Skip to content

requestclient: propagate request client IP, add gitserver access logger

Warren Gifford requested to merge mrn+jh/userip into main

Created by: mrnugget

Add a very verbose access logger for the following gitserver routes:

  • /exec
  • /archive
  • /git/
  • /commands/get-object
  • /p4-exec

Enable it in site-config by adding "log": { "gitserver.accessLogs": true }.

Example log output:

INFO server.commands/get-object.accesslog accesslog/accesslog.go:113 access {"actor": {"ip": "127.0.0.1", "X-Forwarded-For": "127.0.0.1, 127.0.0.1", "actorUID": 1}, "params": {"objectname": "refs/heads/latest"}}
INFO server.commands/get-object.accesslog accesslog/accesslog.go:113 access {"actor": {"ip": "127.0.0.1", "X-Forwarded-For": "127.0.0.1, 127.0.0.1", "actorUID": 1}, "params": {"objectname": "refs/heads/main"}}
INFO server.exec.accesslog accesslog/accesslog.go:113 access {"actor": {"ip": "127.0.0.1", "X-Forwarded-For": "127.0.0.1, 127.0.0.1", "actorUID": 1}, "params": {"cmd": "rev-parse", "args": "1a936bd500cfda94feb68b6cf58906ee31453468^0"}}
INFO server.exec.accesslog accesslog/accesslog.go:113 access {"actor": {"ip": "127.0.0.1", "X-Forwarded-For": "127.0.0.1, 127.0.0.1", "actorUID": 1}, "params": {"cmd": "rev-parse", "args": "634ea5791374800926c7f01ce4fe4d3435de3266^0"}}
INFO server.exec.accesslog accesslog/accesslog.go:113 access {"actor": {"ip": "127.0.0.1", "X-Forwarded-For": "127.0.0.1, 127.0.0.1", "actorUID": 1}, "params": {"args": "5ae7ccac1cee71d0b18b22de044061b67c8f8edb^0", "cmd": "rev-parse"}}
INFO server.archive.accesslog accesslog/accesslog.go:113 access {"actor": {"ip": "127.0.0.1", "X-Forwarded-For": "127.0.0.1, 127.0.0.1", "actorUID": 1}, "params": {"treeish": "6f836b03f500673c0e63879681049aa9c2b80370", "format": "zip", "path": ":(literal)."}}
INFO server.archive.accesslog accesslog/accesslog.go:113 access {"actor": {"ip": "127.0.0.1", "X-Forwarded-For": "127.0.0.1, 127.0.0.1", "actorUID": 1}, "params": {"treeish": "1a936bd500cfda94feb68b6cf58906ee31453468", "format": "zip", "path": ":(literal)."}}
INFO server.archive.accesslog accesslog/accesslog.go:113 access {"actor": {"ip": "127.0.0.1", "X-Forwarded-For": "127.0.0.1, 127.0.0.1", "actorUID": 1}, "params": {"format": "zip", "path": ":(literal).", "treeish": "be237e109171b586240a404a656dbbb01cafb424"}}
INFO server.git.accesslog accesslog/accesslog.go:115 access {"actor": {"ip": "127.0.0.1", "X-Forwarded-For": "127.0.0.1, 127.0.0.1", "actorUID": 0}, "params": {"repo": "github.com/sourcegraph-testing/go-repo-b", "svc": "/info/refs", "protocol": "version=2"}}
INFO server.git.accesslog accesslog/accesslog.go:115 access {"actor": {"ip": "127.0.0.1", "X-Forwarded-For": "127.0.0.1, 127.0.0.1", "actorUID": 0}, "params": {"repo": "github.com/sourcegraph-testing/go-repo-a", "svc": "/info/refs", "protocol": "version=2"}}
INFO server.p4-exec.accesslog accesslog/accesslog.go:117 access {"actor": {"ip": "127.0.0.1", "X-Forwarded-For": "", "actorUID": 0}, "params": {"repo": "<no-repo>", "p4user": "admin", "p4port": "perforce.sgdev.org:1666", "args": "protects -u admin"}}

Test plan

  • Added unit tests
  • Manual testing by exercising all endpoints

Merge request reports

Loading