fix: add https status to activity log (#6978)

* fix: add https status to activity log * create prerelease * create RC * pass info from gateway to grpc server * fix: update releaserc to create RC version * cleanup --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-12 00:57:33 +00:00 · 2023-11-28 16:56:29 +01:00
parent 24b05dc88c
commit ef11609142
11 changed files with 75 additions and 46 deletions
--- a/internal/api/grpc/client/middleware/activity.go
+++ b/internal/api/grpc/client/middleware/activity.go
@@ -0,0 +1,20 @@
+package middleware
+
+import (
+	"context"
+
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/metadata"
+
+	"github.com/zitadel/zitadel/internal/activity"
+	"github.com/zitadel/zitadel/internal/api/info"
+)
+
+func UnaryActivityClientInterceptor() grpc.UnaryClientInterceptor {
+	return func(ctx context.Context, method string, req, reply any, cc *grpc.ClientConn, invoker grpc.UnaryInvoker, opts ...grpc.CallOption) error {
+		activityInfo := info.ActivityInfoFromContext(ctx)
+		ctx = metadata.AppendToOutgoingContext(ctx, activity.PathKey, activityInfo.Path)
+		ctx = metadata.AppendToOutgoingContext(ctx, activity.RequestMethodKey, activityInfo.RequestMethod)
+		return invoker(ctx, method, req, reply, cc, opts...)
+	}
+}
--- a/internal/api/grpc/server/gateway.go
+++ b/internal/api/grpc/server/gateway.go
@@ -96,7 +96,10 @@ func CreateGatewayWithPrefix(
 	runtimeMux := runtime.NewServeMux(serveMuxOptions...)
 	opts := []grpc.DialOption{
 		grpc.WithTransportCredentials(grpcCredentials(tlsConfig)),
-		grpc.WithUnaryInterceptor(client_middleware.DefaultTracingClient()),
+		grpc.WithChainUnaryInterceptor(
+			client_middleware.DefaultTracingClient(),
+			client_middleware.UnaryActivityClientInterceptor(),
+		),
 	}
 	connection, err := dial(ctx, port, opts)
 	if err != nil {
@@ -120,7 +123,10 @@ func CreateGateway(
 		port,
 		[]grpc.DialOption{
 			grpc.WithTransportCredentials(grpcCredentials(tlsConfig)),
-			grpc.WithUnaryInterceptor(client_middleware.DefaultTracingClient()),
+			grpc.WithChainUnaryInterceptor(
+				client_middleware.DefaultTracingClient(),
+				client_middleware.UnaryActivityClientInterceptor(),
+			),
 		})
 	if err != nil {
 		return nil, err
@@ -176,6 +182,7 @@ func addInterceptors(
 	handler = http_mw.CORSInterceptor(handler)
 	handler = http_mw.RobotsTagHandler(handler)
 	handler = http_mw.DefaultTelemetryHandler(handler)
+	handler = http_mw.ActivityHandler(handler)
 	// For some non-obvious reason, the exhaustedCookieInterceptor sends the SetCookie header
 	// only if it follows the http_mw.DefaultTelemetryHandler
 	handler = exhaustedCookieInterceptor(handler, accessInterceptor, queries)
--- a/internal/api/grpc/server/middleware/activity_interceptor.go
+++ b/internal/api/grpc/server/middleware/activity_interceptor.go
@@ -6,6 +6,7 @@ import (
 	"strings"

 	"google.golang.org/grpc"
+	"google.golang.org/grpc/metadata"

 	"github.com/zitadel/zitadel/internal/activity"
 	"github.com/zitadel/zitadel/internal/api/grpc/errors"
@@ -14,17 +15,13 @@ import (

 func ActivityInterceptor() grpc.UnaryServerInterceptor {
 	return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
+		ctx = activityInfoFromGateway(ctx).SetMethod(info.FullMethod).IntoContext(ctx)
 		resp, err := handler(ctx, req)
 		if isResourceAPI(info.FullMethod) {
 			code, _, _, _ := errors.ExtractCaosError(err)
 			ctx = ainfo.ActivityInfoFromContext(ctx).SetGRPCStatus(code).IntoContext(ctx)
 			activity.TriggerGRPCWithContext(ctx, activity.ResourceAPI)
 		}
-		if strings.HasPrefix(info.FullMethod, "/zitadel.session.v1.SessionService/") {
-			code, _, _, _ := errors.ExtractCaosError(err)
-			ctx = ainfo.ActivityInfoFromContext(ctx).SetGRPCStatus(code).IntoContext(ctx)
-			activity.TriggerGRPCWithContext(ctx, activity.SessionAPI)
-		}
 		return resp, err
 	}
 }
@@ -42,3 +39,20 @@ func isResourceAPI(method string) bool {
 		return strings.HasPrefix(method, prefix)
 	})
 }
+
+func activityInfoFromGateway(ctx context.Context) *ainfo.ActivityInfo {
+	info := ainfo.ActivityInfoFromContext(ctx)
+	md, ok := metadata.FromIncomingContext(ctx)
+	if !ok {
+		return info
+	}
+	path := md.Get(activity.PathKey)
+	if len(path) != 1 {
+		return info
+	}
+	requestMethod := md.Get(activity.RequestMethodKey)
+	if len(requestMethod) != 1 {
+		return info
+	}
+	return info.SetPath(path[0]).SetRequestMethod(requestMethod[0])
+}
--- a/internal/api/grpc/session/v2/session.go
+++ b/internal/api/grpc/session/v2/session.go
@@ -11,7 +11,6 @@ import (

 	"github.com/muhlemmer/gu"

-	"github.com/zitadel/zitadel/internal/activity"
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/api/grpc/object/v2"
 	"github.com/zitadel/zitadel/internal/command"
@@ -352,9 +351,6 @@ func (s *Server) checksToCommand(ctx context.Context, checks *session.Checks) ([
 		if err != nil {
 			return nil, err
 		}
-
-		// trigger activity log for session for user
-		activity.TriggerHTTP(ctx, user.ResourceOwner, user.ID, activity.SessionAPI)
 		sessionChecks = append(sessionChecks, command.CheckUser(user.ID, user.ResourceOwner))
 	}
 	if password := checks.GetPassword(); password != nil {