fix: use raw url string in huma err logger

dennisgsmith · dennisgsmith · commit 5ea6e8e5676c · 2025-11-05T20:45:17.000-05:00
chore: wrap errors in SetResponse for logging
diff --git a/api/internal/httperr/huma.go b/api/internal/httperr/huma.go
@@ -195,7 +195,8 @@ func ServerErrorOrNotFound(err error) *InternalHTTPError {
 
 func (s *Service) logHumaReqErr(hctx huma.Context, status int, msg string, errs any) {
 	ctx := hctx.Context()
-	uri, err := util.RedactQueryParam(hctx.URL().Path, "key")
+	rawURL := hctx.URL()
+	uri, err := util.RedactQueryParam(rawURL.String(), "key")
 	if err != nil {
 		s.cfg.logger.ErrorContext(ctx, "query parameter redactor failed", "error", err)
 	}
diff --git a/api/internal/middleware/audit.go b/api/internal/middleware/audit.go
@@ -86,7 +86,7 @@ func (m *apiMw) AttachClaims(ctx huma.Context, next func(huma.Context)) {
 
 	claims, err := mapClaims(userJWT)
 	if err != nil {
-		m.httperr.SetResponse(ctx, httperr.Forbidden(err))
+		m.httperr.SetResponse(ctx, httperr.Forbidden(fmt.Errorf("mapClaims(userJWT); %w", err)))
 		return
 	}
 
@@ -119,7 +119,7 @@ func (m *apiMw) AttachProfile(ctx huma.Context, next func(huma.Context)) {
 	if success, _ := reqCtx.Value(ctxkey.AppKeyAuthSuccess).(bool); success {
 		p, err := m.DBService.ProfileGetForEDIPI(reqCtx, 79)
 		if err != nil {
-			m.httperr.SetResponse(ctx, httperr.Forbidden(err))
+			m.httperr.SetResponse(ctx, httperr.Forbidden(fmt.Errorf("m.DBService.ProfileGetForEDIPI(reqCtx, 79) query error (app user); %w", err)))
 			return
 		}
 		newCtx := context.WithValue(reqCtx, ctxkey.Profile, p)
@@ -137,7 +137,7 @@ func (m *apiMw) AttachProfile(ctx huma.Context, next func(huma.Context)) {
 		}
 		p, err := m.DBService.ProfileGetForToken(reqCtx, keyID)
 		if err != nil {
-			m.httperr.SetResponse(ctx, httperr.Forbidden(err))
+			m.httperr.SetResponse(ctx, httperr.Forbidden(fmt.Errorf("m.DBService.ProfileGetForToken(reqCtx, keyID); %w", err)))
 			return
 		}
 		newCtx := context.WithValue(reqCtx, ctxkey.Profile, p)
@@ -154,7 +154,7 @@ func (m *apiMw) AttachProfile(ctx huma.Context, next func(huma.Context)) {
 
 	p, err := m.DBService.ProfileGetWithTokensForClaims(reqCtx, claims)
 	if err != nil {
-		m.httperr.SetResponse(ctx, httperr.Forbidden(err))
+		m.httperr.SetResponse(ctx, httperr.Forbidden(fmt.Errorf("m.DBService.ProfileGetWithTokensForClaims query error; %w", err)))
 		return
 	}
 
diff --git a/api/internal/middleware/jwt.go b/api/internal/middleware/jwt.go
@@ -30,7 +30,7 @@ func (m *apiMw) JWT(ctx huma.Context, next func(huma.Context)) {
 	case m.Config.AuthJWTMocked:
 		userJWT, err = mockJWT(ctx)
 		if err != nil {
-			m.httperr.SetResponse(ctx, httperr.Forbidden(err))
+			m.httperr.SetResponse(ctx, httperr.Forbidden(fmt.Errorf("mockJWT(ctx); %w", err)))
 			return
 		}
 	default:
diff --git a/go.work.sum b/go.work.sum
@@ -66,6 +66,7 @@ github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdko
 github.com/XSAM/otelsql v0.39.0/go.mod h1:uMOXLUX+wkuAuP0AR3B45NXX7E9lJS2mERa8gqdU8R0=
 github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY=
 github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g=
+github.com/aws/aws-sdk-go v1.55.7/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
 github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.19.5/go.mod h1:VNM08cHlOsIbSHRqb6D/M2L4kKXfJv3A2/f0GNbOQSc=
 github.com/aws/aws-sdk-go-v2/feature/dynamodb/expression v1.7.87/go.mod h1:ZeQC4gVarhdcWeM1c90DyBLaBCNhEeAbKUXwVI/byvw=
 github.com/aws/aws-sdk-go-v2/service/dynamodb v1.44.0/go.mod h1:mWB0GE1bqcVSvpW7OtFA0sKuHk52+IqtnsYU2jUfYAs=
@@ -146,6 +147,7 @@ github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65 h1:DadwsjnMwFjfWc9y5Wi/+Zz7xoE5ALHsRQlOctkOiHc=
 github.com/jackc/puddle v1.3.0 h1:eHK/5clGOatcjX3oWGBO/MpxpbHzSwud5EWTSCI+MX0=
+github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
 github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901/go.mod h1:Z86h9688Y0wesXCyonoVr47MasHilkuLMqGhRZ4Hpak=
 github.com/jonboulle/clockwork v0.4.0/go.mod h1:xgRqUGwRcjKCO1vbZUEtSLrqKoPSsUpK7fnezOII0kc=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=

Original file line number	Diff line number	Diff line change
`@@ -195,7 +195,8 @@ func ServerErrorOrNotFound(err error) *InternalHTTPError {`
`195`	`195`
`196`	`196`	`func (s *Service) logHumaReqErr(hctx huma.Context, status int, msg string, errs any) {`
`197`	`197`	`ctx := hctx.Context()`
`198`		`- uri, err := util.RedactQueryParam(hctx.URL().Path, "key")`
	`198`	`+ rawURL := hctx.URL()`
	`199`	`+ uri, err := util.RedactQueryParam(rawURL.String(), "key")`
`199`	`200`	`if err != nil {`
`200`	`201`	`s.cfg.logger.ErrorContext(ctx, "query parameter redactor failed", "error", err)`
`201`	`202`	`}`
Original file line number	Diff line number	Diff line change
`@@ -86,7 +86,7 @@ func (m *apiMw) AttachClaims(ctx huma.Context, next func(huma.Context)) {`
`86`	`86`
`87`	`87`	`claims, err := mapClaims(userJWT)`
`88`	`88`	`if err != nil {`
`89`		`- m.httperr.SetResponse(ctx, httperr.Forbidden(err))`
	`89`	`+ m.httperr.SetResponse(ctx, httperr.Forbidden(fmt.Errorf("mapClaims(userJWT); %w", err)))`
`90`	`90`	`return`
`91`	`91`	`}`
`92`	`92`
`@@ -119,7 +119,7 @@ func (m *apiMw) AttachProfile(ctx huma.Context, next func(huma.Context)) {`
`119`	`119`	`if success, _ := reqCtx.Value(ctxkey.AppKeyAuthSuccess).(bool); success {`
`120`	`120`	`p, err := m.DBService.ProfileGetForEDIPI(reqCtx, 79)`
`121`	`121`	`if err != nil {`
`122`		`- m.httperr.SetResponse(ctx, httperr.Forbidden(err))`
	`122`	`+ m.httperr.SetResponse(ctx, httperr.Forbidden(fmt.Errorf("m.DBService.ProfileGetForEDIPI(reqCtx, 79) query error (app user); %w", err)))`
`123`	`123`	`return`
`124`	`124`	`}`
`125`	`125`	`newCtx := context.WithValue(reqCtx, ctxkey.Profile, p)`
`@@ -137,7 +137,7 @@ func (m *apiMw) AttachProfile(ctx huma.Context, next func(huma.Context)) {`
`137`	`137`	`}`
`138`	`138`	`p, err := m.DBService.ProfileGetForToken(reqCtx, keyID)`
`139`	`139`	`if err != nil {`
`140`		`- m.httperr.SetResponse(ctx, httperr.Forbidden(err))`
	`140`	`+ m.httperr.SetResponse(ctx, httperr.Forbidden(fmt.Errorf("m.DBService.ProfileGetForToken(reqCtx, keyID); %w", err)))`
`141`	`141`	`return`
`142`	`142`	`}`
`143`	`143`	`newCtx := context.WithValue(reqCtx, ctxkey.Profile, p)`
`@@ -154,7 +154,7 @@ func (m *apiMw) AttachProfile(ctx huma.Context, next func(huma.Context)) {`
`154`	`154`
`155`	`155`	`p, err := m.DBService.ProfileGetWithTokensForClaims(reqCtx, claims)`
`156`	`156`	`if err != nil {`
`157`		`- m.httperr.SetResponse(ctx, httperr.Forbidden(err))`
	`157`	`+ m.httperr.SetResponse(ctx, httperr.Forbidden(fmt.Errorf("m.DBService.ProfileGetWithTokensForClaims query error; %w", err)))`
`158`	`158`	`return`
`159`	`159`	`}`
`160`	`160`
Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,7 @@ func (m *apiMw) JWT(ctx huma.Context, next func(huma.Context)) {`
`30`	`30`	`case m.Config.AuthJWTMocked:`
`31`	`31`	`userJWT, err = mockJWT(ctx)`
`32`	`32`	`if err != nil {`
`33`		`- m.httperr.SetResponse(ctx, httperr.Forbidden(err))`
	`33`	`+ m.httperr.SetResponse(ctx, httperr.Forbidden(fmt.Errorf("mockJWT(ctx); %w", err)))`
`34`	`34`	`return`
`35`	`35`	`}`
`36`	`36`	`default:`