Add HTTP signature keyId to request log (#11591)

2019-08-18 18:03:56 +02:00 · 2019-08-18 18:03:56 +02:00 · 1bc077dc74
parent 2b4e2616ea
commit 1bc077dc74
2 changed files with 20 additions and 1 deletions
--- a/app/controllers/concerns/signature_verification.rb
+++ b/app/controllers/concerns/signature_verification.rb
@ -23,6 +23,19 @@ module SignatureVerification
    @signature_verification_failure_code || 401
  end

+  def signature_key_id
+    raw_signature    = request.headers['Signature']
+    signature_params = {}
+
+    raw_signature.split(',').each do |part|
+      parsed_parts = part.match(/([a-z]+)="([^"]+)"/i)
+      next if parsed_parts.nil? || parsed_parts.size != 3
+      signature_params[parsed_parts[1]] = parsed_parts[2]
+    end
+
+    signature_params['keyId']
+  end
+
  def signed_request_account
    return @signed_request_account if defined?(@signed_request_account)

@ -154,7 +167,7 @@ module SignatureVerification
      .with_fallback { nil }
      .with_threshold(1)
      .with_cool_off_time(5.minutes.seconds)
-      .with_error_handler { |error, handle| error.is_a?(HTTP::Error) ? handle.call(error) : raise(error) }
+      .with_error_handler { |error, handle| error.is_a?(HTTP::Error) || error.is_a?(OpenSSL::SSL::SSLError) ? handle.call(error) : raise(error) }
      .run
  end

--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@ -71,6 +71,12 @@ Rails.application.configure do
  # Better log formatting
  config.lograge.enabled = true

+  config.lograge.custom_payload do |controller|
+    if controller.respond_to?(:signed_request?) && controller.signed_request?
+      { key: controller.signature_key_id }
+    end
+  end
+
  # Do not dump schema after migrations.
  config.active_record.dump_schema_after_migration = false