Giter Site home page Giter Site logo

caddy-basic-auth-filter's Introduction

caddy-basic-auth-filter

This packages contains a log field filter to extract the user from a basic Authorization HTTP-Header.

Installation

xcaddy build --with github.com/ueffel/caddy-basic-auth-filter

Usage

See caddy log filter documentation. There will be a new filters to use:

<field> basic_auth_user
  • field Probably the only sensible field to use here is: request>headers>Authorization

Since caddy v2.5.0 logging of credentials needs to be enabled in the global server options with log_credentials for this filter to work. See caddyserver/caddy#4438.

Example configuration

The following example configuration uses the Formatted Log Encoder

format filter {
    wrap formatted "{request>host} {request>headers>Authorization} [{ts}] \"{request>method} {request>uri} {request>proto}\""
    fields {
        request>headers>Authorization basic_auth_user
    }
}

localhost admin [1620840157.514536] "GET /some/path HTTP/2.0"

For reference the configuration and output without filters:

format formatted "{request>host} {request>headers>Authorization} [{ts}] \"{request>method} {request>uri} {request>proto}\""

Log output:

localhost ["Basic YWRtaW46YWRtaW4="] [1638732239.578346] "GET /some/path HTTP/2.0"

caddy-basic-auth-filter's People

Contributors

ueffel avatar

Stargazers

avatar avatar avatar

Watchers

avatar avatar

caddy-basic-auth-filter's Issues

Retain non Basic-Auth authorization header values in logs

Hallo Steffen,

hier auch Steffen - ebenfalls ein Caddy-User aus Deutschland ๐Ÿ˜„

I am using your Caddy module on a domain, where different types of HTTP-Authentication are used, but mostly Basic-Auth and Digest-Auth.
My log configuration is this:

        log access-log-json {
                include http.log.access
                output file log/access.json {
                        roll_size 10m
                        roll_local_time
                        roll_keep_for 365d
                }
                format filter {
                        wrap json {
                                time_format iso8601
                                time_local
                        }
                        fields {
                                request>tls>version tls_version TLSv
                                request>tls>cipher_suite tls_cipher
                                request>headers>Authorization basic_auth_user
                        }
                }
        }

BTW: My server block contains log_credentials.

When Basic-Auth is used, such as curl https://playground.stbu.net -H "Authorization: Basic dGVzdHVzZXI6dGVzdA==", everything is perfect. The JSON log output will contain "Authorization": "testuser".

When Digest-Auth is used, such as curl https://playground.stbu.net -H 'Authorization: Digest username="exampleuser", realm="protected", nonce="12345678901", uri="/", response="123456789012345678901234567890", qop=auth, nc=00000911, cnonce="1234567890" then the JSON log output will contain "Authorization": "".

When Bearer-Auth is used, such as curl https://playground.stbu.net -H "Authorization: Bearer 123456789012345678901234567890", then the JSON log output will contain "Authorization": "".

I would rather like to have the original value of the Authorization Header in case it is not Basic-Auth.
For example when Bearer-Auth is used, I would like to have "Authorization": "Bearer 123456789012345678901234567890" logged instead of an empty Authorization. Ideally, in case of Digest-Auth, I would like to have the value of username="exampleuser", but that would contradict with this module name.
Would it be possible to implement an optional flag like "preserve_other" (request>headers>Authorization basic_auth_user preserve_other) in this module with the logic that if this flag is provided, the original value is returned when it's not a Basic-Auth instead of return an empty string?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.