fix(*) use a standarlized log interface

lib/resty/acme/autossl.lua

@@ -5,7 +5,7 @@ local openssl = require "resty.acme.openssl"
 local json = require "cjson"
 local ssl = require "ngx.ssl"
 
-local log = ngx.log
+local log = util.log
 local ngx_ERR = ngx.ERR
 local ngx_WARN = ngx.WARN
 local ngx_INFO = ngx.INFO
@@ -228,7 +228,7 @@ function AUTOSSL.update_cert(data)
   local lock_key = update_cert_lock_key_prefix .. ":" .. data.domain
   local err = AUTOSSL.storage:add(lock_key, "1", CERTS_LOCK_TTL)
   if err then
-    ngx.log(ngx.INFO,
+    log(ngx.INFO,
       "update is already running (lock key ", lock_key, " exists), current type ", data.type)
     return nil
   end
@@ -335,7 +335,7 @@ function AUTOSSL.init(autossl_config, acme_config)
   end
 
   if not domain_whitelist and not domain_whitelist_callback then
-    ngx.log(ngx.WARN, "neither domain_whitelist or domain_whitelist_callback is defined, this may cause",
+    log(ngx.WARN, "neither domain_whitelist or domain_whitelist_callback is defined, this may cause",
                       "security issues as all SNI will trigger a creation of certificate")
   end
 

lib/resty/acme/challenge/http-01.lua

@@ -1,3 +1,6 @@
+local util = require "resty.acme.util"
+local log = util.log
+
 local _M = {}
 local mt = {__index = _M}
 
@@ -25,31 +28,31 @@ end
 
 function _M:serve_challenge()
   if ngx.config.subsystem ~= "http" then
-    ngx.log(ngx.ERR, "http-01 challenge can't be used in ", ngx.config.subsystem, " subsystem")
+    log(ngx.ERR, "http-01 challenge can't be used in ", ngx.config.subsystem, " subsystem")
     ngx.exit(500)
   end
 
   local captures, err =
     ngx.re.match(ngx.var.request_uri, [[\.well-known/]] .. self.uri_prefix .. "/(.+)", "jo")
 
   if err or not captures or not captures[1] then
-    ngx.log(ngx.ERR, "error extracting token from request_uri ", err)
+    log(ngx.ERR, "error extracting token from request_uri ", err)
     ngx.exit(400)
   end
 
   local token = captures[1]
 
-  ngx.log(ngx.DEBUG, "token is ", token)
+  log(ngx.DEBUG, "token is ", token)
 
   local value, err = self.storage:get(ch_key(token))
 
   if err then
-    ngx.log(ngx.ERR, "error getting challenge response from storage ", err)
+    log(ngx.ERR, "error getting challenge response from storage ", err)
     ngx.exit(500)
   end
 
   if not value then
-    ngx.log(ngx.WARN, "no corresponding response found for ", token)
+    log(ngx.WARN, "no corresponding response found for ", token)
     ngx.exit(404)
   end
 

lib/resty/acme/challenge/tls-alpn-01.lua

@@ -1,5 +1,7 @@
 local ffi = require("ffi")
 local ssl = require "ngx.ssl"
+local util = require "resty.acme.util"
+local log = util.log
 
 local pkey = require("resty.openssl.pkey")
 local digest = require("resty.openssl.digest")
@@ -46,7 +48,7 @@ end)
 local function inject_tls_alpn()
   local ssl_ctx, err = ssl_ctx.from_request()
   if err then
-    ngx.log(ngx.WARN, "inject_tls_alpn: ", err)
+    log(ngx.WARN, "inject_tls_alpn: ", err)
     return
   end
   ffi.C.SSL_CTX_set_alpn_select_cb(ssl_ctx.ctx, alpn_select_cb, nil)
@@ -99,20 +101,20 @@ local function serve_challenge_cert(self)
   local domain = assert(ssl.server_name())
   local challenge, err = self.storage:get(ch_key(domain))
   if err then
-    ngx.log(ngx.ERR, "error getting challenge response from storage ", err)
+    log(ngx.ERR, "error getting challenge response from storage ", err)
     ngx.exit(500)
   end
 
   if not challenge then
-    ngx.log(ngx.WARN, "no corresponding response found for ", domain)
+    log(ngx.WARN, "no corresponding response found for ", domain)
     ngx.exit(404)
   end
 
   local dgst = assert(digest.new("sha256"):final(challenge))
   -- 0x04: OCTET STRING
   -- 0x20: length
   dgst = "DER:0420" .. dgst:gsub("(.)", function(s) return string.format("%02x", string.byte(s)) end)
-  ngx.log(ngx.DEBUG, "token: ", challenge, ", digest: ", dgst)
+  log(ngx.DEBUG, "token: ", challenge, ", digest: ", dgst)
 
   local key = pkey.new()
   local cert = x509.new()
@@ -135,12 +137,12 @@ local function serve_challenge_cert(self)
   assert(ssl.set_cert(cert_ct))
   assert(ssl.set_priv_key(key_ct))
 
-  ngx.log(ngx.DEBUG, "served tls-alpn challenge")
+  log(ngx.DEBUG, "served tls-alpn challenge")
 end
 
 function _M:serve_challenge()
   if ngx.config.subsystem ~= "stream" then
-    ngx.log(ngx.ERR, "tls-apln-01 challenge can't be used in ", ngx.config.subsystem, " subsystem")
+    log(ngx.ERR, "tls-apln-01 challenge can't be used in ", ngx.config.subsystem, " subsystem")
     ngx.exit(500)
   end
 
@@ -150,7 +152,7 @@ function _M:serve_challenge()
       serve_challenge_cert(self)
     end
   else
-    ngx.log(ngx.ERR, "tls-apln-01 challenge don't know what to do in ", phase, " phase")
+    log(ngx.ERR, "tls-apln-01 challenge don't know what to do in ", phase, " phase")
     ngx.exit(500)
   end
 end

lib/resty/acme/client.lua

@@ -6,7 +6,7 @@ local openssl = require("resty.acme.openssl")
 local encode_base64url = util.encode_base64url
 local decode_base64url = util.decode_base64url
 
-local log = ngx.log
+local log = util.log
 local ngx_ERR = ngx.ERR
 local ngx_INFO = ngx.INFO
 local ngx_DEBUG = ngx.DEBUG

lib/resty/acme/openssl.lua

@@ -2,7 +2,7 @@ local ok, ret = pcall(require, "resty.openssl")
 
 if ok then
   local version = require("resty.openssl.version")
-  ngx.log(ngx.INFO, "using ffi, OpenSSL version linked: ", string.format("%x", version.version_num))
+  ngx.log(ngx.DEBUG, "[acme] using ffi, OpenSSL version linked: ", string.format("%x", version.version_num))
 
   return {
     pkey = require("resty.openssl.pkey"),
@@ -15,11 +15,11 @@ if ok then
   }
 end
 
-ngx.log(ngx.INFO, "resty.openssl doesn't load: ", ret)
+ngx.log(ngx.INFO, "[acme] resty.openssl doesn't load: ", ret)
 
 local ok, _ = pcall(require, "openssl.pkey")
 if ok then
-  ngx.log(ngx.INFO, "using luaossl")
+  ngx.log(ngx.DEBUG, "[acme] using luaossl")
   local tb = {
     pkey = require("openssl.pkey"),
     x509 = require("openssl.x509"),

lib/resty/acme/util.lua

@@ -1,3 +1,6 @@
+local reverse = string.reverse
+local find = string.find
+local sub = string.sub
 local openssl = require("resty.acme.openssl")
 
 -- https://tools.ietf.org/html/rfc8555 Page 10
@@ -14,6 +17,7 @@ local encode_base64url = base64.encode_base64url
 --     return ngx.encode_base64(s):gsub("/", "_"):gsub("+", "-"):gsub("[= ]", "")
 --   end
 local decode_base64url = base64.decode_base64url
+local errlog = require("ngx.errlog")
 
 -- https://tools.ietf.org/html/rfc7638
 local function thumbprint(pkey)
@@ -140,11 +144,41 @@ local function check_chain_root_issuer(chain_pem, issuer_name)
   return false, "cert not found in PEM chain"
 end
 
+local function log(lvl, ...)
+  -- log to error logs with our custom prefix, stack level
+  -- and separator
+  local n = select("#", ...)
+  local t = { ... }
+  local info = debug.getinfo(2, "Sl")
+
+  -- kong: kong/pdk/log
+  local short_src = info.short_src
+  if short_src then
+    local rev_src = reverse(short_src)
+    local idx = find(rev_src, "/", nil, true)
+    if idx then
+      short_src = sub(short_src, #rev_src - idx + 2)
+    end
+  end
+
+  local prefix = string.format("[acme] %s:%d: ", short_src, info.currentline)
+  local buf = { prefix }
+
+  for i = 1, n do
+    buf[i + 1] = tostring(t[i])
+  end
+
+  local msg = table.concat(buf, "")
+
+  errlog.raw_log(lvl, msg)
+end
+
 return {
     encode_base64url = encode_base64url,
     decode_base64url = decode_base64url,
     thumbprint = thumbprint,
     create_csr = create_csr,
     create_pkey = create_pkey,
     check_chain_root_issuer = check_chain_root_issuer,
+    log = log,
 }