From b1cbffacabfa1944b10e913e174e0ba7a5362416 Mon Sep 17 00:00:00 2001
From: "Tomi P. Hakala" <tomi.hakala@pobox.fi>
Date: Thu, 9 Jan 2025 17:41:47 +0200
Subject: [PATCH] feat: add debug mode to security configuration

- Introduced a new debug flag in the Security struct to enable detailed logging.
- Updated CloudflareAccess and OAuth2Server to utilize the debug flag for conditional logging.
- Enhanced logging in Debug methods to include a prefix for better context in log messages.
---
 internal/conf/config.go         | 1 +
 internal/security/cloudflare.go | 7 +++++--
 internal/security/oauth.go      | 7 ++++---
 3 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/internal/conf/config.go b/internal/conf/config.go
index 687a9e48..2cfd9c00 100644
--- a/internal/conf/config.go
+++ b/internal/conf/config.go
@@ -250,6 +250,7 @@ type AllowCloudflareBypass struct {
 // SecurityConfig handles all security-related settings and validations
 // for the application, including authentication, TLS, and access control.
 type Security struct {
+	Debug bool // true to enable debug mode
 
 	// Host is the primary hostname used for TLS certificates
 	// and OAuth redirect URLs. Required when using AutoTLS or
diff --git a/internal/security/cloudflare.go b/internal/security/cloudflare.go
index a15b35c2..bdc9b48a 100644
--- a/internal/security/cloudflare.go
+++ b/internal/security/cloudflare.go
@@ -42,6 +42,7 @@ type CloudflareAccess struct {
 
 func NewCloudflareAccess() *CloudflareAccess {
 	settings := conf.GetSettings()
+	debug := settings.Security.Debug
 	cfBypass := settings.Security.AllowCloudflareBypass
 
 	return &CloudflareAccess{
@@ -55,6 +56,7 @@ func NewCloudflareAccess() *CloudflareAccess {
 			lastFetch: time.Time{},
 		},
 		settings: &cfBypass,
+		debug:    debug,
 	}
 }
 
@@ -279,10 +281,11 @@ func (ca *CloudflareAccess) GetLogoutURL() string {
 
 func (ca *CloudflareAccess) Debug(format string, v ...interface{}) {
 	if !ca.debug {
+		prefix := "[security/cloudflare] "
 		if len(v) == 0 {
-			log.Print(format)
+			log.Print(prefix + format)
 		} else {
-			log.Printf(format, v...)
+			log.Printf(prefix+format, v...)
 		}
 	}
 }
diff --git a/internal/security/oauth.go b/internal/security/oauth.go
index a630dd42..6feea017 100644
--- a/internal/security/oauth.go
+++ b/internal/security/oauth.go
@@ -44,7 +44,7 @@ type OAuth2Server struct {
 
 func NewOAuth2Server() *OAuth2Server {
 	settings := conf.GetSettings()
-	debug := settings.Debug
+	debug := settings.Security.Debug
 
 	server := &OAuth2Server{
 		Settings:     settings,
@@ -256,10 +256,11 @@ func (s *OAuth2Server) StartAuthCleanup(interval time.Duration) {
 
 func (s *OAuth2Server) Debug(format string, v ...interface{}) {
 	if s.debug {
+		prefix := "[security/oauth] "
 		if len(v) == 0 {
-			log.Print(format)
+			log.Print(prefix + format)
 		} else {
-			log.Printf(format, v...)
+			log.Printf(prefix+format, v...)
 		}
 	}
 }