MCPcopy
hub / github.com/dgraph-io/dgraph / auditHttp

Function auditHttp

audit/interceptor.go:222–244  ·  view source on GitHub ↗
(w *ResponseWriter, r *http.Request)

Source from the content-addressed store, hash-verified

220}
221
222func auditHttp(w *ResponseWriter, r *http.Request) {
223 body := getRequestBody(r)
224 var user string
225 if token := r.Header.Get("X-Dgraph-AccessToken"); token != "" {
226 user = getUser(token, false)
227 } else if token := r.Header.Get("X-Dgraph-AuthToken"); token != "" {
228 user = getUser(token, true)
229 } else {
230 user = getUser("", false)
231 }
232
233 auditor.Audit(&AuditEvent{
234 User: user,
235 Namespace: x.ExtractNamespaceHTTP(r),
236 ServerHost: x.WorkerConfig.MyAddr,
237 ClientHost: r.RemoteAddr,
238 Endpoint: r.URL.Path,
239 ReqType: Http,
240 Req: truncate(checkRequestBody(Http, r.URL.Path, string(body)), maxReqLength),
241 Status: http.StatusText(w.statusCode),
242 QueryParams: r.URL.Query(),
243 })
244}
245
246// password fields are accessible only via /admin endpoint hence,
247// this will be only called with /admin endpoint

Callers 1

AuditRequestHttpFunction · 0.85

Calls 8

ExtractNamespaceHTTPFunction · 0.92
getRequestBodyFunction · 0.85
getUserFunction · 0.85
truncateFunction · 0.85
checkRequestBodyFunction · 0.85
AuditMethod · 0.80
GetMethod · 0.65
QueryMethod · 0.45

Tested by

no test coverage detected