Commit d98b45a6 authored by Ad Schellevis's avatar Ad Schellevis

(mvc) add some logging to the api

parent 63b476a1
...@@ -30,6 +30,7 @@ namespace OPNsense\Base; ...@@ -30,6 +30,7 @@ namespace OPNsense\Base;
use OPNsense\Core\ACL; use OPNsense\Core\ACL;
use Phalcon\Mvc\Controller; use Phalcon\Mvc\Controller;
use Phalcon\Logger\Adapter\Syslog;
/** /**
* Class ApiControllerBase, inherit this class to implement API calls * Class ApiControllerBase, inherit this class to implement API calls
...@@ -54,6 +55,17 @@ class ApiControllerBase extends Controller ...@@ -54,6 +55,17 @@ class ApiControllerBase extends Controller
session_write_close(); session_write_close();
} }
protected function getLogger($ident = "api")
{
$logger = new Syslog($ident, array(
'option' => LOG_PID,
'facility' => LOG_LOCAL4
));
return $logger;
}
/** /**
* before routing event * before routing event
* @param Dispatcher $dispatcher * @param Dispatcher $dispatcher
...@@ -65,12 +77,15 @@ class ApiControllerBase extends Controller ...@@ -65,12 +77,15 @@ class ApiControllerBase extends Controller
// use authentication of legacy OPNsense to validate user. // use authentication of legacy OPNsense to validate user.
if ($this->session->has("Username") == false) { if ($this->session->has("Username") == false) {
$this->getLogger()->error("no active session, user not found");
$this->response->redirect("/", true); $this->response->redirect("/", true);
} }
// Authorization using legacy acl structure // Authorization using legacy acl structure
$acl = new ACL(); $acl = new ACL();
if (!$acl->isPageAccessible($this->session->get("Username"), $_SERVER['REQUEST_URI'])) { if (!$acl->isPageAccessible($this->session->get("Username"), $_SERVER['REQUEST_URI'])) {
$this->getLogger()->error("uri ".$_SERVER['REQUEST_URI'].
" not accessible for user ".$this->session->get("Username"));
$this->response->redirect("/", true); $this->response->redirect("/", true);
} }
...@@ -85,6 +100,7 @@ class ApiControllerBase extends Controller ...@@ -85,6 +100,7 @@ class ApiControllerBase extends Controller
) && !$csrf_valid ) && !$csrf_valid
) { ) {
// missing csrf, exit. // missing csrf, exit.
$this->getLogger()->error("no matching csrf found for request");
return false; return false;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment