feat(teler): add listen_addr & caller fields in the log (#194)

* feat(utils): add `getListenAddr` func

Signed-off-by: Dwi Siswanto <[email protected]>

* feat(teler): add `listen_addr` & `caller` fields in the log

Signed-off-by: Dwi Siswanto <[email protected]>

* refactor(teler): init cache regardless dev opt

Signed-off-by: Dwi Siswanto <[email protected]>

* fix(teler): misplacing new fields in request-scoped namespace

Signed-off-by: Dwi Siswanto <[email protected]>

* docs(README): update example logs

by added new fields for relevancy

Signed-off-by: Dwi Siswanto <[email protected]>

---------

Signed-off-by: Dwi Siswanto <[email protected]>

README.md

@@ -369,9 +369,9 @@ telerMiddleware := teler.New(teler.Options{
 Here is an example of what the log lines would look like if teler-waf detects a threat on a request:
 
 ```json
-{"level":"warn","ts":1672261174.5995026,"msg":"bad crawler","id":"654b85325e1b2911258a","category":"BadCrawler","request":{"method":"GET","path":"/","ip_addr":"127.0.0.1:37702","headers":{"Accept":["*/*"],"User-Agent":["curl/7.81.0"]},"body":""}}
-{"level":"warn","ts":1672261175.9567692,"msg":"directory bruteforce","id":"b29546945276ed6b1fba","category":"DirectoryBruteforce","request":{"method":"GET","path":"/.git","ip_addr":"127.0.0.1:37716","headers":{"Accept":["*/*"],"User-Agent":["X"]},"body":""}}
-{"level":"warn","ts":1672261177.1487508,"msg":"Detects common comment types","id":"75412f2cc0ec1cf79efd","category":"CommonWebAttack","request":{"method":"GET","path":"/?id=1%27%20or%201%3D1%23","ip_addr":"127.0.0.1:37728","headers":{"Accept":["*/*"],"User-Agent":["X"]},"body":""}}
+{"level":"warn","ts":1672261174.5995026,"msg":"bad crawler","id":"654b85325e1b2911258a","category":"BadCrawler","caller":"teler-waf","listen_addr":"127.0.0.1:36267","request":{"method":"GET","path":"/","ip_addr":"127.0.0.1:37702","headers":{"Accept":["*/*"],"User-Agent":["curl/7.81.0"]},"body":""}}
+{"level":"warn","ts":1672261175.9567692,"msg":"directory bruteforce","id":"b29546945276ed6b1fba","category":"DirectoryBruteforce","caller":"teler-waf","listen_addr":"127.0.0.1:36267","request":{"method":"GET","path":"/.git","ip_addr":"127.0.0.1:37716","headers":{"Accept":["*/*"],"User-Agent":["X"]},"body":""}}
+{"level":"warn","ts":1672261177.1487508,"msg":"Detects common comment types","id":"75412f2cc0ec1cf79efd","category":"CommonWebAttack","caller":"teler-waf","listen_addr":"127.0.0.1:36267","request":{"method":"GET","path":"/?id=1%27%20or%201%3D1%23","ip_addr":"127.0.0.1:37728","headers":{"Accept":["*/*"],"User-Agent":["X"]},"body":""}}
 ```
 
 The **id** is a unique identifier that is generated when a request is rejected by teler-waf. It is included in the HTTP response headers of the request (`X-Teler-Req-Id`), and can be used to troubleshoot issues with requests that are being made to the website.

teler.go

@@ -315,11 +315,9 @@ func New(opts ...Options) *Teler {
 		}
 	}
 
-	// If development mode is enabled, create a new cache with a default
-	// expiration time of 15 minutes and cleanup interval of 20 minutes.
-	if !o.Development {
-		t.cache = cache.New(15*time.Minute, 20*time.Minute)
-	}
+	// Initialize cache with a default expiration time of 15 minutes and cleanup
+	// interval of 20 minutes.
+	t.cache = cache.New(15*time.Minute, 20*time.Minute)
 
 	// If custom response status is set, overwrite default response status.
 	if o.Response.Status != 0 {
@@ -392,11 +390,14 @@ func (t *Teler) sendLogs(r *http.Request, k threat.Threat, id string, msg string
 	cat := k.String()
 	path := r.URL.String()
 	ipAddr := t.env.GetRequestValue("IP")
+	listenAddr := t.getListenAddr(r)
 
 	// Log the detected threat, request details and the error message.
 	t.log.With(
 		zap.String("id", id),
 		zap.String("category", cat),
+		zap.String("caller", t.caller),
+		zap.String("listen_addr", listenAddr),
 		zap.Namespace("request"),
 		zap.String("method", r.Method),
 		zap.String("path", path),

utils.go

@@ -10,14 +10,15 @@ import (
 	"errors"
 	"html"
 	"io"
+	"net"
 	"regexp"
 	"strings"
 
 	"net/http"
 	"net/url"
 
-	"github.com/expr-lang/expr/vm"
 	"github.com/dwisiswant0/clientip"
+	"github.com/expr-lang/expr/vm"
 	"github.com/kitabisa/teler-waf/request"
 	"github.com/kitabisa/teler-waf/threat"
 	"github.com/patrickmn/go-cache"
@@ -314,3 +315,24 @@ func isValidReferrer(ref string) (bool, string, error) {
 
 	return false, host, nil
 }
+
+// getListenAddr retrieves the local network address that the HTTP server is
+// listening on from the request's context, utilizing a cache to store and
+// retrieve this value efficiently.
+func (t *Teler) getListenAddr(r *http.Request) string {
+	cacheKey := "listen_addr"
+	localAddrCtx := r.Context().Value(http.LocalAddrContextKey)
+
+	if listenAddrCache, ok := t.cache.Get(cacheKey); ok {
+		return listenAddrCache.(string)
+	}
+
+	if conn, ok := localAddrCtx.(net.Addr); ok {
+		listenAddr := conn.String()
+		t.cache.Set(cacheKey, listenAddr, cache.DefaultExpiration)
+
+		return listenAddr
+	}
+
+	return ""
+}