~fkooman/vpn-server-api

453cda58bae0131116fbab4e4fc686d867e87ade — François Kooman 2 months ago d424a41
allow configuring the log format for log entries to syslog, also allow logging originating client IP
3 files changed, 46 insertions(+), 4 deletions(-)

M CHANGES.md
M CONFIG_CHANGES.md
M src/Api/ConnectionsModule.php
M CHANGES.md => CHANGES.md +2 -1
@@ 1,7 1,8 @@
# Changelog

## 2.2.12 (...)
- also log "originating" client IP address
- allow configuring the format of the log line written to syslog and also make
  it possible to log the client's originating IP

## 2.2.11 (2021-07-13)
- write connect/disconnect events to [syslog](https://github.com/eduvpn/documentation/blob/v2/LOGGING.md#syslog)

M CONFIG_CHANGES.md => CONFIG_CHANGES.md +9 -0
@@ 8,6 8,15 @@ This will help upgrades to a future 3.x release. Configuration changes during
the 2.x life cycle are NOT required. Any existing configuration file will keep
working!

## 2.2.12

- added `connectionLogFormat` configuration option that takes a `string`. You
  can format the string you want to generate the log line in `syslog` you like 
  for your particular situation. The default value is 
  `{{EVENT_TYPE}} {{USER_ID}} ({{PROFILE_ID}}) [{{IP_FOUR}},{{IP_SIX}}]`. If 
  you also want to log the client's originating IP address you can e.g. use 
  `{{EVENT_TYPE}} {{USER_ID}} ({{PROFILE_ID}}) [{{ORIGINATING_IP}} => {{IP_FOUR}},{{IP_SIX}}]`.
  
## 2.2.10

- the `tlsProtection` configuration option was removed. It will always be 

M src/Api/ConnectionsModule.php => src/Api/ConnectionsModule.php +35 -3
@@ 108,7 108,7 @@ class ConnectionsModule implements ServiceModuleInterface
        $connectedAt = InputValidation::connectedAt($request->requirePostParameter('connected_at'));
        $userId = $this->verifyConnection($profileId, $commonName);
        $this->storage->clientConnect($profileId, $commonName, $ip4, $ip6, new DateTime(sprintf('@%d', $connectedAt)));
        $this->logger->info(sprintf('CONNECT %s (%s) [%s => %s,%s]', $userId, $profileId, $originatingIp, $ip4, $ip6));
        $this->logger->info($this->logMessage('CONNECT', $userId, $profileId, $originatingIp, $ip4, $ip6));
    }

    /**


@@ 131,8 131,7 @@ class ConnectionsModule implements ServiceModuleInterface
        if (false !== $userCertInfo = $this->storage->getUserCertificateInfo($commonName)) {
            $userId = $userCertInfo['user_id'];
        }

        $this->logger->info(sprintf('DISCONNECT %s (%s) [%s => %s,%s]', $userId, $profileId, $originatingIp, $ip4, $ip6));
        $this->logger->info($this->logMessage('DISCONNECT', $userId, $profileId, $originatingIp, $ip4, $ip6));
    }

    /**


@@ 194,6 193,39 @@ class ConnectionsModule implements ServiceModuleInterface
    }

    /**
     * @param string $eventType
     * @param string $userId
     * @param string $profileId
     * @param string $originatingIp
     * @param string $ipFour
     * @param string $ipSix
     *
     * @return string
     */
    private function logMessage($eventType, $userId, $profileId, $originatingIp, $ipFour, $ipSix)
    {
        return str_replace(
            [
                '{{EVENT_TYPE}}',
                '{{USER_ID}}',
                '{{PROFILE_ID}}',
                '{{ORIGINATING_IP}}',
                '{{IP_FOUR}}',
                '{{IP_SIX}}',
            ],
            [
                $eventType,
                $userId,
                $profileId,
                $originatingIp,
                $ipFour,
                $ipSix,
            ],
            $this->config->requireString('connectionLogFormat', '{{EVENT_TYPE}} {{USER_ID}} ({{PROFILE_ID}}) [{{IP_FOUR}},{{IP_SIX}}]')
        );
    }

    /**
     * @return bool
     */
    private static function hasPermission(array $userPermissionList, array $aclPermissionList)