tech/sendico
2
0
Fork 0
Code Issues 32 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

improved logging in callbacks

Browse Source
This commit is contained in:
Stephan D
2026-03-03 00:26:51 +01:00
parent 4b57550c36
commit b10ec79fe0
5 changed files with 129 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
api/edge/callbacks/internal/security/service.go
View File

@@ -10,9 +10,12 @@ import (
"time"
"github.com/tech/sendico/pkg/merrors"
"github.com/tech/sendico/pkg/mlogger"
"go.uber.org/zap"
)
type service struct {
logger mlogger.Logger
requireHTTPS bool
allowedHosts map[string]struct{}
allowedPorts map[int]struct{}
@@ -21,7 +24,11 @@ type service struct {
}
// New creates URL validator.
func New(cfg Config) Validator {
func New(logger mlogger.Logger, cfg Config) Validator {
if logger == nil {
logger = zap.NewNop()
}
hosts := make(map[string]struct{}, len(cfg.AllowedHosts))
for _, host := range cfg.AllowedHosts {
h := strings.ToLower(strings.TrimSpace(host))
@@ -43,6 +50,7 @@ func New(cfg Config) Validator {
}
return &service{
logger: logger.Named("security"),
requireHTTPS: cfg.RequireHTTPS,
allowedHosts: hosts,
allowedPorts: ports,
@@ -54,24 +62,33 @@ func New(cfg Config) Validator {
func (s *service) ValidateURL(ctx context.Context, target string) error {
parsed, err := url.Parse(strings.TrimSpace(target))
if err != nil {
s.logger.Warn("Failed to parse callback URL", zap.Error(err))
return merrors.InvalidArgumentWrap(err, "invalid callback URL", "url")
}
if parsed == nil || parsed.Host == "" {
s.logger.Warn("Callback URL host is required")
return merrors.InvalidArgument("callback URL host is required", "url")
}
if parsed.User != nil {
s.logger.Warn("Rejected callback URL with credentials", zap.String("host", parsed.Hostname()))
return merrors.InvalidArgument("callback URL credentials are not allowed", "url")
}
if s.requireHTTPS && !strings.EqualFold(parsed.Scheme, "https") {
s.logger.Warn("Rejected callback URL due to non-https scheme",
zap.String("scheme", parsed.Scheme),
zap.String("host", parsed.Hostname()),
)
return merrors.InvalidArgument("callback URL must use HTTPS", "url")
}
host := strings.ToLower(strings.TrimSpace(parsed.Hostname()))
if host == "" {
s.logger.Warn("Callback URL host is empty")
return merrors.InvalidArgument("callback URL host is empty", "url")
}
if len(s.allowedHosts) > 0 {
if _, ok := s.allowedHosts[host]; !ok {
s.logger.Warn("Rejected callback host not present in allowlist", zap.String("host", host))
return merrors.InvalidArgument("callback host is not in allowlist", "url.host")
}
}
@@ -82,12 +99,20 @@ func (s *service) ValidateURL(ctx context.Context, target string) error {
}
if len(s.allowedPorts) > 0 {
if _, ok := s.allowedPorts[port]; !ok {
s.logger.Warn("Rejected callback URL port not present in allowlist",
zap.String("host", host),
zap.Int("port", port),
)
return merrors.InvalidArgument("callback URL port is not allowed", "url.port")
}
}
if addr, addrErr := netip.ParseAddr(host); addrErr == nil {
if isBlocked(addr) {
s.logger.Warn("Rejected callback URL with blocked IP address",
zap.String("host", host),
zap.String("ip", addr.String()),
)
return merrors.InvalidArgument("callback URL resolves to blocked IP range", "url")
}
return nil
@@ -102,9 +127,11 @@ func (s *service) ValidateURL(ctx context.Context, target string) error {
ips, err := s.resolver.LookupIPAddr(lookupCtx, host)
if err != nil {
s.logger.Warn("Failed to resolve callback host", zap.String("host", host), zap.Error(err))
return merrors.InternalWrap(err, "failed to resolve callback host")
}
if len(ips) == 0 {
s.logger.Warn("Callback host did not resolve", zap.String("host", host))
return merrors.InvalidArgument("callback host did not resolve", "url.host")
}
for _, ip := range ips {
@@ -113,6 +140,10 @@ func (s *service) ValidateURL(ctx context.Context, target string) error {
}
addr, ok := netip.AddrFromSlice(ip.IP)
if ok && isBlocked(addr) {
s.logger.Warn("Rejected callback URL resolving to blocked IP address",
zap.String("host", host),
zap.String("ip", addr.String()),
)
return merrors.InvalidArgument("callback URL resolves to blocked IP range", "url.host")
}
}