chore: add url to logs on auth errors, move the message (#7154)

Author: vasilev-alex

packages/cubejs-api-gateway/src/gateway.ts

@@ -2146,11 +2146,6 @@ class ApiGateway {
           req.securityContext = await checkAuthFn(auth, secret);
           req.signedWithPlaygroundAuthSecret = Boolean(internalOptions?.isPlaygroundCheckAuth);
         } catch (e) {
-          this.log({
-            type: (e as Error).message,
-            token: auth,
-            error: (e as Error).stack || (e as Error).toString()
-          }, <any>req);
           if (this.enforceSecurityChecks) {
             throw new CubejsHandlerError(403, 'Forbidden', 'Invalid token');
           }
@@ -2272,6 +2267,13 @@ class ApiGateway {
       }
     } catch (e: unknown) {
       if (e instanceof CubejsHandlerError) {
+        this.log({
+          type: (e as Error).message,
+          url: req.url,
+          token,
+          error: (e as Error).stack || (e as Error).toString()
+        }, <any>req);
+        
         res.status(e.status).json({ error: e.message });
       } else if (e instanceof Error) {
         this.log({

packages/cubejs-api-gateway/test/auth.test.ts

@@ -129,7 +129,7 @@ describe('test authorization', () => {
       .set('Authorization', `Authorization: ${badToken}`)
       .expect(403);
 
-    expect(loggerMock.mock.calls.length).toEqual(3);
+    expect(loggerMock.mock.calls.length).toEqual(1);
     expect(handlerMock.mock.calls.length).toEqual(2);
 
     expectSecurityContext(handlerMock.mock.calls[0][0].context.securityContext);