generalize events

authenticate/middleware.go

@@ -1,16 +1,11 @@
 package authenticate
 
 import (
-	"context"
 	"net/http"
-	"net/url"
 
 	"github.com/pomerium/pomerium/internal/httputil"
-	"github.com/pomerium/pomerium/internal/log"
 	"github.com/pomerium/pomerium/internal/middleware"
 	"github.com/pomerium/pomerium/internal/urlutil"
-	"github.com/pomerium/pomerium/pkg/grpc/identity"
-	"github.com/pomerium/pomerium/pkg/hpke"
 )
 
 // requireValidSignatureOnRedirect validates the pomerium_signature if a redirect_uri or pomerium_signature
@@ -53,41 +48,3 @@ func (a *Authenticate) getExternalRequest(r *http.Request) *http.Request {
 
 	return urlutil.GetExternalRequest(internalURL, externalURL, r)
 }
-
-func (a *Authenticate) logAuthenticateEvent(r *http.Request, profile *identity.Profile) {
-	state := a.state.Load()
-	ctx := r.Context()
-	pub, params, err := hpke.DecryptURLValues(state.hpkePrivateKey, r.Form)
-	if err != nil {
-		log.Warn(ctx).Err(err).Msg("log authenticate event: failed to decrypt request params")
-	}
-
-	evt := log.Info(context.Background()).
-		Str("ip", httputil.GetClientIP(r)).
-		Str("pomerium_version", params.Get(urlutil.QueryVersion)).
-		Str("pomerium_request_uuid", params.Get(urlutil.QueryRequestUUID)).
-		Str("pomerium_pub", pub.String())
-
-	if uid := getUserID(profile); uid != "" {
-		evt = evt.Str("authenticate_event", "sign_in_completed").
-			Str("pomerium_idp_user", getUserID(profile))
-	} else {
-		evt = evt.Str("authenticate_event", "sign_in")
-	}
-
-	if redirectURL, err := url.Parse(params.Get(urlutil.QueryRedirectURI)); err == nil {
-		evt = evt.Str("domain", redirectURL.Hostname())
-	}
-
-	evt.Msg("authenticate: event")
-}
-
-func getUserID(profile *identity.Profile) string {
-	if profile == nil {
-		return ""
-	}
-	if profile.Claims == nil {
-		return ""
-	}
-	return profile.Claims.Fields["sub"].GetStringValue()
-}