Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve logging from webhook #42

Merged
merged 1 commit into from
Feb 13, 2025
Merged

Improve logging from webhook #42

merged 1 commit into from
Feb 13, 2025

Conversation

QuLogic
Copy link
Member

@QuLogic QuLogic commented Feb 13, 2025

When an error occurs in the webhook (either with itself or due to invalid input), it returns a 4xx/5xx and some error text. For security reasons, Caddy reduces all of these results to a simple 400/503. Since aiohttp only logs the response code, and Caddy only logs admin problems, this information was lost.

We don't really do anything with access logs, so just enable them only for the errors.

Note this is already deployed, and if I request something invalid:

$ http POST https://do.matplotlib.org/gh/matplotlib.github.com \
    Content-Type:application/json \
    User-Agent:GitHub-Hookshot/foo \
    X-GitHub-Event:push \
    X-GitHub-Delivery:foo \
    X-Hub-Signature-256:bar \
    -v < /dev/null

then in the Caddy journal, we get:

Feb 13 09:15:54 mercury.matplotlib.org caddy[464235]: {
  "level": "info",
  "ts": 1739438154.6256573,
  "logger": "http.log.access.errors",
  "msg": "handled request",
  "request": {
    "remote_ip": "...",
    "remote_port": "63586",
    "client_ip": "...",
    "proto": "HTTP/2.0",
    "method": "POST",
    "host": "do.matplotlib.org",
    "uri": "/gh/matplotlib.github.com",
    "headers": {
      "Cf-Visitor": ["{\"scheme\":\"https\"}"],
      "Cdn-Loop": ["cloudflare; loops=1"],
      "Cf-Ray": ["..."],
      "Cf-Ipcountry": ["CA"],
      "Content-Length": ["0"],
      "X-Github-Event": ["push"],
      "Cf-Connecting-Ip": ["..."],
      "Accept-Encoding": ["gzip, br"],
      "X-Hub-Signature-256": ["bar"],
      "X-Github-Delivery": ["foo"],
      "Content-Type": ["application/json"],
      "Accept": ["application/json, */*;q=0.5"],
      "User-Agent": ["GitHub-Hookshot/foo"],
      "X-Forwarded-For": ["..."],
      "X-Forwarded-Proto": ["https"]
    },
    "tls": {
      "resumed": false,
      "version": 772,
      "proto": "h2",
      "server_name": "do.matplotlib.org"
    }
  },
  "bytes_read": 0,
  "user_id": "",
  "duration": 0.232858129,
  "size": 0,
  "status": 400,
  "resp_headers": {
    "Server": ["Caddy"],
    "Alt-Svc": ["h3=\":443\"; ma=2592000"]
  },
  "api_error_text": "400 foo: webhook signature was invalid",
  "api_error_code": 400
}

@QuLogic
Improve logging from webhook
76760f1 
When an error occurs in the webhook (either with itself or due to
invalid input), it returns a 4xx/5xx and some error text. For security
reasons, Caddy reduces all of these results to a simple 400/503. Since
aiohttp only logs the response code, and Caddy only logs admin problems,
this information was lost.

We don't really do anything with access logs, so just enable them only
for the errors.
@tacaswell tacaswell merged commit 471195e into matplotlib:main Feb 13, 2025
4 checks passed
@QuLogic QuLogic deleted the webhook-log branch February 13, 2025 20:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tacaswell tacaswell tacaswell approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@QuLogic @tacaswell