git-HTTP: temporary authz diagnostic log (auth header + resolved principal)

0229253 · gmorell · 2026-06-26 01:22

1 files +15 -1

Files changed

modified lib/git_gud_web/plugs/git_smart_http.ex
+15 −1
@@ -188,7 +188,17 @@ defmodule GitGudWeb.Plugs.GitSmartHttp do
188 188 defp authorize(conn, %Repository{visibility: "public"} = _repo, @upload_pack), do: {:ok, conn}
189 189
190 190 defp authorize(conn, %Repository{} = repo, service) do
191 case authenticate(conn) do
191 + principal = authenticate(conn)
192 +
193 + require Logger
194 +
195 + Logger.info(
196 + "git-http authz repo=#{repo.id}/#{repo.visibility} svc=#{service} " <>
197 + "auth=#{conn |> get_req_header("authorization") |> List.first("ABSENT") |> String.slice(0, 14)} " <>
198 + "-> #{principal_tag(principal)}"
199 + )
200 +
201 + case principal do
192 202 {:user, user} ->
193 203 if can?(user, repo, service),
194 204 do: {:ok, assign(conn, :git_pusher_id, user.id)},
@@ -207,6 +217,10 @@ defmodule GitGudWeb.Plugs.GitSmartHttp do
207 217 end
208 218 end
209 219
220 + defp principal_tag({:user, u}), do: "user:#{u.id}"
221 + defp principal_tag({:job, pid}), do: "job:pid=#{pid}"
222 + defp principal_tag(:error), do: "none"
223 +
210 224 # Resolve Basic-auth credentials to a principal:
211 225 # {:user, %User{}} — forge password OR a Personal Access Token
212 226 # {:job, repo_id} — a per-job RunnerJwt

Parents: 5474d55