Log auth failures and failing requests

hasura · Nov 6, 2023 · e7fc40f · e7fc40f
1 parent 5b8761b
commit e7fc40f
Showing 1 changed file with 64 additions and 5 deletions.
diff --git a/rust-connector-sdk/src/default_main.rs b/rust-connector-sdk/src/default_main.rs
@@ -287,6 +287,21 @@ where
         .route("/query", post(post_query::<C>))
         .route("/explain", post(post_explain::<C>))
         .route("/mutation", post(post_mutation::<C>))
+        .layer(
+            TraceLayer::new_for_http()
+                .make_span_with(make_span)
+                .on_response(on_response)
+                .on_failure(|err, _dur, _span: &tracing::Span| {
+                    tracing::error!(
+                        meta.signal_type = "log",
+                        event.domain = "ndc",
+                        event.name = "Request failure",
+                        name = "Request failure",
+                        body = %err,
+                        error = true,
+                    )
+                }),
+        )
         .with_state(state);
 
     let expected_auth_header: Option<HeaderValue> =
@@ -310,13 +325,24 @@ where
                 if auth_header == expected_auth_header {
                     return Ok(());
                 }
+
+                let message = "Bearer token does not match.".to_string();
+
+                tracing::error!(
+                    meta.signal_type = "log",
+                    event.domain = "ndc",
+                    event.name = "Authorization error",
+                    name = "Authorization error",
+                    body = message,
+                    error = true,
+                );
                 Err((
                     StatusCode::UNAUTHORIZED,
                     Json(ErrorResponse {
                         message: "Internal error".into(),
                         details: serde_json::Value::Object(serde_json::Map::from_iter([(
                             "cause".into(),
-                            serde_json::Value::String("Bearer token does not match.".to_string()),
+                            serde_json::Value::String(message),
                         )])),
                     }),
                 )
@@ -362,15 +388,23 @@ where
                     Ok(())
                 } else {
                     // all other cases, block request
+                    let message = "Service Token Secret does not match.".to_string();
+
+                    tracing::error!(
+                        meta.signal_type = "log",
+                        event.domain = "ndc",
+                        event.name = "Authorization error",
+                        name = "Authorization error",
+                        body = message,
+                        error = true,
+                    );
                     Err((
                         StatusCode::UNAUTHORIZED,
                         Json(ErrorResponse {
                             message: "Internal error".into(),
                             details: serde_json::Value::Object(serde_json::Map::from_iter([(
                                 "cause".into(),
-                                serde_json::Value::String(
-                                    "Service Token Secret does not match.".to_string(),
-                                ),
+                                serde_json::Value::String(message),
                             )])),
                         }),
                     )
@@ -381,6 +415,21 @@ where
         // capabilities and health endpoints are exempt from auth requirements
         .route("/capabilities", get(v2_compat::get_capabilities::<C>))
         .route("/health", get(v2_compat::get_health))
+        .layer(
+            TraceLayer::new_for_http()
+                .make_span_with(make_span)
+                .on_response(on_response)
+                .on_failure(|err, _dur, _span: &_| {
+                    tracing::error!(
+                        meta.signal_type = "log",
+                        event.domain = "ndc",
+                        event.name = "Request failure",
+                        name = "Request failure",
+                        body = %err,
+                        error = true,
+                    );
+                }),
+        )
         .with_state(state)
 }
 
@@ -476,7 +525,17 @@ where
         .layer(
             TraceLayer::new_for_http()
                 .make_span_with(make_span)
-                .on_response(on_response),
+                .on_response(on_response)
+                .on_failure(|err, _dur, _span: &_| {
+                    tracing::error!(
+                        meta.signal_type = "log",
+                        event.domain = "ndc",
+                        event.name = "Request failure",
+                        name = "Request failure",
+                        body = %err,
+                        error = true,
+                    );
+                }),
         )
         .layer(cors);