databendlabs
diff --git a/‎src/query/service/src/auth.rs‎
Lines changed: 8 additions & 8 deletions b/‎src/query/service/src/auth.rs‎
Lines changed: 8 additions & 8 deletions
diff --git a/‎src/query/service/src/servers/http/middleware/panic_handler.rs‎
Lines changed: 4 additions & 1 deletion b/‎src/query/service/src/servers/http/middleware/panic_handler.rs‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎src/query/service/src/servers/http/middleware/session.rs‎
Lines changed: 32 additions & 15 deletions b/‎src/query/service/src/servers/http/middleware/session.rs‎
Lines changed: 32 additions & 15 deletions
diff --git a/‎src/query/service/src/servers/http/v1/catalog/get_database_table.rs‎
Lines changed: 3 additions & 3 deletions b/‎src/query/service/src/servers/http/v1/catalog/get_database_table.rs‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎src/query/service/src/servers/http/v1/catalog/list_database_table_fields.rs‎
Lines changed: 2 additions & 2 deletions b/‎src/query/service/src/servers/http/v1/catalog/list_database_table_fields.rs‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/query/service/src/servers/http/v1/catalog/list_database_tables.rs‎
Lines changed: 1 addition & 1 deletion b/‎src/query/service/src/servers/http/v1/catalog/list_database_tables.rs‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/query/service/src/servers/http/v1/http_query_handlers.rs‎
Lines changed: 21 additions & 15 deletions b/‎src/query/service/src/servers/http/v1/http_query_handlers.rs‎
Lines changed: 21 additions & 15 deletions
@@ -123,11 +123,11 @@ impl AuthMgr {
                 let jwt_auth = self
                     .jwt_auth
                     .as_ref()
-                    .ok_or_else(|| ErrorCode::AuthenticateFailure("jwt auth not configured."))?;
+                    .ok_or_else(|| ErrorCode::AuthenticateFailure("[AUTH] JWT authentication failed: JWT auth is not configured on this server"))?;
                 let jwt = jwt_auth.parse_jwt_claims(t.as_str()).await?;
                 let user_name = jwt.subject.ok_or_else(|| {
                     ErrorCode::AuthenticateFailure(
-                        "jwt auth not configured correctly, user name is missing.",
+                        "[AUTH] JWT authentication failed: subject claim (user name) is missing in the token",
                     )
                 })?;
 
@@ -147,20 +147,20 @@ impl AuthMgr {
                 {
                     Ok(user_info) => match user_info.auth_info {
                         AuthInfo::JWT => user_info,
-                        _ => return Err(ErrorCode::AuthenticateFailure("wrong auth type")),
+                        _ => return Err(ErrorCode::AuthenticateFailure("[AUTH] Authentication failed: user exists but is not configured for JWT authentication")),
                     },
                     Err(e) => {
                         match e.code() {
                             ErrorCode::UNKNOWN_USER => {}
                             ErrorCode::META_SERVICE_ERROR => {
                                 return Err(e);
                             }
-                            _ => return Err(ErrorCode::AuthenticateFailure(e.message())),
+                            _ => return Err(ErrorCode::AuthenticateFailure(format!("[AUTH] Authentication failed: {}", e.message()))),
                         }
                         let ensure_user = jwt
                             .custom
                             .ensure_user
-                            .ok_or_else(|| ErrorCode::AuthenticateFailure(e.message()))?;
+                            .ok_or_else(|| ErrorCode::AuthenticateFailure(format!("[AUTH] JWT authentication failed: ensure_user claim is missing and user does not exist: {}", e.message())))?;
                         // create a new user if not exists
                         let mut user_info = UserInfo::new(&user_name, "%", AuthInfo::JWT);
                         if let Some(ref roles) = ensure_user.roles {
@@ -226,16 +226,16 @@ impl AuthMgr {
                         hash_method: t,
                         ..
                     } => match p {
-                        None => Err(ErrorCode::AuthenticateFailure("password required")),
+                        None => Err(ErrorCode::AuthenticateFailure("[AUTH] Authentication failed: password is required but was not provided")),
                         Some(p) => {
                             if *h == t.hash(p) {
                                 Ok(())
                             } else {
-                                Err(ErrorCode::AuthenticateFailure("wrong password"))
+                                Err(ErrorCode::AuthenticateFailure("[AUTH] Authentication failed: incorrect password"))
                             }
                         }
                     },
-                    _ => Err(ErrorCode::AuthenticateFailure("wrong auth type")),
+                    _ => Err(ErrorCode::AuthenticateFailure("[AUTH] Authentication failed: user exists but is not configured for password authentication")),
                 };
                 UserApiProvider::instance()
                     .update_user_login_result(tenant, identity, authed.is_ok(), &user)
 
@@ -31,6 +31,9 @@ impl poem::middleware::PanicHandler for PanicHandler {
 
     fn get_response(&self, _err: Box<dyn Any + Send + 'static>) -> Self::Response {
         metrics_incr_http_response_panics_count();
-        (StatusCode::INTERNAL_SERVER_ERROR, "internal server error")
+        (
+            StatusCode::INTERNAL_SERVER_ERROR,
+            "[HTTP-PANIC] Internal server error: request handler panicked",
+        )
     }
 }
@@ -134,7 +134,7 @@ impl EndpointKind {
                 }
             }
             EndpointKind::Login | EndpointKind::Clickhouse => Err(ErrorCode::AuthenticateFailure(
-                format!("should not use databend token for {self:?}",),
+                format!("[HTTP-SESSION] Invalid token usage: databend token cannot be used for {self:?}",),
             )),
         }
     }
@@ -198,7 +198,10 @@ fn get_credential(
     }
     let std_auth_headers: Vec<_> = req.headers().get_all(AUTHORIZATION).iter().collect();
     if std_auth_headers.len() > 1 {
-        let msg = &format!("Multiple {} headers detected", AUTHORIZATION);
+        let msg = &format!(
+            "[HTTP-SESSION] Authentication error: multiple {} headers detected",
+            AUTHORIZATION
+        );
         return Err(ErrorCode::AuthenticateFailure(msg));
     }
     let client_ip = get_client_ip(req);
@@ -207,7 +210,7 @@ fn get_credential(
             get_clickhouse_name_password(req, client_ip)
         } else {
             Err(ErrorCode::AuthenticateFailure(
-                "No authorization header detected",
+                "[HTTP-SESSION] Authentication error: no authorization header provided",
             ))
         }
     } else {
@@ -261,7 +264,9 @@ fn get_credential_from_header(
                 };
                 Ok(c)
             }
-            None => Err(ErrorCode::AuthenticateFailure("bad Basic auth header")),
+            None => Err(ErrorCode::AuthenticateFailure(
+                "[HTTP-SESSION] Authentication error: invalid Basic auth header format",
+            )),
         }
     } else if value.as_bytes().starts_with(b"Bearer ") {
         match Bearer::decode(value) {
@@ -270,18 +275,22 @@ fn get_credential_from_header(
                 if SessionClaim::is_databend_token(&token) {
                     if let Some(t) = endpoint_kind.require_databend_token_type()? {
                         if t != SessionClaim::get_type(&token)? {
-                            return Err(ErrorCode::AuthenticateFailure("wrong data token type"));
+                            return Err(ErrorCode::AuthenticateFailure("[HTTP-SESSION] Authentication error: incorrect token type for this endpoint"));
                         }
                     }
                     Ok(Credential::DatabendToken { token })
                 } else {
                     Ok(Credential::Jwt { token, client_ip })
                 }
             }
-            None => Err(ErrorCode::AuthenticateFailure("bad Bearer auth header")),
+            None => Err(ErrorCode::AuthenticateFailure(
+                "[HTTP-SESSION] Authentication error: invalid Bearer auth header format",
+            )),
         }
     } else {
-        Err(ErrorCode::AuthenticateFailure("bad auth header"))
+        Err(ErrorCode::AuthenticateFailure(
+            "[HTTP-SESSION] Authentication error: unsupported authorization header format",
+        ))
     }
 }
 
@@ -300,7 +309,12 @@ fn get_clickhouse_name_password(req: &Request, client_ip: Option<String>) -> Res
     } else {
         let query_str = req.uri().query().unwrap_or_default();
         let query_params = serde_urlencoded::from_str::<HashMap<String, String>>(query_str)
-            .map_err(|e| ErrorCode::BadArguments(format!("{}", e)))?;
+            .map_err(|e| {
+                ErrorCode::BadArguments(format!(
+                    "[HTTP-SESSION] Failed to parse query parameters: {}",
+                    e
+                ))
+            })?;
         let (user, key) = (query_params.get("user"), query_params.get("password"));
         if let (Some(name), Some(password)) = (user, key) {
             Ok(Credential::Password {
@@ -310,7 +324,7 @@ fn get_clickhouse_name_password(req: &Request, client_ip: Option<String>) -> Res
             })
         } else {
             Err(ErrorCode::AuthenticateFailure(
-                "No header or query parameters for authorization detected",
+                "[HTTP-SESSION] Authentication error: no credentials found in headers or query parameters",
             ))
         }
     }
@@ -376,7 +390,7 @@ impl<E> HTTPSessionEndpoint<E> {
             (Some(id1), Some(id2)) => {
                 if id1 != id2 {
                     return Err(ErrorCode::AuthenticateFailure(format!(
-                        "session id in token ({}) != session id in cookie({}) ",
+                        "[HTTP-SESSION] Session ID mismatch: token session ID '{}' does not match cookie session ID '{}'",
                         id1, id2
                     )));
                 }
@@ -390,7 +404,7 @@ impl<E> HTTPSessionEndpoint<E> {
             (None, None) => {
                 if cookie_enabled {
                     let id = Uuid::new_v4().to_string();
-                    info!("new session id: {}", id);
+                    info!("[HTTP-SESSION] Created new session with ID: {}", id);
                     req.cookie().add(make_cookie(COOKIE_SESSION_ID, &id));
                     Some(id)
                 } else {
@@ -405,13 +419,16 @@ impl<E> HTTPSessionEndpoint<E> {
                 .get(COOKIE_LAST_ACCESS_TIME)
                 .map(|s| s.value_str().to_string());
             if let Some(ts) = &last_access_time {
-                let ts = ts
-                    .parse::<u64>()
-                    .map_err(|_| ErrorCode::BadArguments(format!("bad last_access_time {ts}")))?;
+                let ts = ts.parse::<u64>().map_err(|_| {
+                    ErrorCode::BadArguments(format!(
+                        "[HTTP-SESSION] Invalid last_access_time value: {}",
+                        ts
+                    ))
+                })?;
                 let ts = SystemTime::UNIX_EPOCH + Duration::from_secs(ts);
                 if let Err(err) = ts.elapsed() {
                     log::error!(
-                        "last_access_time is incorrect or has clock drift, difference: {:?}",
+                        "[HTTP-SESSION] Invalid last_access_time: detected clock drift or incorrect timestamp, difference: {:?}",
                         err.duration()
                     );
                 };
 
@@ -69,7 +69,7 @@ async fn handle(
         db.get_db_info().database_id.db_id,
     ) {
         return Err(ErrorCode::UnknownDatabase(format!(
-            "Unknown database '{}'",
+            "[HTTP-CATALOG] Unknown database: '{}'",
             database
         )));
     }
@@ -83,7 +83,7 @@ async fn handle(
         tbl.get_table_info().ident.table_id,
     ) {
         return Err(ErrorCode::UnknownTable(format!(
-            "Unknown table '{}'",
+            "[HTTP-CATALOG] Unknown table: '{}'",
             table
         )));
     }
@@ -106,7 +106,7 @@ async fn handle(
     .await
     .unwrap_or_else(|e| {
         let msg = format!(
-            "show create query of {}.{}.{} failed(ignored): {}",
+            "[HTTP-CATALOG] Failed to generate CREATE query for table {}.{}.{}: {}",
             catalog.name(),
             database,
             table,
 
@@ -57,7 +57,7 @@ async fn handle(
         db.get_db_info().database_id.db_id,
     ) {
         return Err(ErrorCode::UnknownDatabase(format!(
-            "Unknown database '{}'",
+            "[HTTP-CATALOG] Unknown database: '{}'",
             database
         )));
     }
@@ -71,7 +71,7 @@ async fn handle(
         tbl.get_table_info().ident.table_id,
     ) {
         return Err(ErrorCode::UnknownTable(format!(
-            "Unknown table '{}'",
+            "[HTTP-CATALOG] Unknown table: '{}'",
             table
         )));
     }
 
@@ -61,7 +61,7 @@ async fn handle(ctx: &HttpQueryContext, database: String) -> Result<ListDatabase
         db.get_db_info().database_id.db_id,
     ) {
         return Err(ErrorCode::UnknownDatabase(format!(
-            "Unknown database '{}'",
+            "[HTTP-CATALOG] Unknown database: '{}'",
             database
         )));
     }
 
@@ -260,7 +260,7 @@ async fn query_final_handler(
     let _t = SlowRequestLogTracker::new(ctx);
     async {
         info!(
-            "{}: got {} request, this query is going to be finally completed.",
+            "[HTTP-QUERY] Query {} received final request at {}, completing query execution",
             query_id,
             make_final_uri(&query_id)
         );
@@ -301,7 +301,7 @@ async fn query_cancel_handler(
     let _t = SlowRequestLogTracker::new(ctx);
     async {
         info!(
-            "{}: got {} request, cancel the query",
+            "[HTTP-QUERY] Query {} received cancel request at {}, terminating execution",
             query_id,
             make_kill_uri(&query_id)
         );
@@ -374,7 +374,7 @@ async fn query_page_handler(
             if query.user_name != ctx.user_name {
                 return Err(poem::error::Error::from_string(
                     format!(
-                        "wrong user, query {} expect {}, got {}",
+                        "[HTTP-QUERY] Authentication error: query {} expected user {}, but got {}",
                         query_id, query.user_name, ctx.user_name
                     ),
                     StatusCode::UNAUTHORIZED,
@@ -387,7 +387,10 @@ async fn query_page_handler(
             } else {
                 query.update_expire_time(true).await;
                 let resp = query.get_response_page(page_no).await.map_err(|err| {
-                    poem::Error::from_string(err.message(), StatusCode::NOT_FOUND)
+                    poem::Error::from_string(
+                        format!("[HTTP-QUERY] {}", err.message()),
+                        StatusCode::NOT_FOUND,
+                    )
                 })?;
                 query.update_expire_time(false).await;
                 Ok(QueryResponse::from_internal(query_id, resp, false))
@@ -431,7 +434,7 @@ pub(crate) async fn query_handler(
             .map(|s| format!("(client_session_id={s})"))
             .unwrap_or("".to_string());
         info!(
-            "http query new request{}{}: {}",
+            "[HTTP-QUERY] New query request{}{}: {}",
             agent_info,
             client_session_id_info,
             mask_connection_info(&format!("{:?}", req))
@@ -441,14 +444,14 @@ pub(crate) async fn query_handler(
         match HttpQuery::try_create(ctx, req.clone()).await {
             Err(err) => {
                 let err = err.display_with_sql(&sql);
-                error!("http query fail to start sql, error: {:?}", err);
+                error!("[HTTP-QUERY] Failed to start SQL query, error: {:?}", err);
                 ctx.set_fail();
                 Ok(req.fail_to_start_sql(err).into_response())
             }
             Ok(mut query) => {
                 if let Err(err) = query.start_query(sql.clone()).await {
                     let err = err.display_with_sql(&sql);
-                    error!("http query fail to start sql, error: {:?}", err);
+                    error!("[HTTP-QUERY] Failed to start SQL query, error: {:?}", err);
                     ctx.set_fail();
                     return Ok(req.fail_to_start_sql(err).into_response());
                 }
@@ -463,7 +466,10 @@ pub(crate) async fn query_handler(
                     .await
                     .map_err(|err| err.display_with_sql(&sql))
                     .map_err(|err| {
-                        poem::Error::from_string(err.message(), StatusCode::NOT_FOUND)
+                        poem::Error::from_string(
+                            format!("[HTTP-QUERY] {}", err.message()),
+                            StatusCode::NOT_FOUND,
+                        )
                     })?;
 
                 if matches!(resp.state.state, ExecuteStateKind::Failed) {
@@ -474,7 +480,7 @@ pub(crate) async fn query_handler(
                     None => (0, None),
                     Some(p) => (p.page.data.num_rows(), p.next_page_no),
                 };
-                info!( "http query initial response to http query_id={}, state={:?}, rows={}, next_page={:?}, sql='{}'",
+                info!("[HTTP-QUERY] Initial response for query_id={}, state={:?}, rows={}, next_page={:?}, sql='{}'",
                         &query.id, &resp.state, rows, next_page, mask_connection_info(&sql)
                     );
                 query.update_expire_time(false).await;
@@ -580,12 +586,12 @@ pub async fn heartbeat_handler(
                                     .unwrap(),
                             )
                         } else {
-                            warn!("heartbeat forward fail: {:?}", resp);
+                            warn!("[HTTP-QUERY] Heartbeat forward failed: {:?}", resp);
                             None
                         }
                     }
                     Err(e) => {
-                        warn!("heartbeat forward error: {:?}", e);
+                        warn!("[HTTP-QUERY] Heartbeat forward error: {:?}", e);
                         None
                     }
                 }
@@ -728,14 +734,14 @@ pub fn query_route() -> Route {
 
 fn query_id_removed(query_id: &str, remove_reason: RemoveReason) -> PoemError {
     PoemError::from_string(
-        format!("query id {query_id} {}", remove_reason),
+        format!("[HTTP-QUERY] Query ID {query_id} {}", remove_reason),
         StatusCode::BAD_REQUEST,
     )
 }
 
 fn query_id_not_found(query_id: &str, node_id: &str) -> PoemError {
     PoemError::from_string(
-        format!("query id {query_id} not found on {node_id}"),
+        format!("[HTTP-QUERY] Query ID {query_id} not found on node {node_id}"),
         StatusCode::NOT_FOUND,
     )
 }
@@ -770,7 +776,7 @@ impl Drop for SlowRequestLogTracker {
             let elapsed = self.started_at.elapsed();
             if elapsed.as_secs_f64() > 60.0 {
                 warn!(
-                    "slow http query request on {} {}, elapsed: {:.2}s",
+                    "[HTTP-QUERY] Slow request detected on {} {}, elapsed time: {:.2}s",
                     self.method,
                     self.uri,
                     elapsed.as_secs_f64()
@@ -795,7 +801,7 @@ pub(crate) fn get_http_tracing_span(
                     .with_properties(|| ctx.to_fastrace_properties());
             }
             None => {
-                warn!("failed to decode trace parent: {}", trace);
+                warn!("[HTTP-QUERY] Failed to decode trace parent: {}", trace);
             }
         }
     }
Original file line number	Diff line number	Diff line change
`@@ -31,6 +31,9 @@ impl poem::middleware::PanicHandler for PanicHandler {`
`31`	`31`
`32`	`32`	`fn get_response(&self, _err: Box<dyn Any + Send + 'static>) -> Self::Response {`
`33`	`33`	`metrics_incr_http_response_panics_count();`
`34`		`- (StatusCode::INTERNAL_SERVER_ERROR, "internal server error")`
	`34`	`+ (`
	`35`	`+ StatusCode::INTERNAL_SERVER_ERROR,`
	`36`	`+ "[HTTP-PANIC] Internal server error: request handler panicked",`
	`37`	`+ )`
`35`	`38`	`}`
`36`	`39`	`}`
Original file line number	Diff line number	Diff line change
`@@ -61,7 +61,7 @@ async fn handle(ctx: &HttpQueryContext, database: String) -> Result<ListDatabase`
`61`	`61`	`db.get_db_info().database_id.db_id,`
`62`	`62`	`) {`
`63`	`63`	`return Err(ErrorCode::UnknownDatabase(format!(`
`64`		`- "Unknown database '{}'",`
	`64`	`+ "[HTTP-CATALOG] Unknown database: '{}'",`
`65`	`65`	`database`
`66`	`66`	`)));`
`67`	`67`	`}`