Add logging

mocsharp · mocsharp · commit 315248bc8b10 · 2022-12-01T09:43:49.000-08:00
Signed-off-by: Victor Chang &lt;vicchang@nvidia.com&gt;
diff --git a/src/Authentication/Logging.cs b/src/Authentication/Logging.cs
@@ -20,7 +20,13 @@ namespace Monai.Deploy.WorkflowManager.Logging
 {
     public static partial class Log
     {
-        [LoggerMessage(EventId = 500000, Level = LogLevel.Information, Message = "BYpass authentication.")]
+        [LoggerMessage(EventId = 500000, Level = LogLevel.Information, Message = "Bypass authentication.")]
         public static partial void BypassAuthentication(this ILogger logger);
+
+        [LoggerMessage(EventId = 500001, Level = LogLevel.Debug, Message = "User '{user}' attempting to access controller '{controller}'.")]
+        public static partial void UserAccessingController(this ILogger logger, string? user, string controller);
+
+        [LoggerMessage(EventId = 500002, Level = LogLevel.Debug, Message = "User '{user}' access denied due to allowed permissions: '{permissions}'.")]
+        public static partial void UserAccessDenied(this ILogger logger, string? user, string? permissions);
     }
 }
diff --git a/src/Authentication/Middleware/EndpointAuthorizationMiddleware.cs b/src/Authentication/Middleware/EndpointAuthorizationMiddleware.cs
@@ -21,6 +21,7 @@
 using Microsoft.Extensions.Options;
 using Monai.Deploy.Security.Authentication.Configurations;
 using Monai.Deploy.Security.Authentication.Extensions;
+using Monai.Deploy.WorkflowManager.Logging;
 
 namespace Monai.Deploy.Security.Authentication.Middleware
 {
@@ -54,11 +55,13 @@ public async Task InvokeAsync(HttpContext httpcontext)
             {
                 if (httpcontext.GetRouteValue("controller") is string controller)
                 {
+                    _logger.UserAccessingController(httpcontext.User.Identity.Name, controller);
                     var validEndpoints = httpcontext.GetValidEndpoints(_options.Value.OpenId!.Claims!.RequiredAdminClaims!, _options.Value.OpenId!.Claims!.RequiredUserClaims!);
                     var result = validEndpoints.Any(e => e.Equals(controller, StringComparison.InvariantCultureIgnoreCase)) || validEndpoints.Contains("all");
 
                     if (result is false)
                     {
+                        _logger.UserAccessDenied(httpcontext.User.Identity.Name, string.Join(',', validEndpoints));
                         httpcontext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
 
                         await httpcontext.Response.CompleteAsync().ConfigureAwait(false);

Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,13 @@ namespace Monai.Deploy.WorkflowManager.Logging`
`20`	`20`	`{`
`21`	`21`	`public static partial class Log`
`22`	`22`	`{`
`23`		`- [LoggerMessage(EventId = 500000, Level = LogLevel.Information, Message = "BYpass authentication.")]`
	`23`	`+ [LoggerMessage(EventId = 500000, Level = LogLevel.Information, Message = "Bypass authentication.")]`
`24`	`24`	`public static partial void BypassAuthentication(this ILogger logger);`
	`25`	`+`
	`26`	`+ [LoggerMessage(EventId = 500001, Level = LogLevel.Debug, Message = "User '{user}' attempting to access controller '{controller}'.")]`
	`27`	`+ public static partial void UserAccessingController(this ILogger logger, string? user, string controller);`
	`28`	`+`
	`29`	`+ [LoggerMessage(EventId = 500002, Level = LogLevel.Debug, Message = "User '{user}' access denied due to allowed permissions: '{permissions}'.")]`
	`30`	`+ public static partial void UserAccessDenied(this ILogger logger, string? user, string? permissions);`
`25`	`31`	`}`
`26`	`32`	`}`
Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,7 @@`
`21`	`21`	`using Microsoft.Extensions.Options;`
`22`	`22`	`using Monai.Deploy.Security.Authentication.Configurations;`
`23`	`23`	`using Monai.Deploy.Security.Authentication.Extensions;`
	`24`	`+using Monai.Deploy.WorkflowManager.Logging;`
`24`	`25`
`25`	`26`	`namespace Monai.Deploy.Security.Authentication.Middleware`
`26`	`27`	`{`
`@@ -54,11 +55,13 @@ public async Task InvokeAsync(HttpContext httpcontext)`
`54`	`55`	`{`
`55`	`56`	`if (httpcontext.GetRouteValue("controller") is string controller)`
`56`	`57`	`{`
	`58`	`+ _logger.UserAccessingController(httpcontext.User.Identity.Name, controller);`
`57`	`59`	`var validEndpoints = httpcontext.GetValidEndpoints(_options.Value.OpenId!.Claims!.RequiredAdminClaims!, _options.Value.OpenId!.Claims!.RequiredUserClaims!);`
`58`	`60`	`var result = validEndpoints.Any(e => e.Equals(controller, StringComparison.InvariantCultureIgnoreCase)) \|\| validEndpoints.Contains("all");`
`59`	`61`
`60`	`62`	`if (result is false)`
`61`	`63`	`{`
	`64`	`+ _logger.UserAccessDenied(httpcontext.User.Identity.Name, string.Join(',', validEndpoints));`
`62`	`65`	`httpcontext.Response.StatusCode = (int)HttpStatusCode.Forbidden;`
`63`	`66`
`64`	`67`	`await httpcontext.Response.CompleteAsync().ConfigureAwait(false);`