Log errors using slog.Logger

This commit allows logging errors in a slog.Logger injected in the
context. This type of logger is not currently used directly in step-ca,
but this will change in the future.

Author: maraino

acme/api/account.go

@@ -82,23 +82,23 @@ func NewAccount(w http.ResponseWriter, r *http.Request) {
 
 	payload, err := payloadFromContext(ctx)
 	if err != nil {
-		render.Error(w, err)
+		render.Error(w, r, err)
 		return
 	}
 	var nar NewAccountRequest
 	if err := json.Unmarshal(payload.value, &nar); err != nil {
-		render.Error(w, acme.WrapError(acme.ErrorMalformedType, err,
+		render.Error(w, r, acme.WrapError(acme.ErrorMalformedType, err,
 			"failed to unmarshal new-account request payload"))
 		return
 	}
 	if err := nar.Validate(); err != nil {
-		render.Error(w, err)
+		render.Error(w, r, err)
 		return
 	}
 
 	prov, err := acmeProvisionerFromContext(ctx)
 	if err != nil {
-		render.Error(w, err)
+		render.Error(w, r, err)
 		return
 	}
 
@@ -108,26 +108,26 @@ func NewAccount(w http.ResponseWriter, r *http.Request) {
 		var acmeErr *acme.Error
 		if !errors.As(err, &acmeErr) || acmeErr.Status != http.StatusBadRequest {
 			// Something went wrong ...
-			render.Error(w, err)
+			render.Error(w, r, err)
 			return
 		}
 
 		// Account does not exist //
 		if nar.OnlyReturnExisting {
-			render.Error(w, acme.NewError(acme.ErrorAccountDoesNotExistType,
+			render.Error(w, r, acme.NewError(acme.ErrorAccountDoesNotExistType,
 				"account does not exist"))
 			return
 		}
 
 		jwk, err := jwkFromContext(ctx)
 		if err != nil {
-			render.Error(w, err)
+			render.Error(w, r, err)
 			return
 		}
 
 		eak, err := validateExternalAccountBinding(ctx, &nar)
 		if err != nil {
-			render.Error(w, err)
+			render.Error(w, r, err)
 			return
 		}
 
@@ -140,17 +140,17 @@ func NewAccount(w http.ResponseWriter, r *http.Request) {
 			ProvisionerName: prov.Name,
 		}
 		if err := db.CreateAccount(ctx, acc); err != nil {
-			render.Error(w, acme.WrapErrorISE(err, "error creating account"))
+			render.Error(w, r, acme.WrapErrorISE(err, "error creating account"))
 			return
 		}
 
 		if eak != nil { // means that we have a (valid) External Account Binding key that should be bound, updated and sent in the response
 			if err := eak.BindTo(acc); err != nil {
-				render.Error(w, err)
+				render.Error(w, r, err)
 				return
 			}
 			if err := db.UpdateExternalAccountKey(ctx, prov.ID, eak); err != nil {
-				render.Error(w, acme.WrapErrorISE(err, "error updating external account binding key"))
+				render.Error(w, r, acme.WrapErrorISE(err, "error updating external account binding key"))
 				return
 			}
 			acc.ExternalAccountBinding = nar.ExternalAccountBinding
@@ -163,7 +163,7 @@ func NewAccount(w http.ResponseWriter, r *http.Request) {
 	linker.LinkAccount(ctx, acc)
 
 	w.Header().Set("Location", getAccountLocationPath(ctx, linker, acc.ID))
-	render.JSONStatus(w, acc, httpStatus)
+	render.JSONStatus(w, r, acc, httpStatus)
 }
 
 // GetOrUpdateAccount is the api for updating an ACME account.
@@ -174,12 +174,12 @@ func GetOrUpdateAccount(w http.ResponseWriter, r *http.Request) {
 
 	acc, err := accountFromContext(ctx)
 	if err != nil {
-		render.Error(w, err)
+		render.Error(w, r, err)
 		return
 	}
 	payload, err := payloadFromContext(ctx)
 	if err != nil {
-		render.Error(w, err)
+		render.Error(w, r, err)
 		return
 	}
 
@@ -188,12 +188,12 @@ func GetOrUpdateAccount(w http.ResponseWriter, r *http.Request) {
 	if !payload.isPostAsGet {
 		var uar UpdateAccountRequest
 		if err := json.Unmarshal(payload.value, &uar); err != nil {
-			render.Error(w, acme.WrapError(acme.ErrorMalformedType, err,
+			render.Error(w, r, acme.WrapError(acme.ErrorMalformedType, err,
 				"failed to unmarshal new-account request payload"))
 			return
 		}
 		if err := uar.Validate(); err != nil {
-			render.Error(w, err)
+			render.Error(w, r, err)
 			return
 		}
 		if len(uar.Status) > 0 || len(uar.Contact) > 0 {
@@ -204,7 +204,7 @@ func GetOrUpdateAccount(w http.ResponseWriter, r *http.Request) {
 			}
 
 			if err := db.UpdateAccount(ctx, acc); err != nil {
-				render.Error(w, acme.WrapErrorISE(err, "error updating account"))
+				render.Error(w, r, acme.WrapErrorISE(err, "error updating account"))
 				return
 			}
 		}
@@ -213,7 +213,7 @@ func GetOrUpdateAccount(w http.ResponseWriter, r *http.Request) {
 	linker.LinkAccount(ctx, acc)
 
 	w.Header().Set("Location", linker.GetLink(ctx, acme.AccountLinkType, acc.ID))
-	render.JSON(w, acc)
+	render.JSON(w, r, acc)
 }
 
 func logOrdersByAccount(w http.ResponseWriter, oids []string) {
@@ -233,23 +233,23 @@ func GetOrdersByAccountID(w http.ResponseWriter, r *http.Request) {
 
 	acc, err := accountFromContext(ctx)
 	if err != nil {
-		render.Error(w, err)
+		render.Error(w, r, err)
 		return
 	}
 	accID := chi.URLParam(r, "accID")
 	if acc.ID != accID {
-		render.Error(w, acme.NewError(acme.ErrorUnauthorizedType, "account ID '%s' does not match url param '%s'", acc.ID, accID))
+		render.Error(w, r, acme.NewError(acme.ErrorUnauthorizedType, "account ID '%s' does not match url param '%s'", acc.ID, accID))
 		return
 	}
 
 	orders, err := db.GetOrdersByAccountID(ctx, acc.ID)
 	if err != nil {
-		render.Error(w, err)
+		render.Error(w, r, err)
 		return
 	}
 
 	linker.LinkOrdersByAccountID(ctx, orders)
 
-	render.JSON(w, orders)
+	render.JSON(w, r, orders)
 	logOrdersByAccount(w, orders)
 }

acme/api/handler.go

@@ -223,13 +223,13 @@ func GetDirectory(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	acmeProv, err := acmeProvisionerFromContext(ctx)
 	if err != nil {
-		render.Error(w, err)
+		render.Error(w, r, err)
 		return
 	}
 
 	linker := acme.MustLinkerFromContext(ctx)
 
-	render.JSON(w, &Directory{
+	render.JSON(w, r, &Directory{
 		NewNonce:   linker.GetLink(ctx, acme.NewNonceLinkType),
 		NewAccount: linker.GetLink(ctx, acme.NewAccountLinkType),
 		NewOrder:   linker.GetLink(ctx, acme.NewOrderLinkType),
@@ -273,8 +273,8 @@ func shouldAddMetaObject(p *provisioner.ACME) bool {
 
 // NotImplemented returns a 501 and is generally a placeholder for functionality which
 // MAY be added at some point in the future but is not in any way a guarantee of such.
-func NotImplemented(w http.ResponseWriter, _ *http.Request) {
-	render.Error(w, acme.NewError(acme.ErrorNotImplementedType, "this API is not implemented"))
+func NotImplemented(w http.ResponseWriter, r *http.Request) {
+	render.Error(w, r, acme.NewError(acme.ErrorNotImplementedType, "this API is not implemented"))
 }
 
 // GetAuthorization ACME api for retrieving an Authz.
@@ -285,28 +285,28 @@ func GetAuthorization(w http.ResponseWriter, r *http.Request) {
 
 	acc, err := accountFromContext(ctx)
 	if err != nil {
-		render.Error(w, err)
+		render.Error(w, r, err)
 		return
 	}
 	az, err := db.GetAuthorization(ctx, chi.URLParam(r, "authzID"))
 	if err != nil {
-		render.Error(w, acme.WrapErrorISE(err, "error retrieving authorization"))
+		render.Error(w, r, acme.WrapErrorISE(err, "error retrieving authorization"))
 		return
 	}
 	if acc.ID != az.AccountID {
-		render.Error(w, acme.NewError(acme.ErrorUnauthorizedType,
+		render.Error(w, r, acme.NewError(acme.ErrorUnauthorizedType,
 			"account '%s' does not own authorization '%s'", acc.ID, az.ID))
 		return
 	}
 	if err = az.UpdateStatus(ctx, db); err != nil {
-		render.Error(w, acme.WrapErrorISE(err, "error updating authorization status"))
+		render.Error(w, r, acme.WrapErrorISE(err, "error updating authorization status"))
 		return
 	}
 
 	linker.LinkAuthorization(ctx, az)
 
 	w.Header().Set("Location", linker.GetLink(ctx, acme.AuthzLinkType, az.ID))
-	render.JSON(w, az)
+	render.JSON(w, r, az)
 }
 
 // GetChallenge ACME api for retrieving a Challenge.
@@ -317,13 +317,13 @@ func GetChallenge(w http.ResponseWriter, r *http.Request) {
 
 	acc, err := accountFromContext(ctx)
 	if err != nil {
-		render.Error(w, err)
+		render.Error(w, r, err)
 		return
 	}
 
 	payload, err := payloadFromContext(ctx)
 	if err != nil {
-		render.Error(w, err)
+		render.Error(w, r, err)
 		return
 	}
 
@@ -336,30 +336,30 @@ func GetChallenge(w http.ResponseWriter, r *http.Request) {
 	azID := chi.URLParam(r, "authzID")
 	ch, err := db.GetChallenge(ctx, chi.URLParam(r, "chID"), azID)
 	if err != nil {
-		render.Error(w, acme.WrapErrorISE(err, "error retrieving challenge"))
+		render.Error(w, r, acme.WrapErrorISE(err, "error retrieving challenge"))
 		return
 	}
 	ch.AuthorizationID = azID
 	if acc.ID != ch.AccountID {
-		render.Error(w, acme.NewError(acme.ErrorUnauthorizedType,
+		render.Error(w, r, acme.NewError(acme.ErrorUnauthorizedType,
 			"account '%s' does not own challenge '%s'", acc.ID, ch.ID))
 		return
 	}
 	jwk, err := jwkFromContext(ctx)
 	if err != nil {
-		render.Error(w, err)
+		render.Error(w, r, err)
 		return
 	}
 	if err = ch.Validate(ctx, db, jwk, payload.value); err != nil {
-		render.Error(w, acme.WrapErrorISE(err, "error validating challenge"))
+		render.Error(w, r, acme.WrapErrorISE(err, "error validating challenge"))
 		return
 	}
 
 	linker.LinkChallenge(ctx, ch, azID)
 
 	w.Header().Add("Link", link(linker.GetLink(ctx, acme.AuthzLinkType, azID), "up"))
 	w.Header().Set("Location", linker.GetLink(ctx, acme.ChallengeLinkType, azID, ch.ID))
-	render.JSON(w, ch)
+	render.JSON(w, r, ch)
 }
 
 // GetCertificate ACME api for retrieving a Certificate.
@@ -369,18 +369,18 @@ func GetCertificate(w http.ResponseWriter, r *http.Request) {
 
 	acc, err := accountFromContext(ctx)
 	if err != nil {
-		render.Error(w, err)
+		render.Error(w, r, err)
 		return
 	}
 
 	certID := chi.URLParam(r, "certID")
 	cert, err := db.GetCertificate(ctx, certID)
 	if err != nil {
-		render.Error(w, acme.WrapErrorISE(err, "error retrieving certificate"))
+		render.Error(w, r, acme.WrapErrorISE(err, "error retrieving certificate"))
 		return
 	}
 	if cert.AccountID != acc.ID {
-		render.Error(w, acme.NewError(acme.ErrorUnauthorizedType,
+		render.Error(w, r, acme.NewError(acme.ErrorUnauthorizedType,
 			"account '%s' does not own certificate '%s'", acc.ID, certID))
 		return
 	}