Add request context to authentication validation and logging

Author: GrantBirki

lib/hooks/app/api.rb

@@ -99,7 +99,7 @@ def self.create(config:, endpoints:, log:)
                   raw_body = request.body.read
 
                   if endpoint_config[:auth]
-                    validate_auth!(raw_body, headers, endpoint_config, config)
+                    validate_auth!(raw_body, headers, endpoint_config, config, request_context)
                   end
 
                   payload = parse_payload(raw_body, headers, symbolize: false)

lib/hooks/app/auth/auth.rb

@@ -16,38 +16,44 @@ module Auth
       # @param headers [Hash] The request headers.
       # @param endpoint_config [Hash] The endpoint configuration, must include :auth key.
       # @param global_config [Hash] The global configuration (optional, for compatibility).
+      # @param request_context [Hash] Context for the request, e.g. request ID, path, handler (optional).
       # @raise [StandardError] Raises error if authentication fails or is misconfigured.
       # @return [void]
       # @note This method will halt execution with an error if authentication fails.
-      def validate_auth!(payload, headers, endpoint_config, global_config = {})
+      def validate_auth!(payload, headers, endpoint_config, global_config = {}, request_context = {})
         auth_config = endpoint_config[:auth]
+        request_id = request_context&.dig(:request_id)
 
         # Ensure auth type is present and valid
         auth_type = auth_config&.dig(:type)
         unless auth_type&.is_a?(String) && !auth_type.strip.empty?
+          log.error("authentication configuration missing or invalid - request_id: #{request_id}")
           error!({
             error: "authentication_configuration_error",
-            message: "authentication configuration missing or invalid"
+            message: "authentication configuration missing or invalid",
+            request_id:
           }, 500)
         end
 
         # Get auth plugin from loaded plugins registry (boot-time loaded only)
         begin
           auth_class = Core::PluginLoader.get_auth_plugin(auth_type)
         rescue => e
-          log.error("failed to load auth plugin '#{auth_type}': #{e.message}")
+          log.error("failed to load auth plugin '#{auth_type}': #{e.message} - request_id: #{request_id}")
           error!({
             error: "authentication_plugin_error",
-            message: "unsupported auth type '#{auth_type}'"
+            message: "unsupported auth type '#{auth_type}'",
+            request_id:
           }, 400)
         end
 
         log.debug("validating auth for request with auth_class: #{auth_class.name}")
         unless auth_class.valid?(payload:, headers:, config: endpoint_config)
-          log.warn("authentication failed for request with auth_class: #{auth_class.name}")
+          log.warn("authentication failed for request with auth_class: #{auth_class.name} - request_id: #{request_id}")
           error!({
             error: "authentication_failed",
-            message: "authentication failed"
+            message: "authentication failed",
+            request_id:
           }, 401)
         end
       end

spec/unit/lib/hooks/app/auth/auth_security_spec.rb

@@ -27,9 +27,14 @@ def error!(message, code)
       context "with missing auth configuration" do
         it "rejects request with no auth config" do
           endpoint_config = {}
+          global_config = {}
+          request_context = { request_id: "test-request-id" }
+          log_msg = "authentication configuration missing or invalid - request_id: #{request_context[:request_id]}"
+
+          expect(log).to receive(:error).with(log_msg)
 
           expect do
-            instance.validate_auth!(payload, headers, endpoint_config)
+            instance.validate_auth!(payload, headers, endpoint_config, global_config, request_context)
           end.to raise_error(StandardError, /authentication configuration missing or invalid/)
         end