feat: improved the logging system to enable troubleshooting of OAuth2 errors:

 - Added structured logs in HandleError() for each error type in middleware
 - Explicit log of the OAuth callback error before handling

feat: add configurable log level via ACKIFY_LOG_LEVEL
 - Add ParseLevel function to logger package
 - Extend config structure with LoggerConfig
 - Apply log level during server initialization
 - Update documentation and .env.example

Author: btouchard

.env.example

@@ -3,6 +3,7 @@ APP_NAME=ackify
 APP_DNS=sign.your-domain.com
 ACKIFY_BASE_URL=https://sign.your-domain.com
 ACKIFY_ORGANISATION="Your Organization Name"
+ACKIFY_LOG_LEVEL=info
 
 # Database Configuration
 POSTGRES_USER=ackifyr

README.md

@@ -173,6 +173,11 @@ ACKIFY_OAUTH_SCOPES="read:user,user:email"
 ACKIFY_OAUTH_ALLOWED_DOMAIN="@company.com"  # Only @company.com emails
 ```
 
+### Log level setup
+```bash
+ACKIFY_LOG_LEVEL="info" # can be debug, info, warn(ing), error. default: info
+```
+
 ---
 
 ## 🛡️ Security & Architecture

README_FR.md

@@ -181,6 +181,11 @@ ACKIFY_OAUTH_SCOPES="read:user,user:email"
 ACKIFY_OAUTH_ALLOWED_DOMAIN="@entreprise.com"  # Seuls les emails @entreprise.com
 ```
 
+### Log level setup
+```bash
+ACKIFY_LOG_LEVEL="info" # can be debug, info, warn(ing), error. default: info
+```
+
 ---
 
 ## 🛡️ Sécurité & Architecture

cmd/community/main.go

@@ -22,7 +22,6 @@ func main() {
 		log.Fatalf("Failed to create server: %v", err)
 	}
 
-	// Register admin routes (reuse server DB connection)
 	server.RegisterRoutes(admin.RegisterAdminRoutes(server.GetBaseURL(), server.GetTemplates(), server.GetDB()))
 
 	go func() {

internal/infrastructure/config/config.go

@@ -15,6 +15,7 @@ type Config struct {
 	Database DatabaseConfig
 	OAuth    OAuthConfig
 	Server   ServerConfig
+	Logger   LoggerConfig
 }
 
 type AppConfig struct {
@@ -42,6 +43,10 @@ type ServerConfig struct {
 	ListenAddr string
 }
 
+type LoggerConfig struct {
+	Level string
+}
+
 // Load loads configuration from environment variables
 func Load() (*Config, error) {
 	config := &Config{}
@@ -91,6 +96,8 @@ func Load() (*Config, error) {
 
 	config.Server.ListenAddr = getEnv("ACKIFY_LISTEN_ADDR", ":8080")
 
+	config.Logger.Level = getEnv("ACKIFY_LOG_LEVEL", "info")
+
 	return config, nil
 }
 

internal/presentation/handlers/auth.go

@@ -5,6 +5,8 @@ import (
 	"net/http"
 	"net/url"
 	"strings"
+
+	"github.com/btouchard/ackify-ce/pkg/logger"
 )
 
 type AuthHandlers struct {
@@ -58,6 +60,7 @@ func (h *AuthHandlers) HandleOAuthCallback(w http.ResponseWriter, r *http.Reques
 	ctx := r.Context()
 	user, nextURL, err := h.authService.HandleCallback(ctx, code, state)
 	if err != nil {
+		logger.Logger.Error("OAuth callback failed", "error", err.Error())
 		HandleError(w, err)
 		return
 	}

internal/presentation/handlers/middleware.go

@@ -85,20 +85,28 @@ type ErrorResponse struct {
 func HandleError(w http.ResponseWriter, err error) {
 	switch {
 	case errors.Is(err, models.ErrUnauthorized):
+		logger.Logger.Warn("Unauthorized access attempt", "error", err.Error())
 		http.Error(w, "Unauthorized", http.StatusUnauthorized)
 	case errors.Is(err, models.ErrSignatureNotFound):
+		logger.Logger.Debug("Signature not found", "error", err.Error())
 		http.Error(w, "Signature not found", http.StatusNotFound)
 	case errors.Is(err, models.ErrSignatureAlreadyExists):
+		logger.Logger.Debug("Duplicate signature attempt", "error", err.Error())
 		http.Error(w, "Signature already exists", http.StatusConflict)
 	case errors.Is(err, models.ErrInvalidUser):
+		logger.Logger.Warn("Invalid user data", "error", err.Error())
 		http.Error(w, "Invalid user", http.StatusBadRequest)
 	case errors.Is(err, models.ErrInvalidDocument):
+		logger.Logger.Warn("Invalid document ID", "error", err.Error())
 		http.Error(w, "Invalid document ID", http.StatusBadRequest)
 	case errors.Is(err, models.ErrDomainNotAllowed):
+		logger.Logger.Warn("Domain not allowed", "error", err.Error())
 		http.Error(w, "Domain not allowed", http.StatusForbidden)
 	case errors.Is(err, models.ErrDatabaseConnection):
+		logger.Logger.Error("Database connection error", "error", err.Error())
 		http.Error(w, "Database error", http.StatusInternalServerError)
 	default:
+		logger.Logger.Error("Unhandled error", "error", err.Error())
 		http.Error(w, "Internal server error", http.StatusInternalServerError)
 	}
 }

pkg/logger/logger.go

@@ -4,18 +4,32 @@ package logger
 import (
 	"log/slog"
 	"os"
+	"strings"
 )
 
 var Logger *slog.Logger
 
 func init() {
-	Logger = slog.New(slog.NewJSONHandler(os.Stdout, &slog.HandlerOptions{
-		Level: slog.LevelInfo,
-	}))
+	SetLevel(slog.LevelInfo)
 }
 
 func SetLevel(level slog.Level) {
 	Logger = slog.New(slog.NewJSONHandler(os.Stdout, &slog.HandlerOptions{
 		Level: level,
 	}))
 }
+
+func ParseLevel(levelStr string) slog.Level {
+	switch strings.ToLower(strings.TrimSpace(levelStr)) {
+	case "debug":
+		return slog.LevelDebug
+	case "info":
+		return slog.LevelInfo
+	case "warn", "warning":
+		return slog.LevelWarn
+	case "error":
+		return slog.LevelError
+	default:
+		return slog.LevelInfo
+	}
+}

pkg/web/server.go

@@ -10,6 +10,7 @@ import (
 	"os"
 	"path/filepath"
 
+	"github.com/btouchard/ackify-ce/pkg/logger"
 	"github.com/go-chi/chi/v5"
 
 	"github.com/btouchard/ackify-ce/internal/application/services"
@@ -34,6 +35,8 @@ func NewServer(ctx context.Context) (*Server, error) {
 		return nil, fmt.Errorf("failed to initialize infrastructure: %w", err)
 	}
 
+	logger.SetLevel(logger.ParseLevel(cfg.Logger.Level))
+
 	authService := auth.NewOAuthService(auth.Config{
 		BaseURL:       cfg.App.BaseURL,
 		ClientID:      cfg.OAuth.ClientID,