package logger import ( "context" "fmt" "log/slog" "time" "github.com/gofiber/fiber/v2" "github.com/google/uuid" ) // AuditLogEntry holds common audit logging fields. type AuditLogEntry struct { RequestID string Stage string Operation string // e.g., "SendPasswordReset", "Verify" Method string Path string Status int LatencyMs time.Duration IP string UserAgent string Origin string Referer string Query map[string]string Headers map[string]string // Core headers like Host, Cookie, Set-Cookie LoginIDs map[string]string // loginId and loginId_normalized Token string // For reset tokens, magic link tokens DescopeError string DescopeStatus int // Descope HTTP status DescopeBody string // Descope response body (full raw) RefreshToken string SessionJwt string AccessJwt string UserLoginId string UserID string Email string Phone string SetCookieName string SetCookieValue string SetCookieAttrs map[string]string RedirectTo string HasCookieDSRF bool ParsedCookieDSRF string RequestBody string // For complete stage NewPassword string // For complete stage (test only, sensitive) // ... potentially more fields specific to different stages } // NewAuditLogEntry creates a new AuditLogEntry with a generated RequestID and initial common fields. func NewAuditLogEntry(c *fiber.Ctx, stage string) *AuditLogEntry { reqID := uuid.New().String() // Extract query parameters queryParams := make(map[string]string) c.Context().QueryArgs().VisitAll(func(key, value []byte) { queryParams[string(key)] = string(value) }) // Extract relevant headers headers := make(map[string]string) headers["Host"] = c.Get("Host") headers["User-Agent"] = c.Get("User-Agent") if cookie := c.Get("Cookie"); cookie != "" { headers["Cookie"] = cookie } headers["Origin"] = c.Get("Origin") headers["Referer"] = c.Get("Referer") return &AuditLogEntry{ RequestID: reqID, Stage: stage, Method: c.Method(), Path: c.Path(), IP: c.IP(), UserAgent: c.Get("User-Agent"), Origin: c.Get("Origin"), Referer: c.Get("Referer"), Query: queryParams, Headers: headers, LoginIDs: make(map[string]string), SetCookieAttrs: make(map[string]string), } } // Log emits an audit log entry using slog. // It includes common fields and allows for additional custom fields. func (ale *AuditLogEntry) Log(level slog.Level, msg string, args ...any) { attrs := []slog.Attr{ slog.String("req_id", ale.RequestID), slog.String("stage", ale.Stage), } if ale.Operation != "" { attrs = append(attrs, slog.String("op", ale.Operation)) } if ale.Method != "" { attrs = append(attrs, slog.String("method", ale.Method)) } if ale.Path != "" { attrs = append(attrs, slog.String("path", ale.Path)) } if ale.Status != 0 { attrs = append(attrs, slog.Int("status", ale.Status)) } if ale.LatencyMs != 0 { attrs = append(attrs, slog.Duration("latency_ms", ale.LatencyMs)) } if ale.IP != "" { attrs = append(attrs, slog.String("ip", ale.IP)) } if ale.UserAgent != "" { attrs = append(attrs, slog.String("user_agent", ale.UserAgent)) } if ale.Origin != "" { attrs = append(attrs, slog.String("origin", ale.Origin)) } if ale.Referer != "" { attrs = append(attrs, slog.String("referer", ale.Referer)) } if len(ale.Query) > 0 { queryGroupArgs := make([]any, 0, len(ale.Query)) for k, v := range ale.Query { queryGroupArgs = append(queryGroupArgs, slog.String(k, v)) } attrs = append(attrs, slog.Group("query", queryGroupArgs...)) } if len(ale.Headers) > 0 { headersGroupArgs := make([]any, 0, len(ale.Headers)) for k, v := range ale.Headers { headersGroupArgs = append(headersGroupArgs, slog.String(k, v)) } attrs = append(attrs, slog.Group("headers", headersGroupArgs...)) } if len(ale.LoginIDs) > 0 { loginIDGroupArgs := make([]any, 0, len(ale.LoginIDs)) for k, v := range ale.LoginIDs { loginIDGroupArgs = append(loginIDGroupArgs, slog.String(k, v)) } attrs = append(attrs, slog.Group("login_ids", loginIDGroupArgs...)) } if ale.Token != "" { attrs = append(attrs, slog.String("token", ale.Token)) } if ale.DescopeError != "" { attrs = append(attrs, slog.String("descope_error", ale.DescopeError)) } if ale.DescopeStatus != 0 { attrs = append(attrs, slog.Int("descope_http_status", ale.DescopeStatus)) } if ale.DescopeBody != "" { attrs = append(attrs, slog.String("descope_response_body", ale.DescopeBody)) } if ale.RefreshToken != "" { attrs = append(attrs, slog.String("refresh_token", ale.RefreshToken)) } if ale.SessionJwt != "" { attrs = append(attrs, slog.String("session_jwt", ale.SessionJwt)) } if ale.AccessJwt != "" { attrs = append(attrs, slog.String("access_jwt", ale.AccessJwt)) } if ale.UserLoginId != "" { attrs = append(attrs, slog.String("user_login_id", ale.UserLoginId)) } if ale.UserID != "" { attrs = append(attrs, slog.String("user_id", ale.UserID)) } if ale.Email != "" { attrs = append(attrs, slog.String("email", ale.Email)) } if ale.Phone != "" { attrs = append(attrs, slog.String("phone", ale.Phone)) } if ale.SetCookieName != "" { attrs = append(attrs, slog.String("set_cookie_name", ale.SetCookieName)) attrs = append(attrs, slog.String("set_cookie_value", ale.SetCookieValue)) if len(ale.SetCookieAttrs) > 0 { cookieAttrsGroupArgs := make([]any, 0, len(ale.SetCookieAttrs)) for k, v := range ale.SetCookieAttrs { cookieAttrsGroupArgs = append(cookieAttrsGroupArgs, slog.String(k, v)) } attrs = append(attrs, slog.Group("set_cookie_attrs", cookieAttrsGroupArgs...)) } } if ale.RedirectTo != "" { attrs = append(attrs, slog.String("redirect_to", ale.RedirectTo)) } if ale.HasCookieDSRF { attrs = append(attrs, slog.Bool("has_cookie_DSRF", ale.HasCookieDSRF)) } if ale.ParsedCookieDSRF != "" { attrs = append(attrs, slog.String("parsed_cookie_DSRF", ale.ParsedCookieDSRF)) } if ale.RequestBody != "" { attrs = append(attrs, slog.String("request_body", ale.RequestBody)) } if ale.NewPassword != "" { // FOR TEST ONLY - DO NOT LOG IN PRODUCTION attrs = append(attrs, slog.String("new_password", ale.NewPassword)) } // Convert variadic args to slog.Attr before appending for i := 0; i < len(args); i += 2 { if i+1 < len(args) { attrs = append(attrs, slog.Any(fmt.Sprintf("%v", args[i]), args[i+1])) } else { // Handle odd number of arguments - log the last one with a generic key attrs = append(attrs, slog.Any(fmt.Sprintf("extra_arg_%d", i), args[i])) } } slog.Default().LogAttrs(context.Background(), level, msg, attrs...) }