Add HTTP signature keyId to request log (#11591)

This commit is contained in:
Eugen Rochko 2019-08-18 18:03:56 +02:00 committed by GitHub
parent 2b4e2616ea
commit 1bc077dc74
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 20 additions and 1 deletions

View file

@ -23,6 +23,19 @@ module SignatureVerification
@signature_verification_failure_code || 401 @signature_verification_failure_code || 401
end end
def signature_key_id
raw_signature = request.headers['Signature']
signature_params = {}
raw_signature.split(',').each do |part|
parsed_parts = part.match(/([a-z]+)="([^"]+)"/i)
next if parsed_parts.nil? || parsed_parts.size != 3
signature_params[parsed_parts[1]] = parsed_parts[2]
end
signature_params['keyId']
end
def signed_request_account def signed_request_account
return @signed_request_account if defined?(@signed_request_account) return @signed_request_account if defined?(@signed_request_account)
@ -154,7 +167,7 @@ module SignatureVerification
.with_fallback { nil } .with_fallback { nil }
.with_threshold(1) .with_threshold(1)
.with_cool_off_time(5.minutes.seconds) .with_cool_off_time(5.minutes.seconds)
.with_error_handler { |error, handle| error.is_a?(HTTP::Error) ? handle.call(error) : raise(error) } .with_error_handler { |error, handle| error.is_a?(HTTP::Error) || error.is_a?(OpenSSL::SSL::SSLError) ? handle.call(error) : raise(error) }
.run .run
end end

View file

@ -71,6 +71,12 @@ Rails.application.configure do
# Better log formatting # Better log formatting
config.lograge.enabled = true config.lograge.enabled = true
config.lograge.custom_payload do |controller|
if controller.respond_to?(:signed_request?) && controller.signed_request?
{ key: controller.signature_key_id }
end
end
# Do not dump schema after migrations. # Do not dump schema after migrations.
config.active_record.dump_schema_after_migration = false config.active_record.dump_schema_after_migration = false