mirror of
https://github.com/juanfont/headscale.git
synced 2026-03-18 15:34:06 +01:00
58020696fe
Add hscontrol/util/zlog package with: - zf subpackage: field name constants for compile-time safety - SafeHostinfo: wrapper that redacts device fingerprinting data - SafeMapRequest: wrapper that redacts client endpoints The zf (zerolog fields) subpackage provides short constant names (e.g., zf.NodeID instead of inline "node.id" strings) ensuring consistent field naming across all log statements. Security considerations: - SafeHostinfo never logs: OSVersion, DeviceModel, DistroName - SafeMapRequest only logs endpoint counts, not actual IPs
32 lines
1.1 KiB
Go
32 lines
1.1 KiB
Go
// Package zlog provides zerolog utilities for safe and consistent logging.
|
|
//
|
|
// This package contains:
|
|
// - Safe wrapper types for external types (tailcfg.Hostinfo, tailcfg.MapRequest)
|
|
// that implement LogObjectMarshaler with security-conscious field redaction
|
|
//
|
|
// For field name constants, use the zf subpackage:
|
|
//
|
|
// import "github.com/juanfont/headscale/hscontrol/util/zlog/zf"
|
|
//
|
|
// # Usage Pattern: Sub-Loggers
|
|
//
|
|
// The recommended pattern is to create sub-loggers at function entry points:
|
|
//
|
|
// func (m *mapSession) serve() {
|
|
// log := log.With().
|
|
// EmbedObject(m.node).
|
|
// EmbedObject(zlog.MapRequest(&m.req)).
|
|
// Logger()
|
|
//
|
|
// log.Info().Msg("Map session started")
|
|
// log.Debug().Caller().Msg("Processing request")
|
|
// }
|
|
//
|
|
// # Security Considerations
|
|
//
|
|
// The wrapper types in this package intentionally redact sensitive information:
|
|
// - Device fingerprinting data (OS version, device model, etc.)
|
|
// - Client endpoints and IP addresses
|
|
// - Full authentication keys (only prefixes are logged)
|
|
package zlog
|