gocommon/opensearch/client.go

package opensearch

import (
	"context"
	"crypto/hmac"
	"crypto/sha256"
	"encoding/base64"
	"encoding/json"
	"fmt"
	"io"
	"net"
	"net/http"
	"slices"
	"strings"
	"time"

	osg "github.com/opensearch-project/opensearch-go/v4"
	osapi "github.com/opensearch-project/opensearch-go/v4/opensearchapi"
	"repositories.action2quare.com/ayo/gocommon/logger"
)

type Config struct {
	osg.Config  `json:",inline"`
	IndexPrefix string `json:"IndexPrefix"`
	SigningKey  string `json:"SigningKey"`
}

type Client struct {
	*osg.Client
	cfg                  Config
	signingKey           []byte
	indexTemplatePattern string
	bulkHeader           http.Header
	singleHeader         http.Header
	bulkChan             chan *LogDocument
	singleLogPrepend     []byte
	singleLogMidpend     []byte
	singleLogAppend      []byte
	singleLogFixedSize   int
}

type LogDocument struct {
	Type      string `json:"type"`
	Body      any    `json:"body"`
	Timestamp string `json:"@timestamp"`

	Country string `json:"country"`
	Ip      string `json:"ip"`
	Uid     string `json:"uid"`
	Auth    struct {
		Type string `json:"type"`
		Id   string `json:"id"`
	} `json:"auth"`
}

func NewLogDocument(logType string, body any) *LogDocument {
	return &LogDocument{
		Type:      strings.ToLower(logType),
		Timestamp: time.Now().UTC().Format("2006-01-02T15:04:05Z"),
		Body:      body,
	}
}

func (c *Client) Send(ld *LogDocument) {
	if c.Client == nil {
		return
	}

	c.bulkChan <- ld
}

func (c *Client) SendBulk(ds map[string]*LogDocument) {
	if c == nil {
		return
	}
	for _, d := range ds {
		c.bulkChan <- d
	}
}

type singleLogMarshaller struct {
	singleLogPrepend []byte
	singleLogMidpend []byte
	singleLogAppend  []byte

	logtype []byte
	content []byte
	length  int
}

type stringSliceReader struct {
	src    []*singleLogMarshaller
	cursor int
}

func (b *stringSliceReader) Read(p []byte) (n int, err error) {
	n = 0
	err = nil

	advance := func(in []byte) []byte {
		if len(in) == 0 {
			return in
		}

		copied := copy(p, in)
		p = p[copied:]
		n += copied
		return in[copied:]
	}

	for b.cursor < len(b.src) {
		sbt := b.src[b.cursor]

		if sbt.singleLogPrepend = advance(sbt.singleLogPrepend); len(sbt.singleLogPrepend) > 0 {
			return
		}

		if sbt.logtype = advance(sbt.logtype); len(sbt.logtype) > 0 {
			return
		}

		if sbt.singleLogMidpend = advance(sbt.singleLogMidpend); len(sbt.singleLogMidpend) > 0 {
			return
		}

		if sbt.content = advance(sbt.content); len(sbt.content) > 0 {
			return
		}

		if sbt.singleLogAppend = advance(sbt.singleLogAppend); len(sbt.singleLogAppend) > 0 {
			return
		}

		b.cursor++
	}

	err = io.EOF
	return
}

func (b *stringSliceReader) printSent() {
	for _, r := range b.src {
		fmt.Print(string(r.content))
	}
	fmt.Print("\n")
}

func (c *Client) sendLoop(ctx context.Context) {
	defer func() {
		r := recover()
		if r != nil {
			logger.Error(r)
		}
	}()

	failChan := make(chan []*singleLogMarshaller)
	var logMarshallers []*singleLogMarshaller
	sendTick := time.After(time.Minute)

	sendfunc := func() {
		// 2mb가 넘지 않게 조절.
		// 실패한 로그가 다시 되돌아 오면 contents가 커질 수 있다.
		sendingSize := 0
		cut := 0
		for ; cut < len(logMarshallers); cut++ {
			// 2메가가 넘더라도 최소한 하나는 보내자.
			if cut > 0 && sendingSize+logMarshallers[cut].length > 2*1024*1024 {
				break
			}
			sendingSize += logMarshallers[cut].length
		}
		sending := logMarshallers[:cut]
		logMarshallers = logMarshallers[cut:]
		sendTick = time.After(time.Minute)

		go func(sending []*singleLogMarshaller) {
			defer func() {
				r := recover()
				if r != nil {
					logger.Println(r)
				}
			}()

			reader := &stringSliceReader{src: sending, cursor: 0}
			req := osapi.BulkReq{
				Body:   reader,
				Header: c.bulkHeader,
			}
			resp, err := c.Do(context.Background(), req, nil)

			if err != nil {
				if netoperr, ok := err.(*net.OpError); ok && netoperr.Op == "dial" {
					// 접속 안됨. 재시도 안함
					logger.Println("[LogStream] send bulk failed. no retry :", err)
					reader.printSent()
				} else {
					// 재시도
					logger.Println("[LogStream] send bulk failed. retry :", err)
					failChan <- sending
				}
				return
			}
			if resp.Body == nil {
				return
			}
			defer resp.Body.Close()

			var respbody struct {
				Errors bool `json:"errors"`
				Items  []struct {
					Create struct {
						Status int `json:"status"`
					} `json:"create"`
				} `json:"items"`
			}
			if err := json.NewDecoder(resp.Body).Decode(&respbody); err != nil {
				logger.Println("[LogStream] decode response body failed :", err)
				return
			}

			if !respbody.Errors {
				return
			}

			var retry []*singleLogMarshaller
			for i, item := range respbody.Items {
				if item.Create.Status < 400 {
					// 재시도
					retry = append(retry, sending[i])
				}
			}

			logger.Println("[LogStream] send bulk failed. retry :", len(retry))
			if len(retry) > 0 {
				failChan <- retry
			}
		}(sending)
	}

	for {
		select {
		case <-ctx.Done():
			return

		case ret := <-failChan:
			// 순서는 중요하지 않음.
			logMarshallers = append(logMarshallers, ret...)
			sendfunc()

		case <-sendTick:
			if len(logMarshallers) > 0 {
				sendfunc()
			} else {
				sendTick = time.After(time.Minute)
			}

		case logDoc := <-c.bulkChan:
			b, _ := json.Marshal(logDoc)
			logtype := []byte(logDoc.Type)
			logMarshallers = append(logMarshallers, &singleLogMarshaller{
				singleLogPrepend: c.singleLogPrepend,
				singleLogMidpend: c.singleLogMidpend,
				singleLogAppend:  c.singleLogAppend,
				logtype:          logtype,
				content:          b,
				length:           len(logtype) + len(b) + c.singleLogFixedSize,
			})
		}
	}
}

var jwtHeader string
var encoding = base64.RawURLEncoding

func init() {
	src := []byte(`{"alg": "HS256","typ": "JWT"}`)
	dst := make([]byte, len(src)*2)
	encoding.Encode(dst, src)
	enclen := encoding.EncodedLen(len(src))
	jwtHeader = string(dst[:enclen])
}

func (c *Client) MakeJWT(subject string, role string, ttl time.Duration) string {
	if len(c.signingKey) == 0 {
		return ""
	}

	now := time.Now().Add(ttl).Unix()
	src := fmt.Appendf(nil, `{"exp":%d,"sub":"%s","roles":"%s"}`, now, subject, role)
	payload := make([]byte, encoding.EncodedLen(len(src)))
	encoding.Encode(payload, src)

	encoded := jwtHeader + "." + string(payload)
	mac := hmac.New(sha256.New, c.signingKey)
	mac.Write([]byte(encoded))
	signature := mac.Sum(nil)
	sigenc := make([]byte, encoding.EncodedLen(len(signature)))
	encoding.Encode(sigenc, signature)

	return encoded + "." + string(sigenc)
}

func (c *Client) VerifyJWT(token string) (subject string, role string) {
	dot := strings.LastIndex(token, ".")
	if dot < 0 {
		return
	}

	encoded := token[:dot]
	sigenc := token[dot+1:]
	signature := make([]byte, encoding.DecodedLen(len(sigenc)))
	encoding.Decode(signature, []byte(sigenc))

	mac := hmac.New(sha256.New, c.signingKey)
	mac.Write([]byte(encoded))
	calsig := mac.Sum(nil)
	if slices.Compare(calsig, signature) != 0 {
		return
	}

	_, payload, ok := strings.Cut(encoded, ".")
	if !ok {
		return
	}

	srcjson, err := encoding.DecodeString(payload)
	if err != nil {
		return
	}

	var src struct {
		Exp   int64  `json:"exp"`
		Sub   string `json:"sub"`
		Roles string `json:"roles"`
	}
	if json.Unmarshal([]byte(srcjson), &src) != nil {
		return
	}
	if src.Exp < time.Now().Unix() {
		return
	}

	return src.Sub, src.Roles
}

func NewClient(ctx context.Context, cfg Config) (Client, error) {
	if len(cfg.Addresses) == 0 {
		return Client{}, nil
	}

	// retry는 수동으로
	cfg.Config.DisableRetry = true
	client, err := osg.NewClient(cfg.Config)
	if err != nil {
		return Client{}, err
	}

	var signingKey []byte
	if len(cfg.SigningKey) > 0 {
		dst := make([]byte, len(cfg.SigningKey)*2)
		dstlen, _ := base64.StdEncoding.Decode(dst, []byte(cfg.SigningKey))
		signingKey = dst[:dstlen]
	}

	indexPrefix := cfg.IndexPrefix
	if !strings.HasSuffix(indexPrefix, "-") && len(indexPrefix) > 0 {
		indexPrefix += "-"
	}
	if !strings.HasSuffix(indexPrefix, "ds-logs-") {
		indexPrefix = "ds-logs-" + indexPrefix
	}

	logger.Println("[LogStream] stream indexPrefix :", indexPrefix)
	bulkHeader := make(http.Header)
	singleHeader := make(http.Header)
	if len(cfg.Username) > 0 && len(cfg.Password) > 0 {
		authHeader := fmt.Sprintf("Basic %s", base64.RawURLEncoding.EncodeToString(fmt.Appendf(nil, "%s:%s", cfg.Username, cfg.Password)))
		bulkHeader.Set("Authorization", authHeader)
		singleHeader.Set("Authorization", authHeader)
	}

	singleLogPrepend := fmt.Appendf(nil, `{"create":{"_index":"%s`, indexPrefix)
	singleLogMidpend := []byte("\"}}\n")
	singleLogAppend := []byte("\n")
	singleLogFixedSize := len(singleLogPrepend) + len(singleLogMidpend) + len(singleLogAppend)

	out := Client{
		Client:               client,
		cfg:                  cfg,
		signingKey:           signingKey,
		indexTemplatePattern: indexPrefix,
		bulkHeader:           bulkHeader,
		singleHeader:         singleHeader,
		bulkChan:             make(chan *LogDocument, 1000),

		singleLogPrepend:   singleLogPrepend,
		singleLogMidpend:   singleLogMidpend,
		singleLogAppend:    singleLogAppend,
		singleLogFixedSize: singleLogFixedSize,
	}

	go func() {
		for {
			out.sendLoop(ctx)
			if ctx.Err() != nil {
				return
			}
		}
	}()
	return out, nil
}
opensearch gocommon으로 이동 2025-06-25 16:47:08 +09:00			`package opensearch`

			`import (`
			`"context"`
			`"crypto/hmac"`
			`"crypto/sha256"`
			`"encoding/base64"`
			`"encoding/json"`
			`"fmt"`
opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00			`"io"`
			`"net"`
opensearch gocommon으로 이동 2025-06-25 16:47:08 +09:00			`"net/http"`
osg VerifyJWT 추가 2025-08-13 22:06:06 +09:00			`"slices"`
opensearch gocommon으로 이동 2025-06-25 16:47:08 +09:00			`"strings"`
			`"time"`

			`osg "github.com/opensearch-project/opensearch-go/v4"`
			`osapi "github.com/opensearch-project/opensearch-go/v4/opensearchapi"`
			`"repositories.action2quare.com/ayo/gocommon/logger"`
			`)`

			`type Config struct {`
			osg.Config `json:",inline"`
			IndexPrefix string `json:"IndexPrefix"`
			SigningKey string `json:"SigningKey"`
			`}`

			`type Client struct {`
			`*osg.Client`
			`cfg Config`
			`signingKey []byte`
			`indexTemplatePattern string`
			`bulkHeader http.Header`
			`singleHeader http.Header`
opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00			`bulkChan chan *LogDocument`
버퍼 중복 복사 방지 2025-09-10 16:05:54 +09:00			`singleLogPrepend []byte`
			`singleLogMidpend []byte`
			`singleLogAppend []byte`
			`singleLogFixedSize int`
opensearch gocommon으로 이동 2025-06-25 16:47:08 +09:00			`}`

			`type LogDocument struct {`
			Type string `json:"type"`
			Body any `json:"body"`
			Timestamp string `json:"@timestamp"`

			Country string `json:"country"`
			Ip string `json:"ip"`
			Uid string `json:"uid"`
			`Auth struct {`
			Type string `json:"type"`
			Id string `json:"id"`
			} `json:"auth"`
			`}`

			`func NewLogDocument(logType string, body any) *LogDocument {`
			`return &LogDocument{`
			`Type: strings.ToLower(logType),`
			`Timestamp: time.Now().UTC().Format("2006-01-02T15:04:05Z"),`
			`Body: body,`
			`}`
			`}`

로그 전송을 비동기로 2025-08-05 21:40:37 +09:00			`func (c Client) Send(ld LogDocument) {`
opensearch gocommon으로 이동 2025-06-25 16:47:08 +09:00			`if c.Client == nil {`
로그 전송을 비동기로 2025-08-05 21:40:37 +09:00			`return`
opensearch gocommon으로 이동 2025-06-25 16:47:08 +09:00			`}`

opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00			`c.bulkChan <- ld`
로그 전송을 비동기로 2025-08-05 21:40:37 +09:00			`}`
opensearch gocommon으로 이동 2025-06-25 16:47:08 +09:00
로그 전송을 비동기로 2025-08-05 21:40:37 +09:00			`func (c Client) SendBulk(ds map[string]LogDocument) {`
			`if c == nil {`
			`return`
opensearch gocommon으로 이동 2025-06-25 16:47:08 +09:00			`}`
			`for _, d := range ds {`
opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00			`c.bulkChan <- d`
opensearch gocommon으로 이동 2025-06-25 16:47:08 +09:00			`}`
opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00			`}`
opensearch gocommon으로 이동 2025-06-25 16:47:08 +09:00
버퍼 중복 복사 방지 2025-09-10 16:05:54 +09:00			`type singleLogMarshaller struct {`
			`singleLogPrepend []byte`
			`singleLogMidpend []byte`
			`singleLogAppend []byte`

			`logtype []byte`
			`content []byte`
			`length int`
			`}`

opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00			`type stringSliceReader struct {`
버퍼 중복 복사 방지 2025-09-10 16:05:54 +09:00			`src []*singleLogMarshaller`
			`cursor int`
opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00			`}`
로그 전송을 비동기로 2025-08-05 21:40:37 +09:00
opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00			`func (b *stringSliceReader) Read(p []byte) (n int, err error) {`
전송 실패시 fmt 출력 2025-09-10 02:35:49 +09:00			`n = 0`
			`err = nil`

버퍼 중복 복사 방지 2025-09-10 16:05:54 +09:00			`advance := func(in []byte) []byte {`
			`if len(in) == 0 {`
			`return in`
			`}`

			`copied := copy(p, in)`
			`p = p[copied:]`
전송 실패시 fmt 출력 2025-09-10 02:35:49 +09:00			`n += copied`
버퍼 중복 복사 방지 2025-09-10 16:05:54 +09:00			`return in[copied:]`
			`}`
전송 실패시 fmt 출력 2025-09-10 02:35:49 +09:00
버퍼 중복 복사 방지 2025-09-10 16:05:54 +09:00			`for b.cursor < len(b.src) {`
			`sbt := b.src[b.cursor]`

			`if sbt.singleLogPrepend = advance(sbt.singleLogPrepend); len(sbt.singleLogPrepend) > 0 {`
전송 실패시 fmt 출력 2025-09-10 02:35:49 +09:00			`return`
로그 전송을 비동기로 2025-08-05 21:40:37 +09:00			`}`
로그 전송 body에 버퍼 복사가 제대로 안되던 문제 수정 2025-09-10 01:11:08 +09:00
버퍼 중복 복사 방지 2025-09-10 16:05:54 +09:00			`if sbt.logtype = advance(sbt.logtype); len(sbt.logtype) > 0 {`
			`return`
			`}`

			`if sbt.singleLogMidpend = advance(sbt.singleLogMidpend); len(sbt.singleLogMidpend) > 0 {`
			`return`
			`}`

			`if sbt.content = advance(sbt.content); len(sbt.content) > 0 {`
			`return`
			`}`

			`if sbt.singleLogAppend = advance(sbt.singleLogAppend); len(sbt.singleLogAppend) > 0 {`
			`return`
			`}`

			`b.cursor++`
opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00			`}`
전송 실패시 fmt 출력 2025-09-10 02:35:49 +09:00
opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00			`err = io.EOF`
			`return`
			`}`
로그 전송을 비동기로 2025-08-05 21:40:37 +09:00
전송 실패시 fmt 출력 2025-09-10 02:35:49 +09:00			`func (b *stringSliceReader) printSent() {`
버퍼 중복 복사 방지 2025-09-10 16:05:54 +09:00			`for _, r := range b.src {`
			`fmt.Print(string(r.content))`
전송 실패시 fmt 출력 2025-09-10 02:35:49 +09:00			`}`
			`fmt.Print("\n")`
			`}`

opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00			`func (c *Client) sendLoop(ctx context.Context) {`
			`defer func() {`
			`r := recover()`
			`if r != nil {`
			`logger.Error(r)`
로그 전송을 비동기로 2025-08-05 21:40:37 +09:00			`}`
opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00			`}()`

버퍼 중복 복사 방지 2025-09-10 16:05:54 +09:00			`failChan := make(chan []*singleLogMarshaller)`
			`var logMarshallers []*singleLogMarshaller`
opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00			`sendTick := time.After(time.Minute)`

			`sendfunc := func() {`
			`// 2mb가 넘지 않게 조절.`
			`// 실패한 로그가 다시 되돌아 오면 contents가 커질 수 있다.`
			`sendingSize := 0`
			`cut := 0`
버퍼 중복 복사 방지 2025-09-10 16:05:54 +09:00			`for ; cut < len(logMarshallers); cut++ {`
			`// 2메가가 넘더라도 최소한 하나는 보내자.`
			`if cut > 0 && sendingSize+logMarshallers[cut].length > 210241024 {`
opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00			`break`
			`}`
버퍼 중복 복사 방지 2025-09-10 16:05:54 +09:00			`sendingSize += logMarshallers[cut].length`
opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00			`}`
버퍼 중복 복사 방지 2025-09-10 16:05:54 +09:00			`sending := logMarshallers[:cut]`
			`logMarshallers = logMarshallers[cut:]`
opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00			`sendTick = time.After(time.Minute)`

버퍼 중복 복사 방지 2025-09-10 16:05:54 +09:00			`go func(sending []*singleLogMarshaller) {`
opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00			`defer func() {`
			`r := recover()`
			`if r != nil {`
			`logger.Println(r)`
			`}`
			`}()`

버퍼 중복 복사 방지 2025-09-10 16:05:54 +09:00			`reader := &stringSliceReader{src: sending, cursor: 0}`
opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00			`req := osapi.BulkReq{`
			`Body: reader,`
			`Header: c.bulkHeader,`
			`}`
			`resp, err := c.Do(context.Background(), req, nil)`
로그 추가 2025-09-10 11:42:57 +09:00
opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00			`if err != nil {`
			`if netoperr, ok := err.(*net.OpError); ok && netoperr.Op == "dial" {`
전송 실패시 fmt 출력 2025-09-10 02:35:49 +09:00			`// 접속 안됨. 재시도 안함`
로그 추가 2025-09-10 11:42:57 +09:00			`logger.Println("[LogStream] send bulk failed. no retry :", err)`
전송 실패시 fmt 출력 2025-09-10 02:35:49 +09:00			`reader.printSent()`
opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00			`} else {`
			`// 재시도`
로그 추가 2025-09-10 11:42:57 +09:00			`logger.Println("[LogStream] send bulk failed. retry :", err)`
opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00			`failChan <- sending`
			`}`
			`return`
			`}`
			`if resp.Body == nil {`
			`return`
			`}`
			`defer resp.Body.Close()`

			`var respbody struct {`
			Errors bool `json:"errors"`
			`Items []struct {`
			`Create struct {`
			Status int `json:"status"`
			} `json:"create"`
			} `json:"items"`
			`}`
로그 추가 2025-09-10 11:42:57 +09:00			`if err := json.NewDecoder(resp.Body).Decode(&respbody); err != nil {`
			`logger.Println("[LogStream] decode response body failed :", err)`
opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00			`return`
			`}`

로그 추가 2025-09-10 11:42:57 +09:00			`if !respbody.Errors {`
			`return`
			`}`
로그 추가 2025-09-10 11:03:02 +09:00
버퍼 중복 복사 방지 2025-09-10 16:05:54 +09:00			`var retry []*singleLogMarshaller`
opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00			`for i, item := range respbody.Items {`
			`if item.Create.Status < 400 {`
			`// 재시도`
			`retry = append(retry, sending[i])`
			`}`
			`}`
로그 추가 2025-09-10 11:42:57 +09:00
			`logger.Println("[LogStream] send bulk failed. retry :", len(retry))`
opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00			`if len(retry) > 0 {`
			`failChan <- retry`
			`}`
			`}(sending)`
			`}`

			`for {`
			`select {`
			`case <-ctx.Done():`
로그 전송을 비동기로 2025-08-05 21:40:37 +09:00			`return`
opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00
			`case ret := <-failChan:`
			`// 순서는 중요하지 않음.`
버퍼 중복 복사 방지 2025-09-10 16:05:54 +09:00			`logMarshallers = append(logMarshallers, ret...)`
opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00			`sendfunc()`

			`case <-sendTick:`
버퍼 중복 복사 방지 2025-09-10 16:05:54 +09:00			`if len(logMarshallers) > 0 {`
opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00			`sendfunc()`
			`} else {`
			`sendTick = time.After(time.Minute)`
			`}`

			`case logDoc := <-c.bulkChan:`
			`b, _ := json.Marshal(logDoc)`
버퍼 중복 복사 방지 2025-09-10 16:05:54 +09:00			`logtype := []byte(logDoc.Type)`
			`logMarshallers = append(logMarshallers, &singleLogMarshaller{`
			`singleLogPrepend: c.singleLogPrepend,`
			`singleLogMidpend: c.singleLogMidpend,`
			`singleLogAppend: c.singleLogAppend,`
			`logtype: logtype,`
			`content: b,`
			`length: len(logtype) + len(b) + c.singleLogFixedSize,`
			`})`
로그 전송을 비동기로 2025-08-05 21:40:37 +09:00			`}`
opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00			`}`
opensearch gocommon으로 이동 2025-06-25 16:47:08 +09:00			`}`

			`var jwtHeader string`
			`var encoding = base64.RawURLEncoding`

			`func init() {`
			src := []byte(`{"alg": "HS256","typ": "JWT"}`)
			`dst := make([]byte, len(src)*2)`
			`encoding.Encode(dst, src)`
			`enclen := encoding.EncodedLen(len(src))`
			`jwtHeader = string(dst[:enclen])`
			`}`

MakeJWT 시그니처 수정 2025-08-07 15:01:03 +09:00			`func (c *Client) MakeJWT(subject string, role string, ttl time.Duration) string {`
opensearch gocommon으로 이동 2025-06-25 16:47:08 +09:00			`if len(c.signingKey) == 0 {`
			`return ""`
			`}`

makejwt ttl 수정 2025-08-13 22:32:01 +09:00			`now := time.Now().Add(ttl).Unix()`
버퍼 중복 복사 방지 2025-09-10 16:05:54 +09:00			src := fmt.Appendf(nil, `{"exp":%d,"sub":"%s","roles":"%s"}`, now, subject, role)
opensearch gocommon으로 이동 2025-06-25 16:47:08 +09:00			`payload := make([]byte, encoding.EncodedLen(len(src)))`
			`encoding.Encode(payload, src)`

			`encoded := jwtHeader + "." + string(payload)`
			`mac := hmac.New(sha256.New, c.signingKey)`
			`mac.Write([]byte(encoded))`
			`signature := mac.Sum(nil)`
			`sigenc := make([]byte, encoding.EncodedLen(len(signature)))`
			`encoding.Encode(sigenc, signature)`

			`return encoded + "." + string(sigenc)`
			`}`

osg VerifyJWT 추가 2025-08-13 22:06:06 +09:00			`func (c *Client) VerifyJWT(token string) (subject string, role string) {`
			`dot := strings.LastIndex(token, ".")`
			`if dot < 0 {`
			`return`
			`}`

			`encoded := token[:dot]`
			`sigenc := token[dot+1:]`
			`signature := make([]byte, encoding.DecodedLen(len(sigenc)))`
			`encoding.Decode(signature, []byte(sigenc))`

			`mac := hmac.New(sha256.New, c.signingKey)`
			`mac.Write([]byte(encoded))`
			`calsig := mac.Sum(nil)`
			`if slices.Compare(calsig, signature) != 0 {`
			`return`
			`}`

			`_, payload, ok := strings.Cut(encoded, ".")`
			`if !ok {`
			`return`
			`}`

			`srcjson, err := encoding.DecodeString(payload)`
			`if err != nil {`
			`return`
			`}`

			`var src struct {`
			Exp int64 `json:"exp"`
			Sub string `json:"sub"`
			Roles string `json:"roles"`
			`}`
			`if json.Unmarshal([]byte(srcjson), &src) != nil {`
			`return`
			`}`
			`if src.Exp < time.Now().Unix() {`
			`return`
			`}`

			`return src.Sub, src.Roles`
			`}`

opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00			`func NewClient(ctx context.Context, cfg Config) (Client, error) {`
opensearch gocommon으로 이동 2025-06-25 16:47:08 +09:00			`if len(cfg.Addresses) == 0 {`
			`return Client{}, nil`
			`}`

버퍼 중복 복사 방지 2025-09-10 16:05:54 +09:00			`// retry는 수동으로`
			`cfg.Config.DisableRetry = true`
opensearch gocommon으로 이동 2025-06-25 16:47:08 +09:00			`client, err := osg.NewClient(cfg.Config)`
			`if err != nil {`
			`return Client{}, err`
			`}`

			`var signingKey []byte`
			`if len(cfg.SigningKey) > 0 {`
			`dst := make([]byte, len(cfg.SigningKey)*2)`
			`dstlen, _ := base64.StdEncoding.Decode(dst, []byte(cfg.SigningKey))`
			`signingKey = dst[:dstlen]`
			`}`

			`indexPrefix := cfg.IndexPrefix`
logstream indexprefix 비었을 때 처리 2025-07-29 17:56:47 +09:00			`if !strings.HasSuffix(indexPrefix, "-") && len(indexPrefix) > 0 {`
opensearch gocommon으로 이동 2025-06-25 16:47:08 +09:00			`indexPrefix += "-"`
			`}`
			`if !strings.HasSuffix(indexPrefix, "ds-logs-") {`
			`indexPrefix = "ds-logs-" + indexPrefix`
			`}`

로그 추가 2025-09-10 11:42:57 +09:00			`logger.Println("[LogStream] stream indexPrefix :", indexPrefix)`
opensearch gocommon으로 이동 2025-06-25 16:47:08 +09:00			`bulkHeader := make(http.Header)`
			`singleHeader := make(http.Header)`
opensearch 계정이 없을 때 헤더 처리 2025-09-10 10:58:38 +09:00			`if len(cfg.Username) > 0 && len(cfg.Password) > 0 {`
버퍼 중복 복사 방지 2025-09-10 16:05:54 +09:00			`authHeader := fmt.Sprintf("Basic %s", base64.RawURLEncoding.EncodeToString(fmt.Appendf(nil, "%s:%s", cfg.Username, cfg.Password)))`
opensearch 계정이 없을 때 헤더 처리 2025-09-10 10:58:38 +09:00			`bulkHeader.Set("Authorization", authHeader)`
			`singleHeader.Set("Authorization", authHeader)`
			`}`
opensearch gocommon으로 이동 2025-06-25 16:47:08 +09:00
버퍼 중복 복사 방지 2025-09-10 16:05:54 +09:00			singleLogPrepend := fmt.Appendf(nil, `{"create":{"_index":"%s`, indexPrefix)
			`singleLogMidpend := []byte("\"}}\n")`
			`singleLogAppend := []byte("\n")`
			`singleLogFixedSize := len(singleLogPrepend) + len(singleLogMidpend) + len(singleLogAppend)`

opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00			`out := Client{`
opensearch gocommon으로 이동 2025-06-25 16:47:08 +09:00			`Client: client,`
			`cfg: cfg,`
			`signingKey: signingKey,`
			`indexTemplatePattern: indexPrefix,`
			`bulkHeader: bulkHeader,`
			`singleHeader: singleHeader,`
opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00			`bulkChan: make(chan *LogDocument, 1000),`
버퍼 중복 복사 방지 2025-09-10 16:05:54 +09:00
			`singleLogPrepend: singleLogPrepend,`
			`singleLogMidpend: singleLogMidpend,`
			`singleLogAppend: singleLogAppend,`
			`singleLogFixedSize: singleLogFixedSize,`
opensearch client 로그 전송 실패 처리 2025-09-03 17:20:34 +09:00			`}`

			`go func() {`
			`for {`
			`out.sendLoop(ctx)`
			`if ctx.Err() != nil {`
			`return`
			`}`
			`}`
			`}()`
			`return out, nil`
opensearch gocommon으로 이동 2025-06-25 16:47:08 +09:00			`}`