feat(lib): add log filtering rules

Closes #942 Signed-off-by: Xe Iaso <me@xeiaso.net>
2026-04-15 04:58:43 +00:00 · 2025-08-18 10:51:14 +00:00
parent 53516738c1
commit a7a5e0d5c7
13 changed files with 128 additions and 142 deletions
--- a/lib/anubis.go
+++ b/lib/anubis.go
@@ -78,6 +78,10 @@ type Server struct {
 	logger      *slog.Logger
 }

+func (s *Server) GetLogger(subsystem string) *slog.Logger {
+	return s.logger.With("subsystem", subsystem)
+}
+
 func (s *Server) getTokenKeyfunc() jwt.Keyfunc {
 	// return ED25519 key if HS512 is not set
 	if len(s.hs512Secret) == 0 {
--- a/lib/config.go
+++ b/lib/config.go
@@ -120,6 +120,14 @@ func New(opts Options) (*Server, error) {
 		logger:      opts.Logger,
 	}

+	if opts.Policy.Logging != nil {
+		var err error
+		result.logger, err = opts.Policy.ApplyLogFilters(opts.Logger)
+		if err != nil {
+			return nil, fmt.Errorf("can't create log filters: %w", err)
+		}
+	}
+
 	mux := http.NewServeMux()
 	xess.Mount(mux)

--- a/lib/logging/stdlib.go
+++ b/lib/logging/stdlib.go
@@ -0,0 +1,36 @@
+package logging
+
+import (
+	"bytes"
+	"context"
+	"log"
+	"log/slog"
+	"time"
+)
+
+// handlerWriter is an io.Writer that calls a Handler.
+// It is used to link the default log.Logger to the default slog.Logger.
+//
+// Adapted from https://cs.opensource.google/go/go/+/refs/tags/go1.24.5:src/log/slog/logger.go;l=62
+type handlerWriter struct {
+	h     slog.Handler
+	level slog.Leveler
+}
+
+func (w *handlerWriter) Write(buf []byte) (int, error) {
+	level := w.level.Level()
+	if !w.h.Enabled(context.Background(), level) {
+		return 0, nil
+	}
+	var pc uintptr
+
+	// Remove final newline.
+	origLen := len(buf) // Report that the entire buf was written.
+	buf = bytes.TrimSuffix(buf, []byte{'\n'})
+	r := slog.NewRecord(time.Now(), level, string(buf), pc)
+	return origLen, w.h.Handle(context.Background(), r)
+}
+
+func StdlibLogger(next slog.Handler, level slog.Level) *log.Logger {
+	return log.New(&handlerWriter{h: next, level: level}, "", log.LstdFlags)
+}
--- a/lib/policy/expressions/logging.go
+++ b/lib/policy/expressions/logging.go
@@ -14,16 +14,11 @@ import (
 )

 var (
-	filterInvocations = promauto.NewGaugeVec(prometheus.GaugeOpts{
-		Namespace: "techaro",
-		Subsystem: "anubis",
-		Name:      "slog_filter_invocations",
-	}, []string{"name"})
-
 	filterExecutionTime = promauto.NewHistogramVec(prometheus.HistogramOpts{
-		Namespace: "techaro",
-		Subsystem: "anubis",
-		Name:      "slog_filter_execution_time_nanoseconds",
+		Namespace: "anubis",
+		Subsystem: "slog",
+		Name:      "filter_execution_time_nanoseconds",
+		Help:      "How long each log filter took to execute (nanoseconds)",
 		Buckets:   []float64{10, 50, 100, 200, 500, 1000, 2000, 5000, 10000, 20000, 50000, 100000, 200000, 500000, 1000000, 2000000, 5000000, 10000000}, // 10 nanoseconds to 10 milliseconds
 	}, []string{"name"})
 )
@@ -76,7 +71,6 @@ func (f Filter) Filter(ctx context.Context, r slog.Record) bool {
 	}
 	dur := time.Since(t0)
 	filterExecutionTime.WithLabelValues(f.name).Observe(float64(dur.Nanoseconds()))
-	filterInvocations.WithLabelValues(f.name).Inc()
 	//f.log.Debug("filter execution", "dur", dur.Nanoseconds())

 	if val, ok := result.(types.Bool); ok {
--- a/lib/policy/policy.go
+++ b/lib/policy/policy.go
@@ -8,8 +8,10 @@ import (
 	"log/slog"
 	"sync/atomic"

+	"github.com/TecharoHQ/anubis/lib/logging"
 	"github.com/TecharoHQ/anubis/lib/policy/checker"
 	"github.com/TecharoHQ/anubis/lib/policy/config"
+	"github.com/TecharoHQ/anubis/lib/policy/expressions"
 	"github.com/TecharoHQ/anubis/lib/store"
 	"github.com/TecharoHQ/anubis/lib/thoth"
 	"github.com/prometheus/client_golang/prometheus"
@@ -35,17 +37,42 @@ type ParsedConfig struct {
 	Thresholds        []*Threshold
 	DNSBL             bool
 	Impressum         *config.Impressum
+	Logging           *config.Logging
 	OpenGraph         config.OpenGraph
 	DefaultDifficulty int
 	StatusCodes       config.StatusCodes
 	Store             store.Interface
 }

+func (pc *ParsedConfig) ApplyLogFilters(base *slog.Logger) (*slog.Logger, error) {
+	var errs []error
+	var filters []logging.Filterer
+
+	for _, f := range pc.Logging.Filters {
+		filter, err := expressions.NewFilter(base, f.Name, f.Expression.String())
+		if err != nil {
+			errs = append(errs, fmt.Errorf("filter %s invalid: %w", f.Name, err))
+			continue
+		}
+		filters = append(filters, filter)
+	}
+
+	result := slog.New(logging.NewFilterHandler(base.Handler(), filters...))
+	slog.SetDefault(result)
+
+	if len(errs) != 0 {
+		return nil, errors.Join(errs...)
+	}
+
+	return result, nil
+}
+
 func newParsedConfig(orig *config.Config) *ParsedConfig {
 	return &ParsedConfig{
 		orig:        orig,
 		OpenGraph:   orig.OpenGraph,
 		StatusCodes: orig.StatusCodes,
+		Logging:     orig.Logging,
 	}
 }