From b5209c57441d9e7bace28a03774d2605a6572514 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Mon, 15 Jun 2015 16:36:49 +0100 Subject: [PATCH] Create SynapseRequest that overrides __repr__ to not print access_token --- synapse/app/homeserver.py | 49 ++++++++++++++++++++++++++++++++++----- synapse/http/server.py | 14 +++-------- 2 files changed, 46 insertions(+), 17 deletions(-) diff --git a/synapse/app/homeserver.py b/synapse/app/homeserver.py index 95e9122d3e..7c1ad6bc13 100755 --- a/synapse/app/homeserver.py +++ b/synapse/app/homeserver.py @@ -63,6 +63,7 @@ import synapse import logging import os +import re import resource import subprocess @@ -433,9 +434,34 @@ class SynapseService(service.Service): return self._port.stopListening() -class XForwardedForRequest(Request): - def __init__(self, *args, **kw): +class SynapseRequest(Request): + def __init__(self, site_tag, *args, **kw): Request.__init__(self, *args, **kw) + self.site_tag = site_tag + self.authenticated_entity = None + + def __repr__(self): + # We overwrite this so that we don't log ``access_token`` + return '<%s at 0x%x method=%s uri=%s clientproto=%s site=%s>' % ( + self.__class__.__name__, + id(self), + self.method, + self.get_redacted_uri(), + self.clientproto, + self.site_tag, + ) + + def get_redacted_uri(self): + return re.sub( + r'(\?.*access_token=)[^&]*(.*)$', + r'\1\2', + self.uri + ) + + +class XForwardedForRequest(SynapseRequest): + def __init__(self, *args, **kw): + SynapseRequest.__init__(self, *args, **kw) """ Add a layer on top of another request that only uses the value of an @@ -451,8 +477,16 @@ class XForwardedForRequest(Request): b"x-forwarded-for", [b"-"])[0].split(b",")[0].strip() -def XForwardedFactory(*args, **kwargs): - return XForwardedForRequest(*args, **kwargs) +class SynapseRequestFactory(object): + def __init__(self, site_tag, x_forwarded_for): + self.site_tag = site_tag + self.x_forwarded_for = x_forwarded_for + + def __call__(self, *args, **kwargs): + if self.x_forwarded_for: + return XForwardedForRequest(self.site_tag, *args, **kwargs) + else: + return SynapseRequest(self.site_tag, *args, **kwargs) class SynapseSite(Site): @@ -462,8 +496,11 @@ class SynapseSite(Site): """ def __init__(self, logger_name, config, resource, *args, **kwargs): Site.__init__(self, resource, *args, **kwargs) - if config.get("x_forwarded", False): - self.requestFactory = XForwardedFactory + + proxied = config.get("x_forwarded", False) + self.requestFactory = SynapseRequestFactory(None, proxied) + + if proxied: self._log_formatter = proxiedLogFormatter else: self._log_formatter = combinedLogFormatter diff --git a/synapse/http/server.py b/synapse/http/server.py index e6e8a59f6c..7f8b9dbb29 100644 --- a/synapse/http/server.py +++ b/synapse/http/server.py @@ -32,7 +32,6 @@ from twisted.web.util import redirectTo import collections import logging -import re import urllib logger = logging.getLogger(__name__) @@ -83,18 +82,11 @@ def request_handler(request_handler): code = None start = self.clock.time_msec() try: - request_uri = request.uri - - # Don't log access_tokens - request_uri = re.sub( - r'(\?.*access_token=)[^&]*(.*)$', - r'\1\2', - request_uri - ) - logger.info( "%s - Received request: %s %s", - request.getClientIP(), request.method, request_uri + request.getClientIP(), + request.method, + request.get_redacted_uri() ) d = request_handler(self, request) with PreserveLoggingContext():