Skip to content
This repository was archived by the owner on Jan 16, 2024. It is now read-only.

Commit f10d6d2

Browse files
BojanZelicBojanZelic
committed
fix: decrease verbosity of logging messages
1 parent 7b6a809 commit f10d6d2

File tree

2 files changed

+17
-17
lines changed

2 files changed

+17
-17
lines changed

example/haproxy/haproxy.cfg

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# This file managed by Puppet
22
global
3-
log stdout format raw local0 debug
3+
log stdout format raw local0 notice
44
maxconn 4096
55
daemon
66
lua-load /usr/local/share/lua/5.3/jwtverify.lua

src/jwtverify.lua

Lines changed: 16 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,7 @@ local function decodeJwt(authorizationHeader)
7777
local headerFields = core.tokenize(authorizationHeader, " .")
7878

7979
if #headerFields ~= 3 then
80-
log_info("Improperly formated Authorization header. Should be followed by 3 token sections.")
80+
log_debug("Improperly formated Authorization header. Should be followed by 3 token sections.")
8181
return nil
8282
end
8383

@@ -91,19 +91,19 @@ local function decodeJwt(authorizationHeader)
9191
token.signature = headerFields[3]
9292
token.signaturedecoded = base64.decode(token.signature)
9393

94-
log_info('Authorization header: ' .. authorizationHeader)
95-
log_info('Decoded JWT header: ' .. dump(token.headerdecoded))
96-
log_info('Decoded JWT payload: ' .. dump(token.payloaddecoded))
94+
log_debug('Authorization header: ' .. authorizationHeader)
95+
log_debug('Decoded JWT header: ' .. dump(token.headerdecoded))
96+
log_debug('Decoded JWT payload: ' .. dump(token.payloaddecoded))
9797

9898
return token
9999
end
100100

101101
local function algorithmIsValid(token)
102102
if token.headerdecoded.alg == nil then
103-
log_info("No 'alg' provided in JWT header.")
103+
log_debug("No 'alg' provided in JWT header.")
104104
return false
105105
elseif token.headerdecoded.alg ~= 'RS256' then
106-
log_info("RS256 supported. Incorrect alg in JWT: " .. token.headerdecoded.alg)
106+
log_debug("RS256 supported. Incorrect alg in JWT: " .. token.headerdecoded.alg)
107107
return false
108108
end
109109

@@ -178,7 +178,7 @@ local function getJwksData(url)
178178

179179
local ip_url = string.gsub(url, '|'..be..'|', addr)
180180

181-
log_info('retrieving JWKS Public Key Data')
181+
log_info('Retrieving JWKS Public Key Data')
182182

183183
local response, err = http.get{url=ip_url, headers={Host=server_name}}
184184
if not response then
@@ -211,7 +211,7 @@ local function getJwksData(url)
211211

212212
for _,v in pairs(JWKS_response.public_certs) do
213213
table.insert(publicKeys,openssl.x509.new(v.cert):getPublicKey())
214-
log_notice("Public Key Cached: " .. v.kid)
214+
log_info("Public Key Cached: " .. v.kid)
215215
end
216216

217217
local max_age
@@ -245,13 +245,13 @@ function jwtverify(txn)
245245
-- 1. Decode and parse the JWT
246246
local token = decodeJwt(txn.sf:req_hdr("cf-access-jwt-assertion"))
247247
if token == nil then
248-
log_info("Token could not be decoded.")
248+
log_debug("Token could not be decoded.")
249249
goto out
250250
end
251251

252252
-- 2. Verify the signature algorithm is supported (RS256)
253253
if algorithmIsValid(token) == false then
254-
log_info("Algorithm not valid.")
254+
log_debug("Algorithm not valid.")
255255
goto out
256256
end
257257

@@ -261,7 +261,7 @@ function jwtverify(txn)
261261
end
262262

263263
if signature_valid == false then
264-
log_info("Signature not valid.")
264+
log_debug("Signature not valid.")
265265

266266
if not signature_valid then
267267
goto out
@@ -316,10 +316,10 @@ end
316316
-- On a high level it tries to get the public key from our jwks url
317317
-- based on an interval. The interval we use is based on the cache headers as part of the JWKS response
318318
function refresh_jwks()
319-
log_notice("Refresh JWKS task initialized")
319+
log_info("Refresh JWKS task initialized")
320320

321321
while true do
322-
log_notice('Refreshing JWKS data')
322+
log_info('Refreshing JWKS data')
323323
local status, publicKeys = xpcall(getJwksData, debug.traceback, config.jwks_url)
324324
if status then
325325
config.publicKeys = publicKeys
@@ -328,7 +328,7 @@ function refresh_jwks()
328328
log_alert("Unable to set public keys: "..tostring(err))
329329
end
330330

331-
log_notice('Getting new Certificate in '..(config.publicKeys.expiresIn)..' seconds - '
331+
log_info('Getting new Certificate in '..(config.publicKeys.expiresIn)..' seconds - '
332332
..os.date('%c', os.time() + config.publicKeys.expiresIn))
333333
core.sleep(config.publicKeys.expiresIn)
334334
end
@@ -339,8 +339,8 @@ end
339339
core.register_init(function()
340340
config.issuer = os.getenv("OAUTH_ISSUER")
341341
config.jwks_url = os.getenv("OAUTH_JWKS_URL")
342-
log_notice("JWKS URL: " .. (config.jwks_url or "<none>"))
343-
log_notice("Issuer: " .. (config.issuer or "<none>"))
342+
log_info("JWKS URL: " .. (config.jwks_url or "<none>"))
343+
log_info("Issuer: " .. (config.issuer or "<none>"))
344344
end)
345345

346346
-- Called on a request.

0 commit comments

Comments
 (0)