From 5a21753aa202ea26d7081302d8ac2367ddfe890e Mon Sep 17 00:00:00 2001 From: Hector van der Aa <103751865+H3ct0r55@users.noreply.github.com> Date: Mon, 1 Dec 2025 23:53:46 +0100 Subject: [PATCH] Improve authentication logging and error context --- src/backend/src/auth/mod.rs | 4 ++-- src/backend/src/core/user_routines.rs | 8 +++++--- src/backend/src/router/middleware.rs | 15 ++++++++++++--- 3 files changed, 19 insertions(+), 8 deletions(-) diff --git a/src/backend/src/auth/mod.rs b/src/backend/src/auth/mod.rs index 1acac03..e20fb53 100644 --- a/src/backend/src/auth/mod.rs +++ b/src/backend/src/auth/mod.rs @@ -47,7 +47,7 @@ pub fn gen_jwt(username: String) -> Result { &EncodingKey::from_secret(secret.as_ref()), ) .map_err(|e| { - error!("Failed to create JWT: {}", e); + error!(error = %e, username = claim.username, "create jwt failed"); return StatusCode::INTERNAL_SERVER_ERROR; }) } @@ -60,7 +60,7 @@ pub fn verify_jwt(token: String) -> Result, StatusCode> { &Validation::default(), ) .map_err(|e| { - error!("Failed to verify JWT: {}", e); + error!(error = %e, "verify jwt failed"); return StatusCode::INTERNAL_SERVER_ERROR; }); result diff --git a/src/backend/src/core/user_routines.rs b/src/backend/src/core/user_routines.rs index 6505e26..fb0714d 100644 --- a/src/backend/src/core/user_routines.rs +++ b/src/backend/src/core/user_routines.rs @@ -18,10 +18,12 @@ use crate::{ }; pub async fn login(state: Arc, login_data: LoginData) -> Result { + debug!(username = login_data.username.as_str(), "login started"); + let user = db::user::get_by_username(&state.db_pool, &login_data.username) .await .map_err(|e| { - error!("Failed fetching user during login: {}", e); + error!(error = %e, username = login_data.username.as_str(), "fetch user during login failed"); return StatusCode::INTERNAL_SERVER_ERROR; })?; let user = match user { @@ -30,7 +32,7 @@ pub async fn login(state: Arc, login_data: LoginData) -> Result, login_data: LoginData) -> Result Result { + let request_method = req.method().clone(); + let request_path = req.uri().path().to_string(); + + debug!(method = ?request_method, path = request_path, "authenticate request started"); + // 1) Extract Authorization header let auth_header = req .headers() @@ -25,7 +30,7 @@ pub async fn auth( .ok_or(StatusCode::FORBIDDEN)?; // no header at all let auth_header = auth_header.to_str().map_err(|e| { - error!("Failed to parse Authorization header: {}", e); + error!(error = %e, method = ?request_method, path = request_path, "authorization header parse failed"); StatusCode::FORBIDDEN })?; @@ -35,6 +40,7 @@ pub async fn auth( (Some(scheme), Some(token)) if scheme.eq_ignore_ascii_case("bearer") => (scheme, token), _ => { // either wrong scheme or missing token + warn!(method = ?request_method, path = request_path, "authorization header missing bearer token"); return Err(StatusCode::UNAUTHORIZED); } }; @@ -47,11 +53,14 @@ pub async fn auth( let current_user = match user_routines::get_by_username(state, username) .await .map_err(|e| { - error!("Error when fetching user via routine: {}", e); + error!(error = %e, method = ?request_method, path = request_path, username, "fetch user for auth failed"); return StatusCode::INTERNAL_SERVER_ERROR; })? { Some(user) => user, - None => return Err(StatusCode::INTERNAL_SERVER_ERROR), + None => { + error!(method = ?request_method, path = request_path, username, "authenticated user missing in database"); + return Err(StatusCode::INTERNAL_SERVER_ERROR); + } }; // 5) Attach user to request extensions so handlers can grab it req.extensions_mut().insert(current_user);