Adding hashed client IP to telemetry. (microsoft#19552)

## Description Adding hashed client IP to HTTP requests telemetry to collect data about customer tenants to IP address mapping as well as per client IP request counts. This will be used for estimating the feasibility of enabling client IP based rate limiting.
rahulpatil04 · Feb 12, 2024 · 11d061a · 11d061a
1 parent bd78ca9
commit 11d061a
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 0 deletions.
diff --git a/server/routerlicious/packages/routerlicious-base/package.json b/server/routerlicious/packages/routerlicious-base/package.json
@@ -78,6 +78,7 @@
 		"lodash": "^4.17.21",
 		"nconf": "^0.12.0",
 		"serialize-error": "^8.1.0",
+		"sha.js": "^2.4.11",
 		"sillyname": "^0.1.0",
 		"uuid": "^9.0.0",
 		"winston": "^3.6.0",

diff --git a/server/routerlicious/packages/routerlicious-base/src/alfred/app.ts b/server/routerlicious/packages/routerlicious-base/src/alfred/app.ts
@@ -21,6 +21,7 @@ import { json, urlencoded } from "body-parser";
 import compression from "compression";
 import cookieParser from "cookie-parser";
 import express from "express";
+import shajs from "sha.js";
 import { Provider } from "nconf";
 import { DriverVersionHeaderName, IAlfredTenant } from "@fluidframework/server-services-client";
 import {
@@ -52,6 +53,7 @@ export function create(
 	revokedTokenChecker?: IRevokedTokenChecker,
 	collaborationSessionEventEmitter?: TypedEventEmitter<ICollaborationSessionEvents>,
 	clusterDrainingChecker?: IClusterDrainingChecker,
+	enableClientIPLogging?: boolean,
 ) {
 	// Maximum REST request size
 	const requestSize = config.get("alfred:restJsonSize");
@@ -97,6 +99,24 @@ export function create(
 						[BaseTelemetryProperties.tenantId]: getTenantIdFromRequest(req.params),
 						[BaseTelemetryProperties.documentId]: getIdFromRequest(req.params),
 					};
+					if (enableClientIPLogging === true) {
+						const hashedClientIP = req.ip
+							? shajs("sha256").update(`${req.ip}`).digest("hex")
+							: "";
+						additionalProperties.hashedClientIPAddress = hashedClientIP;
+
+						const XAzureClientIP = "x-azure-clientip";
+						const hashedAzureClientIP = req.headers[XAzureClientIP]
+							? shajs("sha256").update(`${req.headers[XAzureClientIP]}`).digest("hex")
+							: "";
+						additionalProperties.hashedAzureClientIPAddress = hashedAzureClientIP;
+
+						const XAzureSocketIP = "x-azure-socketip";
+						const hashedAzureSocketIP = req.headers[XAzureSocketIP]
+							? shajs("sha256").update(`${req.headers[XAzureSocketIP]}`).digest("hex")
+							: "";
+						additionalProperties.hashedAzureSocketIPAddress = hashedAzureSocketIP;
+					}
 					if (req.body?.isEphemeralContainer !== undefined) {
 						additionalProperties.isEphemeralContainer = req.body.isEphemeralContainer;
 					}

diff --git a/server/routerlicious/packages/routerlicious-base/src/alfred/runner.ts b/server/routerlicious/packages/routerlicious-base/src/alfred/runner.ts
@@ -75,6 +75,7 @@ export class AlfredRunner implements IRunner {
 		private readonly revokedTokenChecker?: IRevokedTokenChecker,
 		private readonly collaborationSessionEventEmitter?: TypedEventEmitter<ICollaborationSessionEvents>,
 		private readonly clusterDrainingChecker?: IClusterDrainingChecker,
+		private readonly enableClientIPLogging?: boolean,
 	) {}
 
 	// eslint-disable-next-line @typescript-eslint/promise-function-async
@@ -103,6 +104,7 @@ export class AlfredRunner implements IRunner {
 				this.revokedTokenChecker,
 				this.collaborationSessionEventEmitter,
 				this.clusterDrainingChecker,
+				this.enableClientIPLogging,
 			);
 			alfred.set("port", this.port);
 			this.server = this.serverFactory.create(alfred);

diff --git a/server/routerlicious/packages/routerlicious-base/src/alfred/runnerFactory.ts b/server/routerlicious/packages/routerlicious-base/src/alfred/runnerFactory.ts
@@ -125,6 +125,7 @@ export class AlfredResources implements core.IResources {
 		public collaborationSessionEvents?: TypedEventEmitter<ICollaborationSessionEvents>,
 		public serviceMessageResourceManager?: core.IServiceMessageResourceManager,
 		public clusterDrainingChecker?: core.IClusterDrainingChecker,
+		public enableClientIPLogging?: boolean,
 	) {
 		const socketIoAdapterConfig = config.get("alfred:socketIoAdapter");
 		const httpServerConfig: services.IHttpServerConfig = config.get("system:httpServer");
@@ -497,6 +498,8 @@ export class AlfredResourcesFactory implements core.IResourcesFactory<AlfredReso
 		// Therefore, default clients will ignore server's 16kb message size limit.
 		const verifyMaxMessageSize = config.get("alfred:verifyMaxMessageSize") ?? false;
 
+		const enableClientIPLogging = config.get("alfred:enableClientIPLogging") ?? false;
+
 		// This cache will be used to store connection counts for logging connectionCount metrics.
 		let redisCache: core.ICache;
 		if (config.get("alfred:enableConnectionCountLogging")) {
@@ -631,6 +634,7 @@ export class AlfredResourcesFactory implements core.IResourcesFactory<AlfredReso
 			collaborationSessionEvents,
 			serviceMessageResourceManager,
 			customizations?.clusterDrainingChecker,
+			enableClientIPLogging,
 		);
 	}
 }
@@ -669,6 +673,7 @@ export class AlfredRunnerFactory implements core.IRunnerFactory<AlfredResources>
 			resources.revokedTokenChecker,
 			resources.collaborationSessionEvents,
 			resources.clusterDrainingChecker,
+			resources.enableClientIPLogging,
 		);
 	}
 }
diff --git a/server/routerlicious/packages/routerlicious/config/config.json b/server/routerlicious/packages/routerlicious/config/config.json
@@ -88,6 +88,7 @@
 		"sessionStickinessDurationMs": 3600000,
 		"enableConnectionCountLogging": false,
 		"ignoreEphemeralFlag": true,
+		"enableClientIPLogging": false,
 		"throttling": {
 			"restCallsPerTenant": {
 				"generalRestCall": "disabled",