From 76760f1d2bbb711d65fe6f2c63f6b14a7921fb02 Mon Sep 17 00:00:00 2001
From: Elliott Sales de Andrade <quantum.analyst@gmail.com>
Date: Thu, 13 Feb 2025 05:24:05 -0500
Subject: [PATCH] Improve logging from webhook

When an error occurs in the webhook (either with itself or due to
invalid input), it returns a 4xx/5xx and some error text. For security
reasons, Caddy reduces all of these results to a simple 400/503. Since
aiohttp only logs the response code, and Caddy only logs admin problems,
this information was lost.

We don't really do anything with access logs, so just enable them only
for the errors.
---
 templates/Caddyfile.j2 | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/templates/Caddyfile.j2 b/templates/Caddyfile.j2
index fcb7624..08a4e59 100644
--- a/templates/Caddyfile.j2
+++ b/templates/Caddyfile.j2
@@ -22,6 +22,15 @@ https://{{ caddy.addresses.webhook }} {
 http://{{ caddy.addresses.webhook }} {
 {% endif %}
 
+	# Include access logs when an error occurs, since we mask any internal errors
+	# from escaping to the outside world, but otherwise don't log.
+	log {
+		output discard
+	}
+	log errors {
+		no_hostname
+	}
+
 	root * {{ caddy.site_dir }}
 
 	# https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#delivery-headers
@@ -41,6 +50,9 @@ http://{{ caddy.addresses.webhook }} {
 			# Don't leak out internal problems.
 			@error status 4xx 5xx
 			handle_response @error {
+				log_name errors
+				log_append api_error_code {rp.status_code}
+				log_append api_error_text {rp.status_text}
 				error 400
 			}
 		}
@@ -51,6 +63,9 @@ http://{{ caddy.addresses.webhook }} {
 			# Don't leak out internal problems.
 			@error status 4xx 5xx
 			handle_response @error {
+				log_name errors
+				log_append api_error_code {rp.status_code}
+				log_append api_error_text {rp.status_text}
 				error 503
 			}
 		}