connLogInitRequest creates a new connection log session and connect log for the given request, if one does not already exist. If a connection log session already exists, it will be updated with the current timestamp. A session is used to reduce the number of connection logs created. A session is un
(w http.ResponseWriter, r *http.Request)
| 408 | // A session is unique to the agent, app, user and users IP. If any of these |
| 409 | // values change, a new session and connect log is created. |
| 410 | func (p *DBTokenProvider) connLogInitRequest(w http.ResponseWriter, r *http.Request) (aReq *connLogRequest, commit func()) { |
| 411 | // Get the status writer from the request context so we can figure |
| 412 | // out the HTTP status and autocommit the audit log. |
| 413 | sw, ok := w.(*tracing.StatusWriter) |
| 414 | if !ok { |
| 415 | panic("dev error: http.ResponseWriter is not *tracing.StatusWriter") |
| 416 | } |
| 417 | |
| 418 | aReq = &connLogRequest{ |
| 419 | time: dbtime.Now(), |
| 420 | } |
| 421 | |
| 422 | // Set the commit function on the status writer to create a connection log |
| 423 | // this ensures that the status and response body are available. |
| 424 | var committed bool |
| 425 | return aReq, func() { |
| 426 | // We want to log/audit the connection attempt even if the request context has expired. |
| 427 | ctx, cancel := context.WithCancel(p.ctx) |
| 428 | defer cancel() |
| 429 | if committed { |
| 430 | return |
| 431 | } |
| 432 | committed = true |
| 433 | |
| 434 | if aReq.dbReq == nil { |
| 435 | // App doesn't exist, there's information in the Request |
| 436 | // struct but we need UUIDs for connection logging. |
| 437 | return |
| 438 | } |
| 439 | |
| 440 | userID := uuid.Nil |
| 441 | if aReq.apiKey != nil { |
| 442 | userID = aReq.apiKey.UserID |
| 443 | } |
| 444 | userAgent := r.UserAgent() |
| 445 | ip := r.RemoteAddr |
| 446 | |
| 447 | // Approximation of the status code. |
| 448 | // #nosec G115 - Safe conversion as HTTP status code is expected to be within int32 range (typically 100-599) |
| 449 | var statusCode int32 = int32(sw.Status) |
| 450 | if statusCode == 0 { |
| 451 | statusCode = http.StatusOK |
| 452 | } |
| 453 | |
| 454 | var ( |
| 455 | connType database.ConnectionType |
| 456 | slugOrPort = aReq.dbReq.AppSlugOrPort |
| 457 | ) |
| 458 | |
| 459 | switch { |
| 460 | case aReq.dbReq.AccessMethod == AccessMethodTerminal: |
| 461 | connType = database.ConnectionTypeWorkspaceApp |
| 462 | slugOrPort = "terminal" |
| 463 | case aReq.dbReq.App.ID == uuid.Nil: |
| 464 | connType = database.ConnectionTypePortForwarding |
| 465 | default: |
| 466 | connType = database.ConnectionTypeWorkspaceApp |
| 467 | } |