From f1887e3052200580012323d0dd1aae8a60fd9904 Mon Sep 17 00:00:00 2001 From: Brandon Sprague Date: Wed, 24 Jan 2024 10:57:24 -0800 Subject: [PATCH] Disable CORS + request/response logs This PR disables some of our noiser logs, in particular CORS + request/response logging. As noted in the code, most of this info is provided by our cloud environment when deployed, and when local, these things are generally just noisy. They can be selectively turned on as debugging requires. Fixes #67 --- cmd/server/main.go | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/cmd/server/main.go b/cmd/server/main.go index 6d0e295..b1e9b46 100644 --- a/cmd/server/main.go +++ b/cmd/server/main.go @@ -27,7 +27,6 @@ import ( "github.com/RMI/pacta/secrets" "github.com/RMI/pacta/session" "github.com/RMI/pacta/task" - "github.com/Silicon-Ally/zaphttplog" chi "github.com/go-chi/chi/v5" "github.com/go-chi/httprate" "github.com/go-chi/jwtauth/v5" @@ -312,7 +311,12 @@ func run(args []string) error { // LogEntry created by the logging middleware. chimiddleware.RequestID, chimiddleware.RealIP, - zaphttplog.NewMiddleware(logger, zaphttplog.WithConcise(false)), + + // Disabled, see #67 for details. Request/Response logging can be useful in some + // cases, but we can rely on the native cloud systems we deploy to for similar + // info in the meantime. + // zaphttplog.NewMiddleware(logger, zaphttplog.WithConcise(false)), + chimiddleware.Recoverer, jwtauth.Verifier(jwtauth.New("EdDSA", nil, jwKey)), requireJWTIfNotPublicEndpoint, @@ -352,9 +356,8 @@ func run(args []string) error { AllowedOrigins: []string{*allowedCORSOrigin}, AllowCredentials: true, AllowedHeaders: []string{"Authorization", "Content-Type"}, - // Enable Debugging for testing, consider disabling in production - Debug: true, - AllowedMethods: []string{"GET", "POST", "PUT", "PATCH", "DELETE"}, + Debug: false, + AllowedMethods: []string{"GET", "POST", "PUT", "PATCH", "DELETE"}, }).Handler(r) } else { handler = r