From 81af6d2470cfbf81eace91db31a987b2de02cb57 Mon Sep 17 00:00:00 2001
From: luxick <git@luxick.de>
Date: Mon, 5 Jan 2026 13:57:08 +0100
Subject: [PATCH] Update logging

---
 main.go | 31 ++++++++++++++++---------------
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/main.go b/main.go
index 4e57e01..d16829e 100644
--- a/main.go
+++ b/main.go
@@ -40,6 +40,9 @@ type openResponse struct {
 }
 
 func main() {
+	infoLog := log.New(os.Stdout, "", log.LstdFlags)
+	errLog := log.New(os.Stderr, "ERROR: ", log.LstdFlags)
+
 	listen := flag.String("listen", "127.0.0.1:8765", "listen address (host:port), should be loopback")
 	token := flag.String("token", "", "shared secret token; if empty, requests are allowed without authentication")
 	var allowed allowList
@@ -47,16 +50,16 @@ func main() {
 	flag.Parse()
 
 	if !isLoopbackListenAddr(*listen) {
-		log.Fatalf("refusing to listen on non-loopback address: %s", *listen)
+		errLog.Fatalf("refusing to listen on non-loopback address: %s", *listen)
 	}
 
 	if strings.TrimSpace(*token) == "" {
 		generated, err := generateToken()
 		if err != nil {
-			log.Fatalf("failed to generate token: %v", err)
+			errLog.Fatalf("failed to generate token: %v", err)
 		}
 		*token = generated
-		log.Printf("generated token (set this in the plugin config): %s", *token)
+		infoLog.Printf("generated token (set this in the plugin config): %s", *token)
 	}
 
 	mux := http.NewServeMux()
@@ -72,7 +75,6 @@ func main() {
 		start := time.Now()
 		var rawPath string
 		if r.Method == http.MethodOptions {
-			log.Printf("/open preflight remote=%s origin=%q", r.RemoteAddr, r.Header.Get("Origin"))
 			w.WriteHeader(http.StatusNoContent)
 			return
 		}
@@ -85,24 +87,23 @@ func main() {
 			dec := json.NewDecoder(http.MaxBytesReader(w, r.Body, 32*1024))
 			dec.DisallowUnknownFields()
 			if err := dec.Decode(&req); err != nil {
-				log.Printf("/open bad-json remote=%s method=%s err=%v dur=%s", r.RemoteAddr, r.Method, err, time.Since(start))
+				errLog.Printf("/open bad-json method=%s err=%v dur=%s", r.Method, err, time.Since(start))
 				writeJSON(w, http.StatusBadRequest, openResponse{OK: false, Message: "invalid json"})
 				return
 			}
 		default:
-			log.Printf("/open method-not-allowed remote=%s method=%s dur=%s", r.RemoteAddr, r.Method, time.Since(start))
+			errLog.Printf("/open method-not-allowed method=%s dur=%s", r.Method, time.Since(start))
 			writeJSON(w, http.StatusMethodNotAllowed, openResponse{OK: false, Message: "GET or POST required"})
 			return
 		}
 
 		rawPath = req.Path
-		log.Printf("/open request remote=%s method=%s ua=%q path=%q", r.RemoteAddr, r.Method, r.UserAgent(), rawPath)
 
 		if !checkToken(r, *token) {
 			// Allow token to be supplied via query string for GET fallback.
 			qt := strings.TrimSpace(r.URL.Query().Get("token"))
 			if qt == "" || !subtleStringEqual(qt, strings.TrimSpace(*token)) {
-				log.Printf("/open unauthorized remote=%s method=%s path=%q headerToken=%t queryToken=%t dur=%s", r.RemoteAddr, r.Method, rawPath, strings.TrimSpace(r.Header.Get("X-Filetools-Token")) != "", qt != "", time.Since(start))
+				errLog.Printf("/open unauthorized method=%s path=%q headerToken=%t queryToken=%t dur=%s", r.Method, rawPath, strings.TrimSpace(r.Header.Get("X-Filetools-Token")) != "", qt != "", time.Since(start))
 				writeJSON(w, http.StatusUnauthorized, openResponse{OK: false, Message: "unauthorized"})
 				return
 			}
@@ -110,23 +111,23 @@ func main() {
 
 		target, err := normalizePath(req.Path)
 		if err != nil {
-			log.Printf("/open bad-path remote=%s method=%s path=%q err=%v dur=%s", r.RemoteAddr, r.Method, rawPath, err, time.Since(start))
+			errLog.Printf("/open bad-path method=%s path=%q err=%v dur=%s", r.Method, rawPath, err, time.Since(start))
 			writeJSON(w, http.StatusBadRequest, openResponse{OK: false, Message: err.Error()})
 			return
 		}
 
 		if len(allowed) > 0 && !isAllowed(target, allowed) {
-			log.Printf("/open forbidden remote=%s method=%s path=%q normalized=%q dur=%s", r.RemoteAddr, r.Method, rawPath, target, time.Since(start))
+			errLog.Printf("/open forbidden method=%s path=%q normalized=%q dur=%s", r.Method, rawPath, target, time.Since(start))
 			writeJSON(w, http.StatusForbidden, openResponse{OK: false, Message: "path not allowed"})
 			return
 		}
 
 		if err := openFolder(target); err != nil {
-			log.Printf("/open open-failed remote=%s method=%s path=%q normalized=%q err=%v dur=%s", r.RemoteAddr, r.Method, rawPath, target, err, time.Since(start))
+			errLog.Printf("/open open-failed method=%s path=%q normalized=%q err=%v dur=%s", r.Method, rawPath, target, err, time.Since(start))
 			writeJSON(w, http.StatusInternalServerError, openResponse{OK: false, Message: err.Error()})
 			return
 		}
-		log.Printf("/open opened remote=%s method=%s path=%q normalized=%q dur=%s", r.RemoteAddr, r.Method, rawPath, target, time.Since(start))
+		infoLog.Printf("/open opened method=%s path=%q normalized=%q dur=%s", r.Method, rawPath, target, time.Since(start))
 
 		if r.Method == http.MethodGet {
 			// For GET callers (image-ping), a 204 avoids console noise from non-image responses.
@@ -146,9 +147,9 @@ func main() {
 		IdleTimeout:       30 * time.Second,
 	}
 
-	log.Printf("listening on http://%s", *listen)
-	log.Printf("os=%s arch=%s", runtime.GOOS, runtime.GOARCH)
-	log.Fatal(srv.ListenAndServe())
+	infoLog.Printf("listening on http://%s", *listen)
+	infoLog.Printf("os=%s arch=%s", runtime.GOOS, runtime.GOARCH)
+	errLog.Fatal(srv.ListenAndServe())
 }
 
 func isLoopbackListenAddr(addr string) bool {