Report on oauth failures

SURFnet · May 17, 2024 · cf60452 · cf60452
1 parent d2dc233
commit cf60452
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 13 deletions.
diff --git a/policies/aggregation/aggregation.js b/policies/aggregation/aggregation.js
@@ -208,6 +208,12 @@ module.exports = (config, { gatewayConfig: { serviceEndpoints } }) => {
         } catch (err) {
           if (err instanceof oauthClient.AuthorizationError) {
             logger.warn(err)
+            report({
+              statusCode: err.statusCode,
+              reqTimerEnd: new Date(),
+              short_message: `oauth failure: ${err.message}`,
+              ...err.exInfo
+            })
             endpointDone(endpoint, { statusCode: err.statusCode })
           } else {
             throw err

diff --git a/policies/aggregation/oauth-client.js b/policies/aggregation/oauth-client.js
@@ -30,9 +30,10 @@ const tokenKey = ({ url, params }) => {
 }
 
 class AuthorizationError extends Error {
-  constructor (message, { cause, statusCode }) {
+  constructor (message, { cause, statusCode, ...exInfo }) {
     super(message, { cause })
     this.statusCode = statusCode
+    this.exInfo = exInfo
   }
 }
 
@@ -59,18 +60,26 @@ const postToken = (url, params) => {
           })
         })
         req.on('error', err => {
-          reject(new AuthorizationError(err, {
-            cause: err,
-            statusCode: httpcode.ServiceUnavailable
-          }))
+          reject(new AuthorizationError(
+            `Failed to connect: ${url} for ${params.client_id}`, {
+              url,
+              statusCode: httpcode.ServiceUnavailable,
+              clientId: params.client_id,
+              cause: err
+            }
+          ))
         })
         req.write(data)
         req.end()
       } catch (err) {
-        reject(new AuthorizationError(err, {
-          cause: err,
-          statusCode: httpcode.InternalServerError
-        }))
+        reject(new AuthorizationError(
+          `Failed to request: ${url} for ${params.client_id}`, {
+            url,
+            statusCode: httpcode.InternalServerError,
+            clientId: params.client_id,
+            cause: err
+          }
+        ))
       }
     }
   )
@@ -94,19 +103,24 @@ const authorizationHeader = async ({
     const res = await postToken(url, params)
     if (res.statusCode !== httpcode.OK) {
       throw new AuthorizationError(
-        `Failed to get token: ${url} for ${params.client_id}: ${res.statusCode} / ${res.body}`, {
-          statusCode: res.statusCode
+        `Failed to get token: ${url} for ${params.client_id}: ${res.statusCode}`, {
+          url,
+          statusCode: res.statusCode,
+          clientId: params.client_id
         }
       )
     }
     token = res.body
 
     try {
       tokenParsed = JSON.parse(token)
-    } catch (ex) {
+    } catch (err) {
       throw new AuthorizationError(
         `Failed to parse token: ${url} for ${params.client_id}`, {
-          ex, body: res.body
+          url,
+          statusCode: httpcode.InternalServerError,
+          clientId: params.client_id,
+          cause: err
         }
       )
     }