From 27f7c6ed2ce3099cf56a7288414616ef46269bf0 Mon Sep 17 00:00:00 2001
From: Shiming Zhang <wzshiming@hotmail.com>
Date: Wed, 11 Sep 2024 10:28:57 +0800
Subject: [PATCH] Detail denied logs

---
 crproxy.go          |  3 +++
 crproxy_blob.go     |  9 +++++----
 crproxy_manifest.go | 12 ++++++++++++
 utils.go            |  7 +++++++
 4 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/crproxy.go b/crproxy.go
index af1e48a..70a5a05 100644
--- a/crproxy.go
+++ b/crproxy.go
@@ -611,6 +611,9 @@ func (c *CRProxy) directResponse(rw http.ResponseWriter, r *http.Request, info *
 
 	switch resp.StatusCode {
 	case http.StatusUnauthorized, http.StatusForbidden:
+		if c.logger != nil {
+			c.logger.Println("origin direct response 40x, but hit caches", info.Host, info.Image, err, dumpResponse(resp))
+		}
 		errcode.ServeJSON(rw, errcode.ErrorCodeDenied)
 		return
 	}
diff --git a/crproxy_blob.go b/crproxy_blob.go
index 39d8ecc..5ceed5a 100644
--- a/crproxy_blob.go
+++ b/crproxy_blob.go
@@ -140,11 +140,12 @@ func (c *CRProxy) cacheBlobContent(ctx context.Context, r *http.Request, blobPat
 		resp.Body.Close()
 	}()
 
+	switch resp.StatusCode {
+	case http.StatusUnauthorized, http.StatusForbidden:
+		return 0, errcode.ErrorCodeDenied
+	}
+
 	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
-		switch resp.StatusCode {
-		case http.StatusUnauthorized, http.StatusForbidden:
-			return 0, errcode.ErrorCodeDenied
-		}
 		return 0, errcode.ErrorCodeUnknown.WithMessage(fmt.Sprintf("Source response code %d", resp.StatusCode))
 	}
 
diff --git a/crproxy_manifest.go b/crproxy_manifest.go
index 6fc5802..46323b7 100644
--- a/crproxy_manifest.go
+++ b/crproxy_manifest.go
@@ -49,16 +49,28 @@ func (c *CRProxy) cacheManifestResponse(rw http.ResponseWriter, r *http.Request,
 	switch resp.StatusCode {
 	case http.StatusUnauthorized, http.StatusForbidden:
 		if c.cachedManifest(rw, r, info, false) {
+			if c.logger != nil {
+				c.logger.Println("origin manifest response 40x, but hit caches", info.Host, info.Image, err, dumpResponse(resp))
+			}
 			return
 		}
+		if c.logger != nil {
+			c.logger.Println("origin manifest response 40x", info.Host, info.Image, err, dumpResponse(resp))
+		}
 		errcode.ServeJSON(rw, errcode.ErrorCodeDenied)
 		return
 	}
 
 	if resp.StatusCode >= http.StatusInternalServerError {
 		if c.cachedManifest(rw, r, info, false) {
+			if c.logger != nil {
+				c.logger.Println("origin manifest response 5xx, but hit caches", info.Host, info.Image, err, dumpResponse(resp))
+			}
 			return
 		}
+		if c.logger != nil {
+			c.logger.Println("origin manifest response 5xx", info.Host, info.Image, err, dumpResponse(resp))
+		}
 	}
 
 	resp.Header.Del("Docker-Ratelimit-Source")
diff --git a/utils.go b/utils.go
index 17ca634..7e3622c 100644
--- a/utils.go
+++ b/utils.go
@@ -2,6 +2,8 @@ package crproxy
 
 import (
 	"fmt"
+	"io"
+	"net/http"
 	"strings"
 )
 
@@ -158,3 +160,8 @@ func isDomainName(s string) bool {
 
 	return nonNumeric
 }
+
+func dumpResponse(resp *http.Response) string {
+	body, _ := io.ReadAll(io.LimitReader(resp.Body, 100))
+	return fmt.Sprintf("%d %d %q", resp.StatusCode, resp.ContentLength, string(body))
+}