currentPassword`, `newPassword`, `oldPassword` +- `token`, `accessToken`, `refreshToken` +- `secret`, `clientSecret` +- `authorization`, `cookie`, `setCookie` +- `verificationCode`, `code` +- `loginChallenge`, `loginVerifier` +- `sessionJwt`, `accessJwt`, `refreshJwt` + +### 3.2 문자열 패턴 마스킹 +메시지 본문에서도 아래 패턴을 마스킹합니다. +- `token=...` +- `authorization:...` 또는 `authorization=...` +- JSON 문자열 내 민감 key/value + +## 4. 구현 위치 +- Backend + - 정책/마스킹 로직: `backend/internal/logger/client_log_policy.go` + - 수집 엔드포인트 적용: `backend/cmd/server/main.go` (`POST /api/v1/client-log`) +- UserFront + - 정책/마스킹 로직: `userfront/lib/core/services/log_policy.dart` + - 로그 출력/전송 정책: `userfront/lib/core/services/logger_service.dart` + - 전송 직전 마스킹: `userfront/lib/core/services/auth_proxy_service.dart` + +## 5. 검증 + +### 5.1 Backend +```bash +cd backend +go test ./internal/logger -count=1 +go test ./cmd/server -count=1 +``` + +### 5.2 UserFront +```bash +cd userfront +flutter test test/log_policy_test.dart +``` + +## 6. 운영 가이드 +- 운영에서 디버그 로그가 필요하면 `CLIENT_LOG_DEBUG=true`를 명시적으로 설정하고, 이슈 해결 후 즉시 원복합니다. +- 운영에서도 민감정보 마스킹은 항상 강제되며 비활성화할 수 없습니다. diff --git a/userfront/lib/core/services/auth_proxy_service.dart b/userfront/lib/core/services/auth_proxy_service.dart index 3abe60bd..df798601 100644 --- a/userfront/lib/core/services/auth_proxy_service.dart +++ b/userfront/lib/core/services/auth_proxy_service.dart @@ -4,6 +4,7 @@ import 'package:flutter_dotenv/flutter_dotenv.dart'; import 'package:userfront/i18n.dart'; import 'http_client.dart'; import 'auth_token_store.dart'; +import 'log_policy.dart'; class AuthProxyService { static String _envOrDefault(String key, String fallback) { @@ -793,15 +794,29 @@ class AuthProxyService { if (!_canSendClientLog()) { return; } + final appEnv = _envOrDefault('APP_ENV', 'dev'); + final productionDebugFlag = _envOrDefault( + 'CLIENT_LOG_DEBUG', + _envOrDefault('USERFRONT_DEBUG_LOG', ''), + ); + if (!LogPolicy.shouldRelayClientLog( + level: level, + appEnv: appEnv, + productionDebugFlag: productionDebugFlag, + )) { + return; + } final url = Uri.parse('$_baseUrl/api/v1/client-log'); + final sanitizedMessage = LogPolicy.sanitizeMessage(message); + final sanitizedData = data == null ? null : LogPolicy.sanitizeData(data); try { await http.post( url, headers: {'Content-Type': 'application/json'}, body: jsonEncode({ 'level': level, - 'message': message, - if (data != null) 'data': data, + 'message': sanitizedMessage, + if (sanitizedData != null) 'data': sanitizedData, }), ); _recordClientLogSuccess(); diff --git a/userfront/lib/core/services/log_policy.dart b/userfront/lib/core/services/log_policy.dart new file mode 100644 index 00000000..de0e4652 --- /dev/null +++ b/userfront/lib/core/services/log_policy.dart @@ -0,0 +1,123 @@ +class LogPolicy { + static const Set _sensitiveKeys = { + 'password', + 'currentpassword', + 'newpassword', + 'oldpassword', + 'token', + 'accesstoken', + 'refreshtoken', + 'secret', + 'clientsecret', + 'authorization', + 'cookie', + 'setcookie', + 'verificationcode', + 'code', + 'loginchallenge', + 'loginverifier', + 'sessionjwt', + 'accessjwt', + 'refreshjwt', + }; + + static bool isProductionEnv(String? appEnv) { + final env = (appEnv ?? '').trim().toLowerCase(); + return env == 'prod' || env == 'production'; + } + + static bool parseBoolFlag(String? raw) { + final value = (raw ?? '').trim().toLowerCase(); + return value == '1' || + value == 'true' || + value == 'yes' || + value == 'y' || + value == 'on'; + } + + static bool debugEnabled({ + required String? appEnv, + required String? productionDebugFlag, + }) { + if (!isProductionEnv(appEnv)) { + return true; + } + return parseBoolFlag(productionDebugFlag); + } + + static bool shouldRelayClientLog({ + required String level, + required String? appEnv, + required String? productionDebugFlag, + }) { + if (debugEnabled( + appEnv: appEnv, + productionDebugFlag: productionDebugFlag, + )) { + return true; + } + final normalized = level.trim().toUpperCase(); + return normalized == 'SEVERE' || + normalized == 'ERROR' || + normalized == 'WARNING' || + normalized == 'WARN'; + } + + static String sanitizeMessage(String message) { + if (message.trim().isEmpty) { + return message; + } + var sanitized = message.replaceAllMapped( + RegExp( + r'"(password|currentpassword|newpassword|oldpassword|token|accesstoken|refreshtoken|secret|clientsecret|authorization|cookie|setcookie|verificationcode|code|loginchallenge|loginverifier|sessionjwt|accessjwt|refreshjwt)"\s*:\s*"[^"]*"', + caseSensitive: false, + ), + (match) { + final key = match.group(1) ?? 'sensitive'; + return '"$key":"*****"'; + }, + ); + sanitized = sanitized.replaceAllMapped( + RegExp( + r'\b(password|current_password|currentpassword|new_password|newpassword|old_password|oldpassword|token|access_token|accesstoken|refresh_token|refreshtoken|authorization|cookie|session_jwt|sessionjwt|access_jwt|accessjwt|refresh_jwt|refreshjwt)\b\s*[:=]\s*([^\s,;]+)', + caseSensitive: false, + ), + (match) { + final key = match.group(1) ?? 'sensitive'; + return '$key=*****'; + }, + ); + return sanitized; + } + + static Map sanitizeData(Map input) { + final output = {}; + for (final entry in input.entries) { + if (_isSensitiveKey(entry.key)) { + output[entry.key] = '*****'; + } else { + output[entry.key] = _sanitizeValue(entry.value); + } + } + return output; + } + + static dynamic _sanitizeValue(dynamic value) { + if (value is Map) { + return sanitizeData(value); + } + if (value is List) { + return value.map(_sanitizeValue).toList(growable: false); + } + if (value is String) { + return sanitizeMessage(value); + } + return value; + } + + static bool _isSensitiveKey(String key) { + var normalized = key.trim().toLowerCase(); + normalized = normalized.replaceAll(RegExp(r'[-_.\s]'), ''); + return _sensitiveKeys.contains(normalized); + } +} diff --git a/userfront/lib/core/services/logger_service.dart b/userfront/lib/core/services/logger_service.dart index d878cc62..99802d10 100644 --- a/userfront/lib/core/services/logger_service.dart +++ b/userfront/lib/core/services/logger_service.dart @@ -1,8 +1,10 @@ import 'dart:convert'; import 'package:flutter/foundation.dart'; +import 'package:flutter_dotenv/flutter_dotenv.dart'; import 'package:logging/logging.dart' as std_log; import 'package:logger/logger.dart' as pretty_log; import 'auth_proxy_service.dart'; +import 'log_policy.dart'; /// Global Logger Service for Baron SSO Frontend class LoggerService { @@ -10,8 +12,20 @@ class LoggerService { factory LoggerService() => _instance; late final pretty_log.Logger _prettyLogger; + late final String _appEnv; + late final String _productionDebugFlag; LoggerService._internal() { + _appEnv = _envOrDefault('APP_ENV', 'dev'); + _productionDebugFlag = _envOrDefault( + 'CLIENT_LOG_DEBUG', + _envOrDefault('USERFRONT_DEBUG_LOG', ''), + ); + final debugEnabled = LogPolicy.debugEnabled( + appEnv: _appEnv, + productionDebugFlag: _productionDebugFlag, + ); + // 1. Initialize Pretty Logger for Dev _prettyLogger = pretty_log.Logger( printer: pretty_log.PrettyPrinter( @@ -25,9 +39,9 @@ class LoggerService { ); // 2. Configure Standard Logger (logging package) - std_log.Logger.root.level = kReleaseMode - ? std_log.Level.WARNING - : std_log.Level.ALL; + std_log.Logger.root.level = debugEnabled + ? std_log.Level.ALL + : std_log.Level.WARNING; std_log.Logger.root.onRecord.listen((record) { if (kReleaseMode) { @@ -40,6 +54,17 @@ class LoggerService { }); } + static String _envOrDefault(String key, String fallback) { + if (!dotenv.isInitialized) { + return fallback; + } + final value = dotenv.env[key]; + if (value == null || value.trim().isEmpty) { + return fallback; + } + return value; + } + /// Initialize the logger. Call this in main.dart static void init() { // Accessing the instance triggers the constructor @@ -64,10 +89,11 @@ class LoggerService { } void _logJson(std_log.LogRecord record) { + final sanitizedMessage = LogPolicy.sanitizeMessage(record.message); final logData = { 'time': record.time.toUtc().toIso8601String(), // Use UTC for consistency 'level': record.level.name, - 'msg': record.message, + 'msg': sanitizedMessage, 'svc': 'baron-userfront', if (record.error != null) 'error': record.error.toString(), if (record.stackTrace != null) 'stack': record.stackTrace.toString(), @@ -77,10 +103,14 @@ class LoggerService { debugPrint(jsonEncode(logData)); // 2. Relay to Backend (Docker Terminal) - if (record.level >= std_log.Level.WARNING) { + if (LogPolicy.shouldRelayClientLog( + level: record.level.name, + appEnv: _appEnv, + productionDebugFlag: _productionDebugFlag, + )) { AuthProxyService.sendLog( record.level.name, - record.message, + sanitizedMessage, data: { 'client_time': record.time.toUtc().toIso8601String(), 'logger': record.loggerName, diff --git a/userfront/lib/features/auth/presentation/forgot_password_screen.dart b/userfront/lib/features/auth/presentation/forgot_password_screen.dart index 1cca15c8..b3fe1d96 100644 --- a/userfront/lib/features/auth/presentation/forgot_password_screen.dart +++ b/userfront/lib/features/auth/presentation/forgot_password_screen.dart @@ -98,7 +98,10 @@ class _ForgotPasswordScreenState extends State { children: [ Text( tr('ui.userfront.forgot.heading'), - style: TextStyle(fontSize: 28, fontWeight: FontWeight.bold), + style: const TextStyle( + fontSize: 28, + fontWeight: FontWeight.bold, + ), textAlign: TextAlign.center, ), if (_drySendEnabled) ...[ diff --git a/userfront/lib/features/auth/presentation/login_success_screen.dart b/userfront/lib/features/auth/presentation/login_success_screen.dart index cb045820..81c89486 100644 --- a/userfront/lib/features/auth/presentation/login_success_screen.dart +++ b/userfront/lib/features/auth/presentation/login_success_screen.dart @@ -23,7 +23,10 @@ class LoginSuccessScreen extends StatelessWidget { const SizedBox(height: 24), Text( tr('ui.userfront.login_success.title'), - style: TextStyle(fontSize: 32, fontWeight: FontWeight.bold), + style: const TextStyle( + fontSize: 32, + fontWeight: FontWeight.bold, + ), ), const SizedBox(height: 16), Text( diff --git a/userfront/lib/features/auth/presentation/reset_password_screen.dart b/userfront/lib/features/auth/presentation/reset_password_screen.dart index ab470478..d9ebcb39 100644 --- a/userfront/lib/features/auth/presentation/reset_password_screen.dart +++ b/userfront/lib/features/auth/presentation/reset_password_screen.dart @@ -178,7 +178,7 @@ class _ResetPasswordScreenState extends State { children: [ Text( tr('ui.userfront.reset.subtitle'), - style: TextStyle( + style: const TextStyle( fontSize: 28, fontWeight: FontWeight.bold, ), diff --git a/userfront/lib/features/profile/presentation/pages/profile_page.dart b/userfront/lib/features/profile/presentation/pages/profile_page.dart index 82e9b196..7f0da220 100644 --- a/userfront/lib/features/profile/presentation/pages/profile_page.dart +++ b/userfront/lib/features/profile/presentation/pages/profile_page.dart @@ -1,6 +1,7 @@ import 'package:flutter/material.dart'; import 'package:flutter_riverpod/flutter_riverpod.dart'; import 'package:go_router/go_router.dart'; +import 'package:logging/logging.dart'; import 'package:userfront/i18n.dart'; import '../../../../core/notifiers/auth_notifier.dart'; import '../../../../core/i18n/locale_utils.dart'; @@ -22,6 +23,7 @@ class _ProfilePageState extends ConsumerState { static const _surface = Colors.white; static const _border = Color(0xFFE5E7EB); static const _subtle = Color(0xFFF7F8FA); + static final _log = Logger('ProfilePage'); UserProfile? _cachedProfile; String? _editingField; @@ -65,6 +67,22 @@ class _ProfilePageState extends ConsumerState { _phoneCodeFocus.addListener(_onPhoneCodeFocusChange); } + void _debugLog( + String event, { + String? field, + String? reason, + bool? changed, + bool? hasFocus, + }) { + final parts = ['event=$event']; + if (field != null) parts.add('field=$field'); + if (reason != null) parts.add('reason=$reason'); + if (changed != null) parts.add('changed=$changed'); + if (hasFocus != null) parts.add('hasFocus=$hasFocus'); + if (_editingField != null) parts.add('editing=$_editingField'); + _log.fine(parts.join(' ')); + } + void _onNameFocusChange() { if (!mounted) return; if (!_nameFocus.hasFocus && _nameTouched) { @@ -77,6 +95,11 @@ class _ProfilePageState extends ConsumerState { void _onDepartmentFocusChange() { if (!mounted) return; + _debugLog( + 'department_focus_change', + field: 'department', + hasFocus: _departmentFocus.hasFocus, + ); if (!_departmentFocus.hasFocus && _departmentTouched) { final profile = ref.read(profileProvider).value ?? _cachedProfile; if (profile != null) _autoSaveIfEditing(profile, 'department'); @@ -180,6 +203,7 @@ class _ProfilePageState extends ConsumerState { } void _startEditing(String field, UserProfile profile) { + _debugLog('start_editing', field: field); setState(() { _editingField = field; if (field == 'name') { @@ -356,12 +380,25 @@ class _ProfilePageState extends ConsumerState { void _autoSaveIfEditing(UserProfile profile, String field) { if (_editingField != field) return; if (_skipAutoSaveField == field) { + _debugLog('autosave_skip', field: field, reason: 'skip_flag'); _skipAutoSaveField = null; return; } - if (_isVerifying) return; - if (_isSavingField) return; + if (_isVerifying) { + _debugLog('autosave_skip', field: field, reason: 'verifying'); + return; + } + if (_isSavingField) { + _debugLog('autosave_skip', field: field, reason: 'saving_in_flight'); + return; + } if (!_hasFieldChanged(profile, field)) { + _debugLog( + 'autosave_skip', + field: field, + reason: 'unchanged', + changed: false, + ); setState(() { if (field == 'phone') { _resetPhoneState(); @@ -375,6 +412,7 @@ class _ProfilePageState extends ConsumerState { }); return; } + _debugLog('autosave_trigger', field: field, changed: true); _saveField(profile); } @@ -412,25 +450,33 @@ class _ProfilePageState extends ConsumerState { Future _saveField(UserProfile profile) async { if (_editingField == null) return; - if (_isSavingField) return; + if (_isSavingField) { + _debugLog('save_skip', reason: 'saving_in_flight'); + return; + } + final currentField = _editingField!; - final nextName = _editingField == 'name' + final nextName = currentField == 'name' ? _nameController!.text.trim() : profile.name; - final nextPhone = _editingField == 'phone' + final nextPhone = currentField == 'phone' ? _phoneController!.text.trim() : profile.phone; - final nextDepartment = _editingField == 'department' + final nextDepartment = currentField == 'department' ? _departmentController!.text.trim() : profile.department; - if (_editingField == 'name' && nextName.isEmpty) { + _debugLog('save_attempt', field: currentField); + + if (currentField == 'name' && nextName.isEmpty) { + _debugLog('save_skip', field: currentField, reason: 'empty_name'); ScaffoldMessenger.of(context).showSnackBar( SnackBar(content: Text(tr('msg.userfront.profile.name_required'))), ); return; } - if (_editingField == 'department' && nextDepartment.isEmpty) { + if (currentField == 'department' && nextDepartment.isEmpty) { + _debugLog('save_skip', field: currentField, reason: 'empty_department'); ScaffoldMessenger.of(context).showSnackBar( SnackBar( content: Text(tr('msg.userfront.profile.department_required')), @@ -438,14 +484,20 @@ class _ProfilePageState extends ConsumerState { ); return; } - if (_editingField == 'phone') { + if (currentField == 'phone') { if (nextPhone.isEmpty) { + _debugLog('save_skip', field: currentField, reason: 'empty_phone'); ScaffoldMessenger.of(context).showSnackBar( SnackBar(content: Text(tr('msg.userfront.profile.phone_required'))), ); return; } if (_isPhoneChanged && !_isPhoneVerified) { + _debugLog( + 'save_skip', + field: currentField, + reason: 'phone_not_verified', + ); ScaffoldMessenger.of(context).showSnackBar( SnackBar( content: Text(tr('msg.userfront.profile.phone_verify_required')), @@ -455,7 +507,13 @@ class _ProfilePageState extends ConsumerState { } } - if (!_hasFieldChanged(profile, _editingField!)) { + if (!_hasFieldChanged(profile, currentField)) { + _debugLog( + 'save_skip', + field: currentField, + reason: 'unchanged', + changed: false, + ); setState(() { if (_editingField == 'phone') { _resetPhoneState(); @@ -468,6 +526,7 @@ class _ProfilePageState extends ConsumerState { } _isSavingField = true; + _debugLog('save_dispatch', field: currentField, changed: true); try { await ref @@ -479,7 +538,7 @@ class _ProfilePageState extends ConsumerState { ); if (mounted) { setState(() { - if (_editingField == 'phone') { + if (currentField == 'phone') { _initialPhone = nextPhone; _resetPhoneState(); } @@ -487,11 +546,13 @@ class _ProfilePageState extends ConsumerState { _nameTouched = false; _departmentTouched = false; }); + _debugLog('save_success', field: currentField); ScaffoldMessenger.of(context).showSnackBar( SnackBar(content: Text(tr('msg.userfront.profile.update_success'))), ); } } catch (e) { + _debugLog('save_failed', field: currentField, reason: e.toString()); if (mounted) { ScaffoldMessenger.of(context).showSnackBar( SnackBar( diff --git a/userfront/test/log_policy_test.dart b/userfront/test/log_policy_test.dart new file mode 100644 index 00000000..c7c3937b --- /dev/null +++ b/userfront/test/log_policy_test.dart @@ -0,0 +1,114 @@ +import 'package:flutter_test/flutter_test.dart'; +import 'package:userfront/core/services/log_policy.dart'; + +void main() { + group('LogPolicy.debugEnabled', () { + test('non production enables debug by default', () { + expect( + LogPolicy.debugEnabled(appEnv: 'dev', productionDebugFlag: null), + isTrue, + ); + expect( + LogPolicy.debugEnabled(appEnv: 'staging', productionDebugFlag: 'false'), + isTrue, + ); + }); + + test('production disables debug unless explicitly enabled', () { + expect( + LogPolicy.debugEnabled(appEnv: 'production', productionDebugFlag: ''), + isFalse, + ); + expect( + LogPolicy.debugEnabled( + appEnv: 'production', + productionDebugFlag: 'true', + ), + isTrue, + ); + expect( + LogPolicy.debugEnabled(appEnv: 'prod', productionDebugFlag: '1'), + isTrue, + ); + }); + }); + + group('LogPolicy.shouldRelayClientLog', () { + test('production default forwards only warning or higher', () { + expect( + LogPolicy.shouldRelayClientLog( + level: 'INFO', + appEnv: 'production', + productionDebugFlag: '', + ), + isFalse, + ); + expect( + LogPolicy.shouldRelayClientLog( + level: 'WARNING', + appEnv: 'production', + productionDebugFlag: '', + ), + isTrue, + ); + expect( + LogPolicy.shouldRelayClientLog( + level: 'ERROR', + appEnv: 'production', + productionDebugFlag: '', + ), + isTrue, + ); + }); + + test('production debug option forwards info logs', () { + expect( + LogPolicy.shouldRelayClientLog( + level: 'INFO', + appEnv: 'production', + productionDebugFlag: 'true', + ), + isTrue, + ); + }); + }); + + group('LogPolicy.sanitize', () { + test('sanitizes sensitive message patterns', () { + const message = + 'token=abc123 payload={"password":"hello","safe":"ok"} authorization:BearerXYZ'; + final sanitized = LogPolicy.sanitizeMessage(message); + expect(sanitized, isNot(contains('abc123'))); + expect(sanitized, contains('token=*****')); + expect(sanitized, contains('"password":"*****"')); + expect(sanitized, contains('authorization=*****')); + }); + + test('sanitizes nested sensitive keys', () { + final data = { + 'token': 'tok', + 'ok': 'value', + 'nested': {'new_password': 'pw', 'safe': 'x'}, + 'arr': [ + {'authorization': 'Bearer secret'}, + 'cookie=session=raw', + ], + }; + + final sanitized = LogPolicy.sanitizeData(data); + expect(sanitized['token'], '*****'); + expect(sanitized['ok'], 'value'); + expect( + (sanitized['nested'] as Map)['new_password'], + '*****', + ); + expect((sanitized['nested'] as Map)['safe'], 'x'); + expect( + ((sanitized['arr'] as List).first + as Map)['authorization'], + '*****', + ); + expect((sanitized['arr'] as List)[1], 'cookie=*****'); + }); + }); +}