feat: add slog logging (#432)

* feat(op): user slog for logging integrate with golang.org/x/exp/slog for logging. provide a middleware for request scoped logging. BREAKING CHANGES: 1. OpenIDProvider and sub-interfaces get a Logger() method to return the configured logger; 2. AuthRequestError now takes the complete Authorizer, instead of only the encoder. So that it may use its Logger() method. 3. RequestError now takes a Logger as argument. * use zitadel/logging * finish op and testing without middleware for now * minimum go version 1.19 * update go mod * log value testing only on go 1.20 or later * finish the RP and example * ping logging release
2023-08-29 15:07:45 +03:00 · 2023-08-29 15:07:45 +03:00 · 0879c88399
commit 0879c88399
parent 6708ef4c24
34 changed files with 800 additions and 85 deletions
--- a/pkg/oidc/authorization.go
+++ b/pkg/oidc/authorization.go
@ -1,5 +1,9 @@
 package oidc

+import (
+	"golang.org/x/exp/slog"
+)
+
 const (
 	// ScopeOpenID defines the scope `openid`
 	// OpenID Connect requests MUST contain the `openid` scope value
@ -86,6 +90,15 @@ type AuthRequest struct {
 	RequestParam string `schema:"request"`
 }

+func (a *AuthRequest) LogValue() slog.Value {
+	return slog.GroupValue(
+		slog.Any("scopes", a.Scopes),
+		slog.String("response_type", string(a.ResponseType)),
+		slog.String("client_id", a.ClientID),
+		slog.String("redirect_uri", a.RedirectURI),
+	)
+}
+
 // GetRedirectURI returns the redirect_uri value for the ErrAuthRequest interface
 func (a *AuthRequest) GetRedirectURI() string {
 	return a.RedirectURI
--- a/pkg/oidc/authorization_test.go
+++ b/pkg/oidc/authorization_test.go
@ -0,0 +1,27 @@
+//go:build go1.20
+
+package oidc
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"golang.org/x/exp/slog"
+)
+
+func TestAuthRequest_LogValue(t *testing.T) {
+	a := &AuthRequest{
+		Scopes:       SpaceDelimitedArray{"a", "b"},
+		ResponseType: "respType",
+		ClientID:     "123",
+		RedirectURI:  "http://example.com/callback",
+	}
+	want := slog.GroupValue(
+		slog.Any("scopes", SpaceDelimitedArray{"a", "b"}),
+		slog.String("response_type", "respType"),
+		slog.String("client_id", "123"),
+		slog.String("redirect_uri", "http://example.com/callback"),
+	)
+	got := a.LogValue()
+	assert.Equal(t, want, got)
+}
--- a/pkg/oidc/error.go
+++ b/pkg/oidc/error.go
@ -3,6 +3,8 @@ package oidc
 import (
 	"errors"
 	"fmt"
+
+	"golang.org/x/exp/slog"
 )

 type errorType string
@ -171,3 +173,34 @@ func DefaultToServerError(err error, description string) *Error {
 	}
 	return oauth
 }
+
+func (e *Error) LogLevel() slog.Level {
+	level := slog.LevelWarn
+	if e.ErrorType == ServerError {
+		level = slog.LevelError
+	}
+	if e.ErrorType == AuthorizationPending {
+		level = slog.LevelInfo
+	}
+	return level
+}
+
+func (e *Error) LogValue() slog.Value {
+	attrs := make([]slog.Attr, 0, 5)
+	if e.Parent != nil {
+		attrs = append(attrs, slog.Any("parent", e.Parent))
+	}
+	if e.Description != "" {
+		attrs = append(attrs, slog.String("description", e.Description))
+	}
+	if e.ErrorType != "" {
+		attrs = append(attrs, slog.String("type", string(e.ErrorType)))
+	}
+	if e.State != "" {
+		attrs = append(attrs, slog.String("state", e.State))
+	}
+	if e.redirectDisabled {
+		attrs = append(attrs, slog.Bool("redirect_disabled", e.redirectDisabled))
+	}
+	return slog.GroupValue(attrs...)
+}
--- a/pkg/oidc/error_go120_test.go
+++ b/pkg/oidc/error_go120_test.go
@ -0,0 +1,83 @@
+//go:build go1.20
+
+package oidc
+
+import (
+	"io"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"golang.org/x/exp/slog"
+)
+
+func TestError_LogValue(t *testing.T) {
+	type fields struct {
+		Parent           error
+		ErrorType        errorType
+		Description      string
+		State            string
+		redirectDisabled bool
+	}
+	tests := []struct {
+		name   string
+		fields fields
+		want   slog.Value
+	}{
+		{
+			name: "parent",
+			fields: fields{
+				Parent: io.EOF,
+			},
+			want: slog.GroupValue(slog.Any("parent", io.EOF)),
+		},
+		{
+			name: "description",
+			fields: fields{
+				Description: "oops",
+			},
+			want: slog.GroupValue(slog.String("description", "oops")),
+		},
+		{
+			name: "errorType",
+			fields: fields{
+				ErrorType: ExpiredToken,
+			},
+			want: slog.GroupValue(slog.String("type", string(ExpiredToken))),
+		},
+		{
+			name: "state",
+			fields: fields{
+				State: "123",
+			},
+			want: slog.GroupValue(slog.String("state", "123")),
+		},
+		{
+			name: "all fields",
+			fields: fields{
+				Parent:      io.EOF,
+				Description: "oops",
+				ErrorType:   ExpiredToken,
+				State:       "123",
+			},
+			want: slog.GroupValue(
+				slog.Any("parent", io.EOF),
+				slog.String("description", "oops"),
+				slog.String("type", string(ExpiredToken)),
+				slog.String("state", "123"),
+			),
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			e := &Error{
+				Parent:           tt.fields.Parent,
+				ErrorType:        tt.fields.ErrorType,
+				Description:      tt.fields.Description,
+				State:            tt.fields.State,
+				redirectDisabled: tt.fields.redirectDisabled,
+			}
+			got := e.LogValue()
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
--- a/pkg/oidc/error_test.go
+++ b/pkg/oidc/error_test.go
@ -0,0 +1,81 @@
+package oidc
+
+import (
+	"io"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"golang.org/x/exp/slog"
+)
+
+func TestDefaultToServerError(t *testing.T) {
+	type args struct {
+		err         error
+		description string
+	}
+	tests := []struct {
+		name string
+		args args
+		want *Error
+	}{
+		{
+			name: "default",
+			args: args{
+				err:         io.ErrClosedPipe,
+				description: "oops",
+			},
+			want: &Error{
+				ErrorType:   ServerError,
+				Description: "oops",
+				Parent:      io.ErrClosedPipe,
+			},
+		},
+		{
+			name: "our Error",
+			args: args{
+				err:         ErrAccessDenied(),
+				description: "oops",
+			},
+			want: &Error{
+				ErrorType:   AccessDenied,
+				Description: "The authorization request was denied.",
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := DefaultToServerError(tt.args.err, tt.args.description)
+			assert.ErrorIs(t, got, tt.want)
+		})
+	}
+}
+
+func TestError_LogLevel(t *testing.T) {
+	tests := []struct {
+		name string
+		err  *Error
+		want slog.Level
+	}{
+		{
+			name: "server error",
+			err:  ErrServerError(),
+			want: slog.LevelError,
+		},
+		{
+			name: "authorization pending",
+			err:  ErrAuthorizationPending(),
+			want: slog.LevelInfo,
+		},
+		{
+			name: "some other error",
+			err:  ErrAccessDenied(),
+			want: slog.LevelWarn,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := tt.err.LogLevel()
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
--- a/pkg/oidc/types.go
+++ b/pkg/oidc/types.go
@ -106,7 +106,7 @@ type ResponseType string

 type ResponseMode string

-func (s SpaceDelimitedArray) Encode() string {
+func (s SpaceDelimitedArray) String() string {
 	return strings.Join(s, " ")
 }

@ -116,11 +116,11 @@ func (s *SpaceDelimitedArray) UnmarshalText(text []byte) error {
 }

 func (s SpaceDelimitedArray) MarshalText() ([]byte, error) {
-	return []byte(s.Encode()), nil
+	return []byte(s.String()), nil
 }

 func (s SpaceDelimitedArray) MarshalJSON() ([]byte, error) {
-	return json.Marshal((s).Encode())
+	return json.Marshal((s).String())
 }

 func (s *SpaceDelimitedArray) UnmarshalJSON(data []byte) error {
@ -165,7 +165,7 @@ func (s SpaceDelimitedArray) Value() (driver.Value, error) {
 func NewEncoder() *schema.Encoder {
 	e := schema.NewEncoder()
 	e.RegisterEncoder(SpaceDelimitedArray{}, func(value reflect.Value) string {
-		return value.Interface().(SpaceDelimitedArray).Encode()
+		return value.Interface().(SpaceDelimitedArray).String()
 	})
 	return e
 }