LoggerService

.gitignore

@@ -3,3 +3,5 @@
 .idea/
 server/vendor/
 build/
+
+server/config/config.php

logs/.htaccess

@@ -0,0 +1,30 @@
+#
+# SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: AGPL-3.0-or-later
+#
+
+# Section for Apache 2.4 to 2.6
+<IfModule mod_authz_core.c>
+  Require all denied
+</IfModule>
+<IfModule mod_access_compat.c>
+  Order Allow,Deny
+  Deny from all
+  Satisfy All
+</IfModule>
+
+# Section for Apache 2.2
+<IfModule !mod_authz_core.c>
+  <IfModule !mod_access_compat.c>
+    <IfModule mod_authz_host.c>
+      Order Allow,Deny
+      Deny from all
+    </IfModule>
+    Satisfy All
+  </IfModule>
+</IfModule>
+
+# Section for Apache 2.2 to 2.6
+<IfModule mod_autoindex.c>
+  IndexIgnore *
+</IfModule>

server/config/config.sample.php

@@ -19,8 +19,16 @@
 	// error verbose
 	'ERROR_VERBOSE' => true,
 
-	// logfile
-	'LOG' => '/tmp/lookup.log',
+	// *MUST* ensure that log file is stored in a folder made not available to the outside world
+	'LOG' => [
+		'ENABLED' => true,
+		'LEVEL' => 0,
+		'FILE' => __DIR__ . '/../../logs/lookup.log',
+		'FILE_MODE' => 0640,
+		'DATE_FORMAT' => 'Y-m-d H:i:s',
+		'DATE_TIMEZONE' => 'UTC',
+		'HIDE_BACKTRACE' => false,
+	],
 
 	// replication logfile
 	'REPLICATION_LOG' => '/tmp/lookup_replication.log',

server/index.php

@@ -6,30 +6,29 @@
  * SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors
  * SPDX-License-Identifier: AGPL-3.0-or-later
  */
-
 namespace LookupServer;
 
-
 use LookupServer\Validator\Email;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 
 require __DIR__ . '/init.php';
 
-if (!isset($app) || !isset($container)) {
+if (!isset($app, $container)) {
 	return;
 }
 
 $r_head = function (ServerRequestInterface $request, ResponseInterface $response, array $args) {
+	$this->get('LoggerService')->debug('HEAD/GET request');
 	return $response->withHeader('X-Version', VERSION);
 };
 $app->map(['HEAD', 'GET'], '/', $r_head);
 $app->map(['HEAD', 'GET'], '/index.php', $r_head);
+$app->map(['HEAD', 'GET'], '/index.php/', $r_head);
 
 $r_search = function (ServerRequestInterface $request, ResponseInterface $response, array $args) {
 	/** @var UserManager $userManager */
 	$userManager = $this->get('UserManager');
-
 	return $userManager->search($request, $response, $args);
 };
 $app->get('/users', $r_search);
@@ -38,58 +37,46 @@
 $r_register = function (ServerRequestInterface $request, ResponseInterface $response, array $args) {
 	/** @var UserManager $userManager */
 	$userManager = $this->get('UserManager');
-
 	return $userManager->register($request, $response, $args);
 };
 $app->post('/users', $r_register);
 $app->post('/index.php/users', $r_register);
 
-
 $r_delete = function (ServerRequestInterface $request, ResponseInterface $response, array $args) {
 	/** @var UserManager $userManager */
 	$userManager = $this->get('UserManager');
-
 	return $userManager->delete($request, $response, $args);
 };
 $app->delete('/users', $r_delete);
 $app->delete('/index.php/users', $r_delete);
 
-
 $r_batchDetails = function (ServerRequestInterface $request, ResponseInterface $response, array $args) {
 	/** @var UserManager $userManager */
 	$userManager = $this->get('UserManager');
-
 	return $userManager->batchDetails($request, $response, $args);
 };
 $app->get('/gs/users', $r_batchDetails);
 $app->get('/index.php/gs/users', $r_batchDetails);
 
-
 $r_batchRegister = function (ServerRequestInterface $request, ResponseInterface $response, array $args) {
 	/** @var UserManager $userManager */
 	$userManager = $this->get('UserManager');
-
 	return $userManager->batchRegister($request, $response, $args);
 };
 $app->post('/gs/users', $r_batchRegister);
 $app->post('/index.php/gs/users', $r_batchRegister);
 
-
 $r_batchDelete = function (ServerRequestInterface $request, ResponseInterface $response, array $args) {
 	/** @var UserManager $userManager */
 	$userManager = $this->get('UserManager');
-
 	return $userManager->batchDelete($request, $response, $args);
 };
 $app->delete('/gs/users', $r_batchDelete);
 $app->delete('/index.php/gs/users', $r_batchDelete);
 
-
-
 $r_instances = function (ServerRequestInterface $request, ResponseInterface $response, array $args) {
 	/** @var InstanceManager $instanceManager */
 	$instanceManager = $this->get('InstanceManager');
-
 	return $instanceManager->getInstances($request, $response);
 };
 $app->get('/gs/instances', $r_instances);
@@ -100,34 +87,24 @@
 $r_validateEmail = function (ServerRequestInterface $request, ResponseInterface $response, array $args) {
 	/** @var Email $emailValidator */
 	$emailValidator = $this->get('EmailValidator');
-
 	return $emailValidator->validate($request, $response, $args);
 };
 $app->get('/validate/email/{token}', $r_validateEmail);
 $app->get('/index.php/validate/email/{token}', $r_validateEmail);
 
-
 $r_status = function (ServerRequestInterface $request, ResponseInterface $response, array $args) {
-	$response->getBody()->write(
-		json_encode(
-			['version' => VERSION]
-		)
-	);
-
+	$response->getBody()->write(json_encode(['version' => VERSION], JSON_THROW_ON_ERROR));
 	return $response;
 };
 $app->get('/status', $r_status);
 $app->get('/index.php/status', $r_status);
 
-
 $r_export = function (ServerRequestInterface $request, ResponseInterface $response, array $args) {
 	/** @var Replication $replication */
 	$replication = $this->get('Replication');
-
 	return $replication->export($request, $response, $args);
 };
 $app->get('/replication', $r_export);
 $app->get('/index.php/replication', $r_export);
 
-
 $app->run();

server/init.php

@@ -6,18 +6,14 @@
  * SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors
  * SPDX-License-Identifier: AGPL-3.0-or-later
  */
-
 namespace LookupServer;
 
-
 use DI\Container;
 use LookupServer\Service\DependenciesService;
 use Slim\Factory\AppFactory;
 
-
 define('VERSION', '1.1.2');
 
-
 require __DIR__ . '/vendor/autoload.php';
 
 $container = new Container();
@@ -34,4 +30,3 @@
 	return new DependenciesService($c->get('Settings'));
 });
 $container->get('DependenciesService')->initContainer($container, $app);
-

server/lib/Exceptions/LoggerException.php

@@ -0,0 +1,14 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+namespace LookupServer\Exceptions;
+
+use Exception;
+
+class LoggerException extends Exception {
+}

server/lib/InstanceManager.php

@@ -10,6 +10,7 @@
 namespace LookupServer;
 
 use Exception;
+use LookupServer\Service\LoggerService;
 use LookupServer\Service\SecurityService;
 use PDO;
 use Psr\Http\Message\ResponseInterface as Response;
@@ -19,7 +20,8 @@ class InstanceManager {
 	public function __construct(
 		private PDO $db,
 		private SecurityService $securityService,
-		private array $instances
+		private array $instances,
+		private LoggerService $logger,
 	) {
 	}
 

server/lib/Logger/ILogWriter.php

@@ -0,0 +1,13 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+namespace LookupServer\Logger;
+
+interface ILogWriter {
+	public function write(string $entry): void;
+}

server/lib/Logger/LogFile.php

@@ -0,0 +1,62 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+namespace LookupServer\Logger;
+
+use JsonException;
+use LookupServer\Exceptions\LoggerException;
+use LookupServer\Tools\Traits\TArrayTools;
+
+class LogFile implements ILogWriter {
+	use TArrayTools;
+
+	private ?string $logFile = null;
+	private ?int $logFileMode = null;
+
+	public function __construct(
+		private array $settings = [],
+	) {
+	}
+
+	/**
+	 * @throws LoggerException
+	 */
+	private function getLogFile(): string {
+		if ($this->logFile === null) {
+			$path = $this->settings['settings']['log']['file'] ?? '';
+			if ($path === '') {
+				throw new LoggerException('log disabled');
+			}
+			$this->logFile = $path;
+		}
+		return $this->logFile;
+	}
+
+	public function write(string $entry): void {
+		try {
+			$handle = @fopen($this->getLogFile(), 'a');
+		} catch (LoggerException) {
+			return;
+		}
+
+		if ($this->logFileMode === null) {
+			$this->logFileMode = $this->settings['settings']['log']['file_mode'] ?? 0640;
+		}
+
+		if ($this->logFileMode > 0 && is_file($this->logFile) && (fileperms($this->logFile) & 0777) !== $this->logFileMode) {
+			@chmod($this->logFile, $this->logFileMode);
+		}
+
+		if ($handle) {
+			fwrite($handle, $entry . "\n");
+			fclose($handle);
+		} else {
+			error_log($entry);
+ 		}
+	}
+}

server/lib/Replication.php

@@ -10,6 +10,7 @@
 namespace LookupServer;
 
 use GuzzleHttp\Client;
+use LookupServer\Service\LoggerService;
 use LookupServer\Service\SecurityService;
 use PDO;
 use Psr\Http\Message\ResponseInterface;
@@ -22,7 +23,9 @@ class Replication {
 	public function __construct(
 		private PDO $db,
 		private SecurityService $securityService,
-		private array $replicationHosts) {
+		private array $replicationHosts,
+		private LoggerService $logger,
+	) {
 	}