fixup! CLDSRV-750: add Server Access Logs

Author: leif-scality

lib/Config.js

@@ -575,7 +575,7 @@ function parseIntegrityChecks(config) {
 }
 
 function parseServerAccessLogs(config) {
-    let res = {
+    const res = {
         enabled: true,
         outputFile: './logs/server-access.log',
     };

lib/metadata/metadataUtils.js

@@ -10,6 +10,22 @@ const { onlyOwnerAllowed } = require('../../constants');
 const { actionNeedQuotaCheck, actionWithDataDeletion } = require('arsenal/build/lib/policyEvaluator/RequestContext');
 const { processBytesToWrite, validateQuotas } = require('../api/apiUtils/quotas/quotaUtils');
 
+function storeServerAccessLogInfo(request, authInfo, bucket) {
+    if (request &&
+        authInfo &&
+        bucket &&
+        bucket.getBucketLoggingStatus() &&
+        bucket.getBucketLoggingStatus().getLoggingEnabled()) {
+        /* eslint-disable no-param-reassign */
+        request.serverAccessLog.enabled = true;
+        request.serverAccessLog.bucketOwner = bucket.getOwner();
+        request.serverAccessLog.bucketName = bucket.getName();
+        request.serverAccessLog.authInfo = authInfo;
+        request.serverAccessLog.loggingEnabled = bucket.getBucketLoggingStatus().getLoggingEnabled();
+        /* eslint-enable no-param-reassign */
+    }
+}
+
 /** getNullVersionFromMaster - retrieves the null version
  * metadata via retrieving the master key
  *
@@ -274,14 +290,7 @@ function standardMetadataValidateBucketAndObj(params, actionImplicitDenies, log,
                 contentLength, withVersionId, log, err => next(err, bucket, objMD));
         },
     ], (err, bucket, objMD) => {
-        if (bucket.getBucketLoggingStatus() && bucket.getBucketLoggingStatus().getLoggingEnabled()) {
-            request.serverAccessLog.enabled = true;
-            request.serverAccessLog.bucketOwner = bucket.getOwner();
-            request.serverAccessLog.bucketName = bucketName;
-            request.serverAccessLog.authInfo = authInfo;
-            request.serverAccessLog.loggingEnabled = bucket.getBucketLoggingStatus().getLoggingEnabled();
-        }
-
+        storeServerAccessLogInfo(request, authInfo, bucket);
         if (err) {
             // still return bucket for cors headers
             return callback(err, bucket);
@@ -304,6 +313,7 @@ function standardMetadataValidateBucketAndObj(params, actionImplicitDenies, log,
 function standardMetadataValidateBucket(params, actionImplicitDenies, log, callback) {
     const { bucketName } = params;
     return metadata.getBucket(bucketName, log, (err, bucket) => {
+        storeServerAccessLogInfo(params.request, params.authInfo, bucket);
         if (err) {
             // if some implicit actionImplicitDenies, return AccessDenied before
             // leaking any state information
@@ -314,14 +324,6 @@ function standardMetadataValidateBucket(params, actionImplicitDenies, log, callb
             return callback(err);
         }
         const validationError = validateBucket(bucket, params, log, actionImplicitDenies);
-        if (bucket.getBucketLoggingStatus() && bucket.getBucketLoggingStatus().getLoggingEnabled()) {
-            params.request.serverAccessLog.enabled = true;
-            params.request.serverAccessLog.bucketOwner = bucket.getOwner();
-            params.request.serverAccessLog.bucketName = bucketName;
-            params.request.serverAccessLog.authInfo = params.authInfo;
-            params.request.serverAccessLog.authInfo = params.authInfo;
-            params.request.serverAccessLog.loggingEnabled = bucket.getBucketLoggingStatus().getLoggingEnabled();
-        }
         return callback(validationError, bucket);
     });
 }

lib/server.js

@@ -123,13 +123,16 @@ class S3Server {
         monitoringClient.httpActiveRequests.inc();
         const requestStartTime = process.hrtime.bigint();
 
+        // eslint-disable-next-line no-param-reassign
         req.serverAccessLog = {
             enabled: false,
             startTime: requestStartTime,
         };
+        // eslint-disable-next-line no-param-reassign
         res.serverAccessLog = {};
 
         res.on('finish', () => {
+            // eslint-disable-next-line no-param-reassign
             req.serverAccessLog.endTime = process.hrtime.bigint();
             logServerAccess(req.serverAccessLog, req, res);
         });

lib/utilities/serverAccesssLogger.js

@@ -2,13 +2,14 @@ const { Werelogs } = require('werelogs');
 const { config } = require('../Config');
 const fs = require('fs');
 const path = require('path');
+const logger = require('./utilities/logger');
 
 const DEFAULT_OUTPUT_FILE = './logs/api-operations.log';
 const SERVER_ACCESS_LOG_FORMAT_VERSION = '0';
 
 function createServerAccessLogger() {
     if (!config.serverAccessLogs || !config.serverAccessLogs.enabled) {
-        console.warn("ServerAccessLogs disabled returning no-op logger");
+        logger.warn('ServerAccessLogs disabled returning no-op logger');
         return {
             info: () => { },
             debug: () => { },
@@ -28,10 +29,10 @@ function createServerAccessLogger() {
             fs.mkdirSync(logDir, { recursive: true });
         }
     } catch (error) {
-        // Fall back to console-only logging if directory creation fails
-        console.warn('Failed to create ServerAccess log directory, falling back to console logging:', error.message);
+        // Fall back to logger-only logging if directory creation fails
+        logger.warn('Failed to create ServerAccess log directory, falling back to console logging:', error.message);
 
-        let apiWerelogs = new Werelogs({
+        const apiWerelogs = new Werelogs({
             level: config.serverAccessLogs.logLevel || 'info',
             dump: config.serverAccessLogs.dumpLevel || 'error',
             streams: [
@@ -47,16 +48,16 @@ function createServerAccessLogger() {
 
     // Handle stream errors
     serverAccessLogStream.on('error', error => {
-        console.error('ServerAccessLogger log file stream error:', error);
+        logger.error('ServerAccessLogger log file stream error:', error);
     });
 
     // Create the API-specific Werelogs instance - file output only
-    apiWerelogs = new Werelogs({
+    const apiWerelogs = new Werelogs({
         level: config.serverAccessLogs.logLevel || 'info',
         dump: config.serverAccessLogs.dumpLevel || 'error',
         streams: [{ level: 'trace', stream: serverAccessLogStream }]
     });
-    console.info("ServerAccessLogger created successfully");
+    logger.info('ServerAccessLogger created successfully');
     return new apiWerelogs.Logger('ServerAccessLogger');
 }
 
@@ -73,14 +74,14 @@ var serverAccessLogger = {
 try {
     serverAccessLogger = createServerAccessLogger();
 } catch (error) {
-    console.error('Failed to create ServiceAccessLogger, using no-op logger:', error);
+    logger.error('Failed to create ServiceAccessLogger, using no-op logger:', error);
 }
 
 function getRemoteIPFromRequest(request) {
     let remoteIP = null;
     if (request.headers) {
         // Check for forwarded IP headers (proxy/load balancer scenarios)
-        headerRemoteIP = request.headers['x-forwarded-for'] ||
+        const headerRemoteIP = request.headers['x-forwarded-for'] ||
             request.headers['x-real-ip'] ||
             request.headers['x-client-ip'] ||
             request.headers['cf-connecting-ip']; // Cloudflare
@@ -93,7 +94,7 @@ function getRemoteIPFromRequest(request) {
 
     // Fallback to connection remote address if no forwarded headers
     if (!remoteIP) {
-        connIP = (request.connection && request.connection.remoteAddress) ||
+        const connIP = (request.connection && request.connection.remoteAddress) ||
             (request.socket && request.socket.remoteAddress) ||
             (request.ip);
         if (connIP) {
@@ -175,11 +176,11 @@ function getOperation(req) {
         // 'websiteHead': '',
     });
 
-    return `REST.${req.method}.${methodToResType[req.apiMethod] ? methodToResType[req.apiMethod] : 'UNKNOWN'}`
+    return `REST.${req.method}.${methodToResType[req.apiMethod] ? methodToResType[req.apiMethod] : 'UNKNOWN'}`;
 }
 
 function getRequester(authInfo) {
-    let requester = null;
+    const requester = null;
     if (authInfo) {
         if (authInfo.isRequesterPublicUser && authInfo.isRequesterPublicUser()) {
             return requester; // Unauthenticated requests
@@ -220,12 +221,12 @@ function getObjectSize(request, response) {
     // If it is a PUT get the Content-Length from the request, if it is a GET get it from the response.
     if (request && response && objectSizeGetMethods[request.apiMethod]) {
         const len = response.getHeader('Content-Length');
-        return len ? len : null;
+        return len || null;
     }
 
     if (request && objectSizePutMethods[request.apiMethod]) {
         const len = request.getHeader('Content-Length');
-        return len ? len : null;
+        return len || null;
     }
 
     return null;
@@ -237,15 +238,15 @@ function getBytesSent(res) {
     }
 
     const len = res.getHeader('Content-Length');
-    return len ? len : null;
+    return len || null;
 }
 
 function calculateTotalTime(startTime, endTime) {
     if (!startTime || !endTime) {
         return null;
     }
 
-    return ((endTime - startTime) / 1_000_000n).toString()
+    return ((endTime - startTime) / 1_000_000n).toString();
 }
 
 function calculateTurnAroundTime(startTurnAroundTime, endTurnAroundTime) {
@@ -257,9 +258,9 @@ function calculateTurnAroundTime(startTurnAroundTime, endTurnAroundTime) {
 }
 
 function logServerAccess(params, req, res) {
-    params.errorCode = res.serverAccessLog.errorCode;
-    params.endTurnAroundTime = res.serverAccessLog.endTurnAroundTime;
-    params.requestID = res.serverAccessLog.requestID;
+    const errorCode = res.serverAccessLog.errorCode;
+    const endTurnAroundTime = res.serverAccessLog.endTurnAroundTime;
+    const requestID = res.serverAccessLog.requestID;
     const authInfo = params.authInfo;
 
     serverAccessLogger.info('SERVER_ACCESS_LOG', {
@@ -269,15 +270,16 @@ function logServerAccess(params, req, res) {
         startTime: params.startTime ? params.startTime.toString() : null,
         remoteIP: getRemoteIPFromRequest(req),
         requester: getRequester(authInfo),
-        req_id: params.requestID ? params.requestID : null, // requestID in AWS
+        // eslint-disable-next-line camelcase
+        req_id: requestID || null, // requestID in AWS
         operation: getOperation(req),
         requestURI: getURI(req),
         HTTPStatus: res.statusCode ? res.statusCode : null,
-        errorCode: params.errorCode ? params.errorCode : null,
+        errorCode: errorCode || null,
         bytesSent: getBytesSent(res),
         objectSize: getObjectSize(req, res),
         totalTime: calculateTotalTime(params.startTime, params.endTime),
-        turnAroundTime: calculateTurnAroundTime(params.startTurnAroundTime, params.endTurnAroundTime),
+        turnAroundTime: calculateTurnAroundTime(params.startTurnAroundTime, endTurnAroundTime),
         referer: req.headers.referer ? req.headers.referer : null,
         userAgent: req.headers['user-agent'] ? req.headers['user-agent'] : null,
         versionID: req.query.versionId ? req.query.versionId : null, // query inserted by arsenal.
@@ -297,8 +299,9 @@ function logServerAccess(params, req, res) {
         loggingTargetBucket: params.loggingEnabled ? params.loggingEnabled.TargetBucket : null,
         loggingTargetPrefix: params.loggingEnabled ? params.loggingEnabled.TargetPrefix : null,
         raftSessionID: null,
+        // eslint-disable-next-line camelcase
         aws_access_key_id: authInfo ? authInfo.getAccessKey() : null,
-    })
+    });
 }
 
 module.exports = {