[#154] Add debug logging for rejected attachment types & strip meta-i…

…nfo from mime-type (#155)
Luzifer · Nov 23, 2023 · dc47bf0 · dc47bf0
1 parent eb2bce3
commit dc47bf0
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 2 deletions.
diff --git a/cmd/ots-cli/cmd_root.go b/cmd/ots-cli/cmd_root.go
@@ -3,6 +3,7 @@ package main
 import (
 	"fmt"
 
+	"github.com/Luzifer/ots/pkg/client"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 )
@@ -28,5 +29,7 @@ func rootPersistentPreRunE(cmd *cobra.Command, _ []string) error {
 	}
 	logrus.SetLevel(ll)
 
+	client.Logger = logrus.NewEntry(logrus.StandardLogger())
+
 	return nil
 }
diff --git a/cmd/ots-cli/main.go b/cmd/ots-cli/main.go
@@ -1,6 +1,8 @@
 package main
 
-import "os"
+import (
+	"os"
+)
 
 func main() {
 	if err := rootCmd.Execute(); err != nil {

diff --git a/pkg/client/client.go b/pkg/client/client.go
@@ -17,6 +17,7 @@ import (
 	"time"
 
 	"github.com/Luzifer/go-openssl/v4"
+	"github.com/sirupsen/logrus"
 )
 
 type (
@@ -41,6 +42,10 @@ var HTTPClient HTTPClientIntf = http.DefaultClient
 // source code.
 var KeyDerivationFunc = openssl.NewPBKDF2Generator(sha512.New, 300000) //nolint:gomnd // that's the definition
 
+// Logger can be set to enable logging from the library. By default
+// all log-messages will be discarded.
+var Logger *logrus.Entry
+
 // PasswordLength defines the length of the generated encryption password
 var PasswordLength = 20
 
@@ -54,6 +59,12 @@ var RequestTimeout = 5 * time.Second
 // provide an URL to useful information about your tool.
 var UserAgent = "ots-client/1.x +https://github.com/Luzifer/ots"
 
+func init() {
+	l := logrus.New()
+	l.SetOutput(io.Discard)
+	Logger = logrus.NewEntry(l)
+}
+
 // Create serializes the secret and creates a new secret on the
 // instance given by its URL.
 //

diff --git a/pkg/client/sanity.go b/pkg/client/sanity.go
@@ -72,11 +72,12 @@ func SanityCheck(instanceURL string, secret Secret) error {
 }
 
 func attachmentAllowed(file SecretAttachment, allowed []string) bool {
+	mimeType, _, _ := strings.Cut(file.Type, ";")
 	for _, a := range allowed {
 		switch {
 		case mimeRegex.MatchString(a):
 			// That's a mime type
-			if glob.Glob(a, file.Type) {
+			if glob.Glob(a, mimeType) {
 				// The mime "glob" matches the file type
 				return true
 			}
@@ -90,6 +91,7 @@ func attachmentAllowed(file SecretAttachment, allowed []string) bool {
 		}
 	}
 
+	Logger.WithField("content-type", mimeType).Debug("attachment type not allowed")
 	return false
 }