git-HTTP: temporary authz diagnostic log (auth header + resolved principal)
0229253 · gmorell · 2026-06-26 01:22
Files changed
modified
lib/git_gud_web/plugs/git_smart_http.ex
+15
−1
@@ -188,7 +188,17 @@ defmodule GitGudWeb.Plugs.GitSmartHttp do
| 188 | 188 | defp authorize(conn, %Repository{visibility: "public"} = _repo, @upload_pack), do: {:ok, conn} |
| 189 | 189 | |
| 190 | 190 | defp authorize(conn, %Repository{} = repo, service) do |
| 191 | − case authenticate(conn) do | |
| 191 | + principal = authenticate(conn) | |
| 192 | + | |
| 193 | + require Logger | |
| 194 | + | |
| 195 | + Logger.info( | |
| 196 | + "git-http authz repo=#{repo.id}/#{repo.visibility} svc=#{service} " <> | |
| 197 | + "auth=#{conn |> get_req_header("authorization") |> List.first("ABSENT") |> String.slice(0, 14)} " <> | |
| 198 | + "-> #{principal_tag(principal)}" | |
| 199 | + ) | |
| 200 | + | |
| 201 | + case principal do | |
| 192 | 202 | {:user, user} -> |
| 193 | 203 | if can?(user, repo, service), |
| 194 | 204 | do: {:ok, assign(conn, :git_pusher_id, user.id)}, |
@@ -207,6 +217,10 @@ defmodule GitGudWeb.Plugs.GitSmartHttp do
| 207 | 217 | end |
| 208 | 218 | end |
| 209 | 219 | |
| 220 | + defp principal_tag({:user, u}), do: "user:#{u.id}" | |
| 221 | + defp principal_tag({:job, pid}), do: "job:pid=#{pid}" | |
| 222 | + defp principal_tag(:error), do: "none" | |
| 223 | + | |
| 210 | 224 | # Resolve Basic-auth credentials to a principal: |
| 211 | 225 | # {:user, %User{}} — forge password OR a Personal Access Token |
| 212 | 226 | # {:job, repo_id} — a per-job RunnerJwt |
Parents: 5474d55