From b70926107305e50845bddaf898b555284a045f82 Mon Sep 17 00:00:00 2001 From: orenzhang <41963680+OrenZhang@users.noreply.github.com> Date: Wed, 13 May 2026 20:19:37 +0800 Subject: [PATCH 1/2] fix(middlewares): enhance logging in LoginRequired middleware to include client IP --- internal/apps/oauth/middlewares.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/internal/apps/oauth/middlewares.go b/internal/apps/oauth/middlewares.go index a77e84a3..5ae24ca3 100644 --- a/internal/apps/oauth/middlewares.go +++ b/internal/apps/oauth/middlewares.go @@ -25,11 +25,12 @@ package oauth import ( + "net/http" + "github.com/gin-gonic/gin" "github.com/linux-do/cdk/internal/db" "github.com/linux-do/cdk/internal/logger" "github.com/linux-do/cdk/internal/otel_trace" - "net/http" ) func LoginRequired() gin.HandlerFunc { @@ -54,7 +55,7 @@ func LoginRequired() gin.HandlerFunc { } // log - logger.InfoF(ctx, "[LoginRequired] %d %s", user.ID, user.Username) + logger.InfoF(ctx, "[LoginRequired] %s %d %s", c.ClientIP(), user.ID, user.Username) // set user info SetUserToContext(c, &user) From fff55b45f68674b05df402628df55a24c5c7697f Mon Sep 17 00:00:00 2001 From: orenzhang <41963680+OrenZhang@users.noreply.github.com> Date: Wed, 13 May 2026 20:51:17 +0800 Subject: [PATCH 2/2] fix(middlewares): enhance audit logging in LoginRequired middleware with detailed request info --- internal/apps/oauth/middlewares.go | 31 ++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/internal/apps/oauth/middlewares.go b/internal/apps/oauth/middlewares.go index 5ae24ca3..4a39f9a1 100644 --- a/internal/apps/oauth/middlewares.go +++ b/internal/apps/oauth/middlewares.go @@ -25,6 +25,7 @@ package oauth import ( + "encoding/json" "net/http" "github.com/gin-gonic/gin" @@ -33,6 +34,17 @@ import ( "github.com/linux-do/cdk/internal/otel_trace" ) +type loginRequiredAuditLog struct { + UserID uint64 `json:"user_id"` + Username string `json:"username"` + ClientIP string `json:"client_ip"` + Method string `json:"method"` + Path string `json:"path"` + RequestURI string `json:"request_uri"` + UserAgent string `json:"user_agent"` + Referer string `json:"referer"` +} + func LoginRequired() gin.HandlerFunc { return func(c *gin.Context) { // init trace @@ -54,8 +66,23 @@ func LoginRequired() gin.HandlerFunc { return } - // log - logger.InfoF(ctx, "[LoginRequired] %s %d %s", c.ClientIP(), user.ID, user.Username) + auditLog := loginRequiredAuditLog{ + UserID: user.ID, + Username: user.Username, + ClientIP: c.ClientIP(), + Method: c.Request.Method, + Path: c.Request.URL.Path, + RequestURI: c.Request.RequestURI, + UserAgent: c.Request.UserAgent(), + Referer: c.Request.Referer(), + } + auditJSON, err := json.Marshal(auditLog) + if err != nil { + logger.ErrorF(ctx, "[LoginRequiredAudit] marshal failed: %v", err) + logger.InfoF(ctx, "[LoginRequiredAudit] %s %d %s", c.ClientIP(), user.ID, user.Username) + } else { + logger.InfoF(ctx, "[LoginRequiredAudit] %s", auditJSON) + } // set user info SetUserToContext(c, &user)