interceptors.go 3.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118
  1. /*
  2. Copyright © The ESO Authors
  3. Licensed under the Apache License, Version 2.0 (the "License");
  4. you may not use this file except in compliance with the License.
  5. You may obtain a copy of the License at
  6. https://www.apache.org/licenses/LICENSE-2.0
  7. Unless required by applicable law or agreed to in writing, software
  8. distributed under the License is distributed on an "AS IS" BASIS,
  9. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  10. See the License for the specific language governing permissions and
  11. limitations under the License.
  12. */
  13. package server
  14. import (
  15. "context"
  16. "log"
  17. "time"
  18. "google.golang.org/grpc"
  19. "google.golang.org/grpc/credentials"
  20. "google.golang.org/grpc/peer"
  21. "google.golang.org/grpc/tap"
  22. )
  23. // LoggingUnaryInterceptor logs all RPC calls with connection details.
  24. func LoggingUnaryInterceptor(verbose bool) grpc.UnaryServerInterceptor {
  25. return func(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error) {
  26. start := time.Now()
  27. // Get peer information
  28. p, ok := peer.FromContext(ctx)
  29. var peerAddr string
  30. if ok {
  31. peerAddr = p.Addr.String()
  32. if verbose {
  33. LogTLSConnectionInfo(p)
  34. }
  35. } else {
  36. peerAddr = "unknown"
  37. }
  38. log.Printf("[RPC] --> %s from %s", info.FullMethod, peerAddr)
  39. // Call the handler
  40. resp, err := handler(ctx, req)
  41. duration := time.Since(start)
  42. if err != nil {
  43. log.Printf("[RPC] <-- %s failed in %v: %v", info.FullMethod, duration, err)
  44. } else {
  45. log.Printf("[RPC] <-- %s succeeded in %v", info.FullMethod, duration)
  46. }
  47. return resp, err
  48. }
  49. }
  50. // ConnectionTapHandler logs every connection attempt with detailed information.
  51. func ConnectionTapHandler(ctx context.Context, info *tap.Info) (context.Context, error) {
  52. log.Printf("[CONNECTION] New connection attempt: %+v", info)
  53. return ctx, nil
  54. }
  55. // LogTLSConnectionInfo logs detailed TLS handshake information.
  56. func LogTLSConnectionInfo(p *peer.Peer) {
  57. if p == nil {
  58. log.Printf("[TLS] No peer information available")
  59. return
  60. }
  61. log.Printf("[TLS] Connection from: %s", p.Addr.String())
  62. authInfo := p.AuthInfo
  63. if authInfo == nil {
  64. log.Printf("[TLS] WARNING: No auth info - connection may not be using TLS")
  65. return
  66. }
  67. tlsInfo, ok := authInfo.(credentials.TLSInfo)
  68. if !ok {
  69. log.Printf("[TLS] WARNING: Auth info is not TLS type: %T", authInfo)
  70. return
  71. }
  72. state := tlsInfo.State
  73. log.Printf("[TLS] Handshake complete: version=0x%04x (%s), cipher=0x%04x, resumed=%v",
  74. state.Version, TLSVersionName(state.Version), state.CipherSuite, state.DidResume)
  75. if state.ServerName != "" {
  76. log.Printf("[TLS] SNI server name: %s", state.ServerName)
  77. }
  78. // Log peer certificates
  79. if len(state.PeerCertificates) > 0 {
  80. log.Printf("[TLS] Peer presented %d certificate(s)", len(state.PeerCertificates))
  81. for i, cert := range state.PeerCertificates {
  82. log.Printf("[TLS] Cert %d: Subject=%s, Issuer=%s, NotBefore=%s, NotAfter=%s",
  83. i, cert.Subject, cert.Issuer, cert.NotBefore, cert.NotAfter)
  84. if len(cert.DNSNames) > 0 {
  85. log.Printf("[TLS] Cert %d: DNS names=%v", i, cert.DNSNames)
  86. }
  87. }
  88. } else {
  89. log.Printf("[TLS] WARNING: No peer certificates - mTLS may not be working")
  90. }
  91. // Log verified chains
  92. if len(state.VerifiedChains) > 0 {
  93. log.Printf("[TLS] Successfully verified %d certificate chain(s)", len(state.VerifiedChains))
  94. } else {
  95. log.Printf("[TLS] WARNING: No verified certificate chains")
  96. }
  97. }