Search code examples
phplaravelnginxlaravel-5access-log

How to add Laravel username to the access log of nginx?

Anyone has an idea of how to include the Laravel's username of my users into the access log? I'm using Laravel 5.2 with Nginx on Ubuntu 16.04.

I know how to add data to the access log in Nginx, but, how do I pass information (in this case the username) from Laravel to Nginx in order to add that information to the access log?

Thanks

Solution

  • I've being doing more research and found little pieces here and there to achieve an actual solution.

    Description

    The solution I came up with, is to use a Middleware to set a header that includes the username, then create a log format that includes the content of that header, and then clear that header so that it doesn't shows up to the user.
    Note: This code is using Laravel 5.2, you may need to adjust a little for Laravel 5.3 or other version.

    Set the header

    Create a middleware in Laravel that sets the username in a header, like this:

    <?php 
namespace App\Http\Middleware;

use Closure;
use Illuminate\Contracts\Auth\Guard;
use Illuminate\Http\Request;

class UserHeader
{
    protected $auth;

    public function __construct(Guard $auth)
    {
        $this->auth = $auth;
    }

    public function handle(Request $request, Closure $next)
    {
        $response = $next($request);
        $user = $this->auth->user();
        if ($user) {
            $response->headers->set('X-Username', $user->name);
        } else {
            $response->headers->set('X-Username', 'Anonymous');
        }
        return $response;
    }
}

    Then register the middleware in app/Http/Kernel.php

    protected $middleware = [
    // ....
    UserHeader::class,
];

    This would add a header like this in the response:

    X-Username: Administrator

    Use the header

    Now, we handle this header in Nginx.
    We create a log format to use that variable and we include $sent_http_x_username in the format in /etc/nginx/nginx.conf

    log_format with_user_combined '$remote_addr - $sent_http_x_username [$time_local] '
    '"$request" $status $body_bytes_sent '
    '"$http_referer" "$http_user_agent" '
    '$pipe';

    Then we use that format in our access log /etc/nginx/sites-enabled/mysite.com:

    access_log /var/log/nginx/access-mysite.com.log with_user_combined;

    Optional

    And then, we clear the header so it doesn't get passed to the user:

    more_clear_headers 'X-Username';

    Leaving the header there doesn't represents any security issue as long as you don't ever decide to thrust that information in any part of your logic.

    This could also could be applied to other kind of data that could be useful to have included in our logs.

    I hope this helps others.