VARASYS/ZDDC - Forgejo: Beyond coding. We forge.

VARASYS/ZDDC

Fork 0

Commit graph

Author	SHA1	Message	Date
ZDDC	411f49169b	feat(server): tee access log to a rotated file for on-disk audit trail Add --access-log <path> (env ZDDC_ACCESS_LOG). When set, every access- log record is written as a JSON line to the configured file in addition to the existing slog.Default() stderr output. Empty (default) keeps the prior behavior — stderr only. Rotation via gopkg.in/natefinch/lumberjack.v2: 100 MB per file, 10 backups, 90-day max age, gzip rotated files. Operator usage (e.g. behind a Caddy/quadlet stack): zddc-server --access-log /srv/.zddc.d/logs/access.log ... Architecture: AccessLogMiddleware now takes an optional *slog.Logger. main.go wires it via setupAccessAuditLog() which builds a slog.JSONHandler over a lumberjack rotator. Stderr emission stays via slog.Default(); the audit logger gets the same fields in line-delimited JSON, the format every standard log shipper (Vector, Loki, fluentbit, journalbeat) parses natively. Tests cover the audit logger receiving the same email/path/status fields as the stderr stream.	2026-05-04 07:49:17 -05:00
ZDDC	15ccf554d2	feat(zddc-server): debug-level dump of every request's full headers ACLMiddleware now slog.Debug's the configured email-header name, the observed value at that name, and the full r.Header map on every request. Off at the default INFO log level; enable per-pod with ZDDC_LOG_LEVEL=debug. Motivated by debugging the X-Auth-Request-Email passthrough chain — when access logs show email=anonymous, /.admin/whoami is unreachable (the admin gate requires a non-empty email, which is the chicken-and-egg). The debug log line dumps headers without the gate, so an operator can identify whichever header name the upstream proxy is actually setting (X-Forwarded-User, X-Forwarded-Email, Remote-User, X-Authentik-Email, etc.) and adjust ZDDC_EMAIL_HEADER accordingly. The debug-level dump captures auth tokens and cookies along with everything else; safe in dev clusters, not appropriate for production unless the operator is comfortable with the trade-off. README documents the trade-off in the Admin Debug Page section. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-28 17:53:55 -05:00
ZDDC	ea385b5366	Initial commit ZDDC — Zero Day Document Control. A file-naming convention plus five single-file HTML tools (archive, transmittal, classifier, mdedit, landing) and an optional Go HTTP server (zddc-server) with ACL and a virtual archive index. Self-contained, offline-capable, dependency-free. See README.md for an overview, AGENTS.md and ARCHITECTURE.md for the build/release/architecture detail, bootstrap/README.md for the two-level deployment install pattern, and zddc/README.md for the HTTP server.	2026-04-27 11:05:47 -05:00

Author

SHA1

Message

Date

ZDDC

411f49169b

feat(server): tee access log to a rotated file for on-disk audit trail

Add --access-log <path> (env ZDDC_ACCESS_LOG). When set, every access-
log record is written as a JSON line to the configured file in
addition to the existing slog.Default() stderr output. Empty (default)
keeps the prior behavior — stderr only.

Rotation via gopkg.in/natefinch/lumberjack.v2:
  100 MB per file, 10 backups, 90-day max age, gzip rotated files.

Operator usage (e.g. behind a Caddy/quadlet stack):
  zddc-server --access-log /srv/.zddc.d/logs/access.log ...

Architecture:
  AccessLogMiddleware now takes an optional *slog.Logger. main.go wires
  it via setupAccessAuditLog() which builds a slog.JSONHandler over a
  lumberjack rotator. Stderr emission stays via slog.Default(); the
  audit logger gets the same fields in line-delimited JSON, the format
  every standard log shipper (Vector, Loki, fluentbit, journalbeat)
  parses natively.

Tests cover the audit logger receiving the same email/path/status
fields as the stderr stream.

2026-05-04 07:49:17 -05:00

ZDDC

15ccf554d2

feat(zddc-server): debug-level dump of every request's full headers

ACLMiddleware now slog.Debug's the configured email-header name, the
observed value at that name, and the full r.Header map on every request.
Off at the default INFO log level; enable per-pod with ZDDC_LOG_LEVEL=debug.

Motivated by debugging the X-Auth-Request-Email passthrough chain — when
access logs show email=anonymous, /.admin/whoami is unreachable (the
admin gate requires a non-empty email, which is the chicken-and-egg).
The debug log line dumps headers without the gate, so an operator can
identify whichever header name the upstream proxy is actually setting
(X-Forwarded-User, X-Forwarded-Email, Remote-User, X-Authentik-Email,
etc.) and adjust ZDDC_EMAIL_HEADER accordingly.

The debug-level dump captures auth tokens and cookies along with
everything else; safe in dev clusters, not appropriate for production
unless the operator is comfortable with the trade-off. README documents
the trade-off in the Admin Debug Page section.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-28 17:53:55 -05:00

ZDDC

ea385b5366

Initial commit

ZDDC — Zero Day Document Control. A file-naming convention plus five
single-file HTML tools (archive, transmittal, classifier, mdedit,
landing) and an optional Go HTTP server (zddc-server) with ACL and a
virtual archive index. Self-contained, offline-capable, dependency-free.

See README.md for an overview, AGENTS.md and ARCHITECTURE.md for the
build/release/architecture detail, bootstrap/README.md for the
two-level deployment install pattern, and zddc/README.md for the
HTTP server.

2026-04-27 11:05:47 -05:00

3 commits