feat: ja4-platform monorepo — 5 services unified, tests & RPM builds standardized

Services: - ja4sentinel: TLS/JA4 fingerprint capture daemon (Go, libpcap) - logcorrelator: JA4 log correlation engine (Go, ClickHouse) - mod_reqin_log: Apache module (C, JSON request logging) - bot_detector: ML bot detection pipeline (Python) - dashboard: FastAPI/Streamlit analytics UI (Python) Shared libraries: - shared/go/ja4common: logger, config, shutdown, ipfilter (Go module) - shared/python/ja4_common: ClickHouseClient, ClickHouseSettings (Python package) - shared/clickhouse/: canonical SQL migrations (10 files) Build & packaging: - Unified 3-stage Dockerfile.package for Go RPMs (el8/el9/el10) - go.work workspace linking sentinel, correlator, ja4common - Makefile with test-all, build-all, rpm-* targets Fixes applied: - go.work: 1.21 → 1.24.6 (required by sentinel) - correlator Dockerfiles: golang:1.21 → golang:1.24 - replace directives in go.mod for ja4common local path - pyproject.toml: setuptools.backends → setuptools.build_meta - Removed static libpcap linking (unavailable on Rocky 9) - Fixed data races in output/writers_test.go (sync.Mutex + atomic.Int32) - Rewrote corrupted test files (logger_test.go × 2) Test coverage: - correlator: 67.1% total (unixsocket 80.5%, config 91.7%, app 83.3%, multi 87.7%, stdout 100%) - sentinel: all 10 packages pass (api, capture, config, fingerprint, ipfilter, logging, output, tlsparse) Documentation: - README.md + docs/ (architecture, development, 5 services, shared libs, DB schema & migrations) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-07 16:42:59 +02:00
commit d469e39da7
278 changed files with 1621301 additions and 0 deletions
--- a/shared/go/ja4common/logger/logger.go
+++ b/shared/go/ja4common/logger/logger.go
@ -0,0 +1,263 @@
+// Package logger provides unified structured logging for the ja4-platform services.
+// It merges the component-based logger from sentinel and the prefix/fields-based
+// logger from correlator into a single implementation.
+package logger
+
+import (
+	"fmt"
+	"log"
+	"os"
+	"sort"
+	"strings"
+	"sync"
+)
+
+// LogLevel represents the severity of a log message.
+type LogLevel int
+
+const (
+	DEBUG LogLevel = iota
+	INFO
+	WARN
+	ERROR
+)
+
+// ParseLogLevel converts a string to LogLevel.
+func ParseLogLevel(level string) LogLevel {
+	switch strings.ToUpper(level) {
+	case "DEBUG":
+		return DEBUG
+	case "INFO":
+		return INFO
+	case "WARN", "WARNING":
+		return WARN
+	case "ERROR":
+		return ERROR
+	default:
+		return INFO
+	}
+}
+
+// String returns the string representation of a LogLevel.
+func (l LogLevel) String() string {
+	switch l {
+	case DEBUG:
+		return "DEBUG"
+	case INFO:
+		return "INFO"
+	case WARN:
+		return "WARN"
+	case ERROR:
+		return "ERROR"
+	default:
+		return "INFO"
+	}
+}
+
+// Logger provides structured prefix+fields-based logging (correlator style).
+type Logger struct {
+	mu       sync.RWMutex
+	logger   *log.Logger
+	prefix   string
+	fields   map[string]any
+	minLevel LogLevel
+}
+
+// New creates a new Logger with INFO level.
+func New(prefix string) *Logger {
+	return &Logger{
+		logger:   log.New(os.Stderr, "", log.LstdFlags|log.Lmicroseconds),
+		prefix:   prefix,
+		fields:   make(map[string]any),
+		minLevel: INFO,
+	}
+}
+
+// NewWithLevel creates a new Logger with the specified minimum level.
+func NewWithLevel(prefix string, level string) *Logger {
+	return &Logger{
+		logger:   log.New(os.Stderr, "", log.LstdFlags|log.Lmicroseconds),
+		prefix:   prefix,
+		fields:   make(map[string]any),
+		minLevel: ParseLogLevel(level),
+	}
+}
+
+// SetLevel sets the minimum log level.
+func (l *Logger) SetLevel(level string) {
+	l.mu.Lock()
+	defer l.mu.Unlock()
+	l.minLevel = ParseLogLevel(level)
+}
+
+// ShouldLog returns true if the given level should be logged.
+func (l *Logger) ShouldLog(level LogLevel) bool {
+	l.mu.RLock()
+	defer l.mu.RUnlock()
+	return level >= l.minLevel
+}
+
+// WithFields returns a new Logger with additional structured fields.
+func (l *Logger) WithFields(fields map[string]any) *Logger {
+	l.mu.RLock()
+	minLevel := l.minLevel
+	prefix := l.prefix
+	existing := make(map[string]any, len(l.fields))
+	for k, v := range l.fields {
+		existing[k] = v
+	}
+	l.mu.RUnlock()
+
+	for k, v := range fields {
+		existing[k] = v
+	}
+
+	return &Logger{
+		logger:   l.logger,
+		prefix:   prefix,
+		fields:   existing,
+		minLevel: minLevel,
+	}
+}
+
+// Info logs an info message.
+func (l *Logger) Info(msg string) {
+	if l.ShouldLog(INFO) {
+		l.emit("INFO", msg)
+	}
+}
+
+// Infof logs a formatted info message.
+func (l *Logger) Infof(msg string, args ...any) {
+	if l.ShouldLog(INFO) {
+		l.emit("INFO", fmt.Sprintf(msg, args...))
+	}
+}
+
+// Warn logs a warning message.
+func (l *Logger) Warn(msg string) {
+	if l.ShouldLog(WARN) {
+		l.emit("WARN", msg)
+	}
+}
+
+// Warnf logs a formatted warning message.
+func (l *Logger) Warnf(msg string, args ...any) {
+	if l.ShouldLog(WARN) {
+		l.emit("WARN", fmt.Sprintf(msg, args...))
+	}
+}
+
+// Error logs an error message with an optional error value.
+func (l *Logger) Error(msg string, err error) {
+	if !l.ShouldLog(ERROR) {
+		return
+	}
+	if err != nil {
+		l.emit("ERROR", msg+" "+err.Error())
+	} else {
+		l.emit("ERROR", msg)
+	}
+}
+
+// Debug logs a debug message.
+func (l *Logger) Debug(msg string) {
+	if l.ShouldLog(DEBUG) {
+		l.emit("DEBUG", msg)
+	}
+}
+
+// Debugf logs a formatted debug message.
+func (l *Logger) Debugf(msg string, args ...any) {
+	if l.ShouldLog(DEBUG) {
+		l.emit("DEBUG", fmt.Sprintf(msg, args...))
+	}
+}
+
+func (l *Logger) emit(level, msg string) {
+	l.mu.RLock()
+	prefix := l.prefix
+	fields := make(map[string]any, len(l.fields))
+	for k, v := range l.fields {
+		fields[k] = v
+	}
+	l.mu.RUnlock()
+
+	var b strings.Builder
+	if prefix != "" {
+		b.WriteString("[")
+		b.WriteString(prefix)
+		b.WriteString("] ")
+	}
+	b.WriteString(level)
+	b.WriteString(" ")
+	b.WriteString(msg)
+
+	if len(fields) > 0 {
+		keys := make([]string, 0, len(fields))
+		for k := range fields {
+			keys = append(keys, k)
+		}
+		sort.Strings(keys)
+		for _, k := range keys {
+			b.WriteString(" ")
+			b.WriteString(k)
+			b.WriteString("=")
+			b.WriteString(fmt.Sprintf("%v", fields[k]))
+		}
+	}
+
+	l.logger.Print(b.String())
+}
+
+// ComponentLogger wraps Logger to satisfy the sentinel-style component-based Logger interface.
+// This allows new services to use ja4common while sentinel's existing api.Logger interface
+// is still satisfied.
+type ComponentLogger struct {
+	*Logger
+}
+
+// NewComponentLogger creates a ComponentLogger with the specified log level.
+func NewComponentLogger(level string) *ComponentLogger {
+	return &ComponentLogger{Logger: NewWithLevel("", level)}
+}
+
+// Log emits a structured log entry for the given component.
+func (c *ComponentLogger) Log(component, level, message string, details map[string]string) {
+	fields := make(map[string]any, len(details)+1)
+	fields["component"] = component
+	for k, v := range details {
+		fields[k] = v
+	}
+	cl := c.Logger.WithFields(fields)
+	switch strings.ToLower(level) {
+	case "debug":
+		cl.Debug(message)
+	case "warn", "warning":
+		cl.Warn(message)
+	case "error":
+		cl.Error(message, nil)
+	default:
+		cl.Info(message)
+	}
+}
+
+// Debug logs a debug entry for the given component.
+func (c *ComponentLogger) Debug(component, message string, details map[string]string) {
+	c.Log(component, "debug", message, details)
+}
+
+// Info logs an info entry for the given component.
+func (c *ComponentLogger) Info(component, message string, details map[string]string) {
+	c.Log(component, "info", message, details)
+}
+
+// Warn logs a warning entry for the given component.
+func (c *ComponentLogger) Warn(component, message string, details map[string]string) {
+	c.Log(component, "warn", message, details)
+}
+
+// Error logs an error entry for the given component.
+func (c *ComponentLogger) Error(component, message string, details map[string]string) {
+	c.Log(component, "error", message, details)
+}
--- a/shared/go/ja4common/logger/logger_test.go
+++ b/shared/go/ja4common/logger/logger_test.go
@ -0,0 +1,139 @@
+package logger
+
+import (
+	"strings"
+	"testing"
+)
+
+func TestParseLogLevel(t *testing.T) {
+	tests := []struct {
+		input string
+		want  LogLevel
+	}{
+		{"debug", DEBUG},
+		{"DEBUG", DEBUG},
+		{"info", INFO},
+		{"INFO", INFO},
+		{"warn", WARN},
+		{"WARN", WARN},
+		{"warning", WARN},
+		{"WARNING", WARN},
+		{"error", ERROR},
+		{"ERROR", ERROR},
+		{"invalid", INFO},
+		{"", INFO},
+	}
+	for _, tt := range tests {
+		got := ParseLogLevel(tt.input)
+		if got != tt.want {
+			t.Errorf("ParseLogLevel(%q) = %v, want %v", tt.input, got, tt.want)
+		}
+	}
+}
+
+func TestLogger_LevelFiltering(t *testing.T) {
+	tests := []struct {
+		loggerLevel string
+		logLevel    LogLevel
+		shouldLog   bool
+	}{
+		{"debug", DEBUG, true},
+		{"debug", INFO, true},
+		{"info", DEBUG, false},
+		{"info", INFO, true},
+		{"warn", INFO, false},
+		{"warn", WARN, true},
+		{"error", WARN, false},
+		{"error", ERROR, true},
+	}
+	for _, tt := range tests {
+		l := NewWithLevel("test", tt.loggerLevel)
+		got := l.ShouldLog(tt.logLevel)
+		if got != tt.shouldLog {
+			t.Errorf("level=%s ShouldLog(%v)=%v want %v", tt.loggerLevel, tt.logLevel, got, tt.shouldLog)
+		}
+	}
+}
+
+func TestLogger_WithFields(t *testing.T) {
+	l := New("test")
+	l2 := l.WithFields(map[string]any{"key": "value", "n": 42})
+	if l2 == l {
+		t.Error("WithFields should return a new Logger")
+	}
+	if len(l2.fields) != 2 {
+		t.Errorf("expected 2 fields, got %d", len(l2.fields))
+	}
+}
+
+func TestLogger_SetLevel(t *testing.T) {
+	l := New("test")
+	if l.minLevel != INFO {
+		t.Errorf("default level should be INFO, got %v", l.minLevel)
+	}
+	l.SetLevel("debug")
+	if l.minLevel != DEBUG {
+		t.Errorf("level after SetLevel(debug) should be DEBUG, got %v", l.minLevel)
+	}
+}
+
+func TestComponentLogger_Interface(t *testing.T) {
+	cl := NewComponentLogger("debug")
+
+	// Verify it implements the component-based interface by calling all methods
+	cl.Debug("component", "debug msg", nil)
+	cl.Info("component", "info msg", map[string]string{"key": "val"})
+	cl.Warn("component", "warn msg", nil)
+	cl.Error("component", "error msg", map[string]string{"err": "test"})
+	cl.Log("component", "info", "log msg", nil)
+}
+
+func TestComponentLogger_LevelFiltering(t *testing.T) {
+	cl := NewComponentLogger("warn")
+	// At warn level, debug and info should be filtered
+	if cl.Logger.ShouldLog(DEBUG) {
+		t.Error("DEBUG should be filtered at warn level")
+	}
+	if cl.Logger.ShouldLog(INFO) {
+		t.Error("INFO should be filtered at warn level")
+	}
+	if !cl.Logger.ShouldLog(WARN) {
+		t.Error("WARN should pass at warn level")
+	}
+}
+
+func TestLogger_LogLevelString(t *testing.T) {
+	tests := []struct {
+		level LogLevel
+		want  string
+	}{
+		{DEBUG, "DEBUG"},
+		{INFO, "INFO"},
+		{WARN, "WARN"},
+		{ERROR, "ERROR"},
+	}
+	for _, tt := range tests {
+		if got := tt.level.String(); got != tt.want {
+			t.Errorf("%v.String() = %q, want %q", tt.level, got, tt.want)
+		}
+	}
+}
+
+func TestLogger_EmitContainsLevel(t *testing.T) {
+	// Use a custom logger that captures output
+	var buf strings.Builder
+	l := New("myservice")
+	l.logger.SetOutput(&buf)
+	l.SetLevel("debug")
+
+	l.Info("hello from info")
+	if !strings.Contains(buf.String(), "INFO") {
+		t.Errorf("expected INFO in output, got: %s", buf.String())
+	}
+
+	buf.Reset()
+	l.Debug("hello from debug")
+	if !strings.Contains(buf.String(), "DEBUG") {
+		t.Errorf("expected DEBUG in output, got: %s", buf.String())
+	}
+}