admin/deploy-felhom-compose
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: comprehensive debug logging across all controller modules

Browse Source 
Add detailed [DEBUG] logging to every controller module when
logging.level is set to "debug". Each module with stateful debug
uses SetDebug(bool) wired from main.go. Covers stacks, backup,
cloudflare, integrations, system, monitor, settings, scheduler,
web handlers, storage, metrics, API, selfupdate, and assets.

Also includes the app export/import (.fab bundles) feature from
v0.32.0 and its debug page integration.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
authentik Default Admin
2026-02-26 18:14:43 +01:00
parent f6caea8067
commit 95c821deb2
54 changed files with 5015 additions and 82 deletions
Download Patch File Download Diff File Expand all files Collapse all files
controller/internal/web/auth.go
+39
View File
@@ -53,6 +53,9 @@ func (s *Server) RequireAuth(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// Skip auth if no password is configured
if !s.authEnabled() {
if s.isDebug() {
s.logger.Printf("[DEBUG] [web] auth: no password configured, passing through %s %s", r.Method, r.URL.Path)
}
next.ServeHTTP(w, r)
return
}
@@ -77,6 +80,13 @@ func (s *Server) RequireAuth(next http.Handler) http.Handler {
cookie, err := r.Cookie(sessionCookieName)
if err != nil || !s.isValidSession(cookie.Value) {
if s.isDebug() {
reason := "no cookie"
if err == nil {
reason = "invalid/expired session"
}
s.logger.Printf("[DEBUG] [web] auth: rejected %s %s from %s (%s)", r.Method, r.URL.Path, r.RemoteAddr, reason)
}
if strings.HasPrefix(r.URL.Path, "/api/") {
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusUnauthorized)
@@ -92,6 +102,9 @@ func (s *Server) RequireAuth(next http.Handler) http.Handler {
return
}
if s.isDebug() {
s.logger.Printf("[DEBUG] [web] auth: valid session for %s %s", r.Method, r.URL.Path)
}
next.ServeHTTP(w, r)
})
}
@@ -101,6 +114,10 @@ func (s *Server) handleLogin(w http.ResponseWriter, r *http.Request) {
password := r.FormValue("password")
nextURL := r.FormValue("next")
if s.isDebug() {
s.logger.Printf("[DEBUG] [web] login attempt from %s (X-Forwarded-For: %s)", r.RemoteAddr, r.Header.Get("X-Forwarded-For"))
}
if password == "" {
s.renderLogin(w, "Kérjük adja meg a jelszót", "")
return
@@ -147,6 +164,10 @@ func (s *Server) handleLogin(w http.ResponseWriter, r *http.Request) {
delete(s.loginAttempts, ip)
s.loginAttemptMu.Unlock()
if s.isDebug() {
s.logger.Printf("[DEBUG] [web] login successful from %s, creating session", ip)
}
token := s.createSession()
isSecure := r.TLS != nil || r.Header.Get("X-Forwarded-Proto") == "https"
http.SetCookie(w, &http.Cookie{
@@ -174,6 +195,9 @@ func (s *Server) handleLogout(w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, "/", http.StatusFound)
return
}
if s.isDebug() {
s.logger.Printf("[DEBUG] [web] logout from %s", r.RemoteAddr)
}
if cookie, err := r.Cookie(sessionCookieName); err == nil {
s.sessionsMu.Lock()
delete(s.sessions, cookie.Value)
@@ -197,8 +221,13 @@ func (s *Server) createSession() string {
expiresAt: time.Now().Add(sessionMaxAge),
csrfToken: csrfToken,
}
sessionCount := len(s.sessions)
s.sessionsMu.Unlock()
if s.isDebug() {
s.logger.Printf("[DEBUG] [web] session created, expires=%s, active_sessions=%d", time.Now().Add(sessionMaxAge).Format(time.RFC3339), sessionCount)
}
return token
}
@@ -225,8 +254,12 @@ func (s *Server) isValidSession(token string) bool {
// Used after password change.
func (s *Server) invalidateAllSessions() {
s.sessionsMu.Lock()
count := len(s.sessions)
s.sessions = make(map[string]*session)
s.sessionsMu.Unlock()
if s.isDebug() {
s.logger.Printf("[DEBUG] [web] invalidated all sessions (cleared %d)", count)
}
}
func (s *Server) cleanupSessions() {
@@ -239,12 +272,18 @@ func (s *Server) cleanupSessions() {
case <-ticker.C:
s.sessionsMu.Lock()
now := time.Now()
expired := 0
for t, sess := range s.sessions {
if now.After(sess.expiresAt) {
delete(s.sessions, t)
expired++
}
}
remaining := len(s.sessions)
s.sessionsMu.Unlock()
if s.isDebug() && expired > 0 {
s.logger.Printf("[DEBUG] [web] session cleanup: expired=%d remaining=%d", expired, remaining)
}
}
}
}