add two new log levels for tracing sensitive auth protocol messages, and bulk data messages

named "traceauth" and "tracedata". with this, you can (almost) enable trace logging without fear of logging sensitive data or ddos'ing your log server. the caveat is that the imap login command has already printed the line as regular trace before we can decide it should not be. can be fixed soon.
2025-07-12 12:24:38 +03:00 · 2023-02-03 20:33:19 +01:00
parent ae60cdac7e
commit ffb2a10a4e
10 changed files with 173 additions and 61 deletions
--- a/moxio/trace.go
+++ b/moxio/trace.go
@ -6,43 +6,53 @@ import (
 	"github.com/mjl-/mox/mlog"
 )

-type writer struct {
+type TraceWriter struct {
 	log    *mlog.Log
 	prefix string
 	w      io.Writer
+	level  mlog.Level
 }

 // NewTraceWriter wraps "w" into a writer that logs all writes to "log" with
 // log level trace, prefixed with "prefix".
-func NewTraceWriter(log *mlog.Log, prefix string, w io.Writer) io.Writer {
-	return writer{log, prefix, w}
+func NewTraceWriter(log *mlog.Log, prefix string, w io.Writer) *TraceWriter {
+	return &TraceWriter{log, prefix, w, mlog.LevelTrace}
 }

 // Write logs a trace line for writing buf to the client, then writes to the
 // client.
-func (w writer) Write(buf []byte) (int, error) {
-	w.log.Trace(w.prefix + string(buf))
+func (w *TraceWriter) Write(buf []byte) (int, error) {
+	w.log.Trace(w.level, w.prefix+string(buf))
 	return w.w.Write(buf)
 }

-type reader struct {
+func (w *TraceWriter) SetTrace(level mlog.Level) {
+	w.level = level
+}
+
+type TraceReader struct {
 	log    *mlog.Log
 	prefix string
 	r      io.Reader
+	level  mlog.Level
 }

 // NewTraceReader wraps reader "r" into a reader that logs all reads to "log"
 // with log level trace, prefixed with "prefix".
-func NewTraceReader(log *mlog.Log, prefix string, r io.Reader) io.Reader {
-	return reader{log, prefix, r}
+func NewTraceReader(log *mlog.Log, prefix string, r io.Reader) *TraceReader {
+	return &TraceReader{log, prefix, r, mlog.LevelTrace}
 }

 // Read does a single Read on its underlying reader, logs data of successful
 // reads, and returns the data read.
-func (r reader) Read(buf []byte) (int, error) {
+func (r *TraceReader) Read(buf []byte) (int, error) {
 	n, err := r.r.Read(buf)
 	if n > 0 {
-		r.log.Trace(r.prefix + string(buf[:n]))
+		r.log.Trace(r.level, r.prefix+string(buf[:n]))
 	}
 	return n, err
 }
+
+func (r *TraceReader) SetTrace(level mlog.Level) {
+	r.level = level
+}