Make CDN signature logging opt-in, log stack when both path and url are provided

src/util/Signing.ts

@@ -24,6 +24,7 @@ import * as console from "node:console";
 export class NewUrlUserSignatureData {
 	ip?: string;
 	userAgent?: string;
+
 	constructor(data: NewUrlUserSignatureData) {
 		this.ip = data.ip;
 		this.userAgent = data.userAgent;
@@ -46,6 +47,7 @@ export class NewUrlSignatureData extends NewUrlUserSignatureData {
 		if (this.path && this.url) {
 			console.warn(
 				"[Signing] Both path and url are provided, using path for signing",
+				new Error().stack,
 			);
 		}
 		if (this.url) {
@@ -97,10 +99,15 @@ export class UrlSignResult {
 
 	static fromUrl(url: URL | string): UrlSignResult {
 		if (typeof url === "string") {
+			if (process.env["LOG_CDN_SIGNATURES"])
 				console.debug("[Signing] Parsing URL from string:", url);
 			url = new URL(url);
 		}
-		console.debug("[Signing] Parsing URL from URL object:", url.toString());
+		if (process.env["LOG_CDN_SIGNATURES"])
+			console.debug(
+				"[Signing] Parsing URL from URL object:",
+				url.toString(),
+			);
 		const ex = url.searchParams.get("ex");
 		const is = url.searchParams.get("is");
 		const hm = url.searchParams.get("hm");
@@ -151,6 +158,7 @@ function calculateHash(request: UrlSignatureData): UrlSignResult {
 				"[Signing] CDN Signature IP is enabled but we couldn't find the IP field in the request. This may cause issues with signature validation. Please report this to the Spacebar team!",
 			);
 		else {
+			if (process.env["LOG_CDN_SIGNATURES"])
 				console.log(
 					"[Signing] CDN Signature IP is enabled, adding IP to hash:",
 					request.ip,
@@ -165,6 +173,7 @@ function calculateHash(request: UrlSignatureData): UrlSignResult {
 				"[Signing] CDN Signature User-Agent is enabled but we couldn't find the user-agent header in the request. This may cause issues with signature validation. Please report this to the Spacebar team!",
 			);
 		else {
+			if (process.env["LOG_CDN_SIGNATURES"])
 				console.log(
 					"[Signing] CDN Signature User-Agent is enabled, adding User-Agent to hash:",
 					request.userAgent,
@@ -180,6 +189,7 @@ function calculateHash(request: UrlSignatureData): UrlSignResult {
 		expiresAt: request.expiresAt,
 		hash,
 	});
+	if (process.env["LOG_CDN_SIGNATURES"])
 		console.log(
 			"[Signing]",
 			{
@@ -204,6 +214,7 @@ export const isExpired = (data: UrlSignResult | UrlSignatureData) => {
 	const expiresAt = parseInt(data.expiresAt, 16);
 
 	if (Number.isNaN(issuedAt) || Number.isNaN(expiresAt)) {
+		if (process.env["LOG_CDN_SIGNATURES"])
 			console.debug("[Signing] Invalid timestamps in query");
 		return true;
 	}
@@ -212,12 +223,14 @@ export const isExpired = (data: UrlSignResult | UrlSignatureData) => {
 
 	const isExpired = expiresAt < currentTime;
 	if (isExpired) {
+		if (process.env["LOG_CDN_SIGNATURES"])
 			console.debug("[Signing] Signature expired");
 		return true;
 	}
 
 	const isValidIssuedAt = issuedAt < currentTime;
 	if (!isValidIssuedAt) {
+		if (process.env["LOG_CDN_SIGNATURES"])
 			console.debug("[Signing] Signature issued in the future");
 		return true;
 	}
@@ -231,6 +244,7 @@ export const hasValidSignature = (
 ) => {
 	// if the required query parameters are not present, return false
 	if (!sig.expiresAt || !sig.issuedAt || !sig.hash) {
+		if (process.env["LOG_CDN_SIGNATURES"])
 			console.warn(
 				"[Signing] Missing required query parameters for signature validation",
 			);
@@ -239,6 +253,7 @@ export const hasValidSignature = (
 
 	// check if the signature is expired
 	if (isExpired(sig)) {
+		if (process.env["LOG_CDN_SIGNATURES"])
 			console.warn("[Signing] Signature is expired");
 		return false;
 	}
@@ -288,6 +303,7 @@ export const hasValidSignature = (
 		timingSafeEqual(calculated, received);
 
 	if (!isHashValid)
+		if (process.env["LOG_CDN_SIGNATURES"])
 			console.warn(
 				`Signature validation for ${sig.path} (is=${sig.issuedAt}, ex=${sig.expiresAt}) failed: calculated: ${calcd}, received: ${sig.hash}`,
 			);