Merge pull request #5 from Ouest-France/log

Display errors in login form + remove access logs

proxy/embed/login.html → proxy/embed/login.html.tmpl

@@ -10,6 +10,7 @@
             Kubernetes Dashboard
         </div>
         <div style="background-color: #ffffff; padding: 10px 15px 10px 15px;">
+            {{if .}}<div style="margin-top: 20px; color: #ff0000; font-weight: bold;">{{.}}</div>{{end}}
             <form action="/login" method="POST">
                 <div style="margin-top: 20px;">
                     <label>Username</label>

proxy/loginHandler.go

@@ -5,13 +5,16 @@ import (
 	_ "embed" //embed web resources for login page
 	"encoding/json"
 	"fmt"
+	"html/template"
 	"io"
+	"log"
 	"net/http"
+	"net/url"
 	"strings"
 )
 
-//go:embed embed/login.html
-var loginPage []byte
+//go:embed embed/login.html.tmpl
+var loginPageTemplate string
 
 // TanzuAuthResult represents the JSON response from Tanzu Auth
 type TanzuAuthResult struct {
@@ -20,9 +23,26 @@ type TanzuAuthResult struct {
 
 // loginGetHandler displays the login form
 func loginGetHandler(w http.ResponseWriter, r *http.Request) {
-	_, err := w.Write(loginPage)
+
+	// Retrieve login error message from URL
+	var loginErrorMessage string
+	queryLoginError, ok := r.URL.Query()["error"]
+	if ok && len(queryLoginError) == 1 {
+		loginErrorMessage = queryLoginError[0]
+	}
+
+	// Parse login template
+	tmpl, err := template.New("login").Parse(loginPageTemplate)
+	if err != nil {
+		log.Printf("failed to parse login page template: %s", err)
+		return
+	}
+
+	// Execute template with login error if provided in URL
+	err = tmpl.ExecuteTemplate(w, "login", loginErrorMessage)
 	if err != nil {
-		fmt.Printf("failed to write login page: %s", err)
+		log.Printf("failed to execute login page template: %s", err)
+		return
 	}
 }
 
@@ -36,8 +56,8 @@ func loginPostHandler(loginURL, guestClusterName string) func(w http.ResponseWri
 
 		// Check that username and password are defined
 		if username == "" || password == "" {
-			fmt.Println("username or password empty")
-			http.Redirect(w, r, "/login", 302)
+			log.Printf("username or password empty")
+			http.Redirect(w, r, fmt.Sprintf("/login?error=%s", url.QueryEscape("Username or password empty")), 302)
 			return
 		}
 
@@ -50,8 +70,8 @@ func loginPostHandler(loginURL, guestClusterName string) func(w http.ResponseWri
 		// Create login request
 		req, err := http.NewRequest("POST", loginURL, strings.NewReader(payload))
 		if err != nil {
-			fmt.Printf("failed to create login request: %s\n", err)
-			http.Redirect(w, r, "/login", 302)
+			log.Printf("creating login request: %s", err)
+			http.Redirect(w, r, fmt.Sprintf("/login?error=%s", url.QueryEscape("Server error")), 302)
 			return
 		}
 
@@ -64,38 +84,38 @@ func loginPostHandler(loginURL, guestClusterName string) func(w http.ResponseWri
 		// Send login request
 		resp, err := client.Do(req)
 		if err != nil {
-			fmt.Printf("login request failed: %s\n", err)
-			http.Redirect(w, r, "/login", 302)
+			log.Printf("login request failed: %s", err)
+			http.Redirect(w, r, fmt.Sprintf("/login?error=%s", url.QueryEscape("Server error")), 302)
 			return
 		}
 		defer resp.Body.Close()
 
 		// Check HTTP code for login succeeded
 		if resp.StatusCode != 200 {
-			fmt.Printf("login failed with non 200 http code for login response body: %d\n", resp.StatusCode)
-			http.Redirect(w, r, "/login", 302)
+			log.Printf("login failed with non 200 http code for login response body: %d", resp.StatusCode)
+			http.Redirect(w, r, fmt.Sprintf("/login?error=%s", url.QueryEscape("Invalid credentials")), 302)
 			return
 		}
 
 		// Read JSON response
 		body, err := io.ReadAll(resp.Body)
 		if err != nil {
-			fmt.Printf("failed to read login response body: %s\n", err)
-			http.Redirect(w, r, "/login", 302)
+			log.Printf("failed to read login response body: %s", err)
+			http.Redirect(w, r, fmt.Sprintf("/login?error=%s", url.QueryEscape("Server error")), 302)
 			return
 		}
 		var TanzuAuthResult TanzuAuthResult
 		err = json.Unmarshal(body, &TanzuAuthResult)
 		if err != nil {
-			fmt.Printf("failed to unmarshal json login response: %s\n", err)
-			http.Redirect(w, r, "/login", 302)
+			log.Printf("failed to unmarshal json login response: %s", err)
+			http.Redirect(w, r, fmt.Sprintf("/login?error=%s", url.QueryEscape("Server error")), 302)
 			return
 		}
 
 		err = setTokenCookie(w, TanzuAuthResult.SessionID)
 		if err != nil {
-			fmt.Printf("failed to set token cookie: %s\n", err)
-			http.Redirect(w, r, "/login", 302)
+			log.Printf("failed to set token cookie: %s", err)
+			http.Redirect(w, r, fmt.Sprintf("/login?error=%s", url.QueryEscape("Server error")), 302)
 			return
 		}
 

proxy/proxyHandler.go

@@ -2,6 +2,7 @@ package proxy
 
 import (
 	"fmt"
+	"log"
 	"net/http"
 	"net/http/httputil"
 	"net/url"
@@ -13,7 +14,7 @@ func proxyHandler(target string) func(w http.ResponseWriter, r *http.Request) {
 		// get token or redirect to login
 		token, err := getTokenCookie(r)
 		if err != nil {
-			fmt.Printf("failed to get cookie: %s\n", err)
+			log.Printf("failed to get cookie: %s", err)
 			http.Redirect(w, r, "/login", 302)
 			return
 		}

proxy/server.go

@@ -1,20 +1,19 @@
 package proxy
 
 import (
+	"log"
 	"net/http"
 
 	"github.com/go-chi/chi"
-	"github.com/go-chi/chi/middleware"
 )
 
 func Server(loginURL, guestClusterName, proxyURL string) error {
 
-	// Create router
-	r := chi.NewRouter()
-	r.Use(middleware.Recoverer)
-	r.Use(middleware.Logger)
+	// Remove timestamp from logs
+	log.SetFlags(0)
 
-	// Register handlers
+	// Create router and register handlers
+	r := chi.NewRouter()
 	r.HandleFunc("/*", proxyHandler(proxyURL))
 	r.Get("/login", loginGetHandler)
 	r.Post("/login", loginPostHandler(loginURL, guestClusterName))

proxy/tokenHelpers.go

@@ -83,8 +83,7 @@ func compressToken(token string) (string, error) {
 func uncompressToken(b64Token string) (string, error) {
 	token, err := base64.StdEncoding.DecodeString(b64Token)
 	if err != nil {
-		fmt.Printf("failed to decode base64 token: %s\n", err)
-		return "", err
+		return "", fmt.Errorf("failed to decode base64 token: %s", err)
 	}
 
 	zr, err := gzip.NewReader(bytes.NewBuffer(token))