+ var username string
+ var err error
+ if cfg.Auth != nil {
+ username, err = performAuth(w, r, cfg.Auth)
+ }
+ if username != "" {
+ username = "user:" + username + " "
+ }
+ printErr := func(code int, err error) {
+ fmt.Printf("%s %s \"%s %+q %s\" %d \"%s\" %s\"%s\"\n",
+ r.RemoteAddr, host, r.Method, PathWithQuery(r.URL), r.Proto,
+ code, err.Error(),
+ username, r.Header.Get("User-Agent"),
+ )
+ }
+ switch err {
+ case nil:
+ break
+ case Unauthorized:
+ printErr(http.StatusUnauthorized, err)
+ return
+ default:
+ printErr(http.StatusInternalServerError, err)
+ http.Error(w, "internal error", http.StatusInternalServerError)
+ return
+ }
+
+ if (cfg.ECDSATLS != nil && len(cfg.ECDSATLS.ClientCAs) > 0) ||
+ (cfg.EdDSATLS != nil && len(cfg.EdDSATLS.ClientCAs) > 0) ||
+ (cfg.GOSTTLS != nil && len(cfg.GOSTTLS.ClientCAs) > 0) {
+ if r.TLS == nil {
+ err = errors.New("TLS client authentication required")
+ printErr(http.StatusForbidden, err)
+ http.Error(w, err.Error(), http.StatusForbidden)
+ return
+ } else {
+ username += r.TLS.PeerCertificates[0].Subject.String() + " "
+ }
+ }
+