ZDDC
15ccf554d2
ACLMiddleware now slog.Debug's the configured email-header name, the observed value at that name, and the full r.Header map on every request. Off at the default INFO log level; enable per-pod with ZDDC_LOG_LEVEL=debug. Motivated by debugging the X-Auth-Request-Email passthrough chain — when access logs show email=anonymous, /.admin/whoami is unreachable (the admin gate requires a non-empty email, which is the chicken-and-egg). The debug log line dumps headers without the gate, so an operator can identify whichever header name the upstream proxy is actually setting (X-Forwarded-User, X-Forwarded-Email, Remote-User, X-Authentik-Email, etc.) and adjust ZDDC_EMAIL_HEADER accordingly. The debug-level dump captures auth tokens and cookies along with everything else; safe in dev clusters, not appropriate for production unless the operator is comfortable with the trade-off. README documents the trade-off in the Admin Debug Page section. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| adminhandler.go | ||
| adminhandler_test.go | ||
| archivehandler.go | ||
| cors.go | ||
| cors_test.go | ||
| directory.go | ||
| logring.go | ||
| logring_test.go | ||
| middleware.go | ||
| projectshandler.go | ||
| projectshandler_test.go | ||
| static.go | ||