server: integrate security logging with authentication

Integrates security audit logging into server initialization and cleanup lifecycle. Adds authentication audit events to API key validation middleware, logging success/failure events with endpoint, method, remote address, and key status.
2026-03-06 11:30:06 +08:00 · 2026-03-06 11:30:06 +08:00 · 0306a58fce
parent 5b35185afa
commit 0306a58fce
2 changed files with 15 additions and 0 deletions
--- a/tools/server/server-http.cpp
+++ b/tools/server/server-http.cpp
@ -155,12 +155,24 @@ bool server_http_context::init(const common_params & params) {
            req_api_key = req_api_key.substr(prefix.size());
        }

+        // audit logging for missing API key
+        if (req_api_key.empty()) {
+            security_log_audit_event("auth_failure", req.path, req.method, req.remote_addr, "missing",
+                                     "No API key provided");
+        }
+
        // validate the API key
        if (std::find(api_keys.begin(), api_keys.end(), req_api_key) != api_keys.end()) {
+            security_log_audit_event("auth_success", req.path, req.method, req.remote_addr, "provided",
+                                     "API key validated");
            return true; // API key is valid
        }

        // API key is invalid or not provided
+        if (!req_api_key.empty()) {
+            security_log_audit_event("auth_failure", req.path, req.method, req.remote_addr, "invalid",
+                                     "Invalid API key provided");
+        }
        res.status = 401;
        res.set_content(
            safe_json_to_str(json {
--- a/tools/server/server.cpp
+++ b/tools/server/server.cpp
@ -99,6 +99,7 @@ int main(int argc, char ** argv) {
    }

    common_init();
+    security_log_init(params.security_log_folder);

    // struct that contains llama context and inference
    server_context ctx_server;
@ -216,6 +217,7 @@ int main(int argc, char ** argv) {
            if (models_routes.has_value()) {
                models_routes->models.unload_all();
            }
+            security_log_cleanup();
            llama_backend_free();
        };

@ -236,6 +238,7 @@ int main(int argc, char ** argv) {
            SRV_INF("%s: cleaning up before exit...\n", __func__);
            ctx_http.stop();
            ctx_server.terminate();
+            security_log_cleanup();
            llama_backend_free();
        };