feat(vulnTestServer): 添加日志系统

- 使用Python内置logging模块
- 支持同时输出到控制台和文件
- 支持滚动日志文件(RotatingFileHandler)
- 支持JSON配置文件进行配置
- 日志文件独立存放在logs目录
- 替换所有print调试语句为结构化日志

Author: lanshuizhiyue

src/vulnTestServer/handlers/base.py

@@ -11,7 +11,11 @@
 import time
 import xml.etree.ElementTree as ET
 from urllib.parse import unquote
-from datetime import datetime
+
+# 导入日志模块
+import sys
+sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
+from logger import logger, sql_logger, error_logger
 
 
 class BaseHandlerMixin:
@@ -31,20 +35,6 @@ class BaseHandlerMixin:
         '.svg': 'image/svg+xml',
     }
 
-    def log_message(self, format, *args):
-        """自定义日志格式"""
-        from config import LOG_REQUESTS, LOG_FILE
-        if LOG_REQUESTS:
-            timestamp = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
-            message = f"[{timestamp}] {self.address_string()} - {format % args}"
-            print(message)
-            try:
-                os.makedirs(os.path.dirname(LOG_FILE), exist_ok=True)
-                with open(LOG_FILE, 'a', encoding='utf-8') as f:
-                    f.write(message + '\n')
-            except:
-                pass
-    
     def send_json_response(self, data, status=200):
         """发送JSON响应"""
         self.send_response(status)
@@ -131,6 +121,7 @@ def send_static_file(self, filepath):
             self.end_headers()
             self.wfile.write(content)
         except Exception as e:
+            error_logger.exception("Error serving static file: %s", filepath)
             self.send_error(500, str(e))
 
     def get_post_data(self):

src/vulnTestServer/handlers/cart_handlers.py

@@ -12,6 +12,7 @@
 
 from config import DEBUG
 from database import get_db_connection
+from logger import logger
 
 
 class CartHandlerMixin:
@@ -47,7 +48,7 @@ def handle_cart_add(self, data):
             return
 
         if DEBUG:
-            print(f"[CartAdd] session_id={session_id}, csrf_token={csrf_token}")
+            logger.debug("[CartAdd] session_id=%s, csrf_token=%s", session_id, csrf_token)
 
         conn = get_db_connection()
         cursor = conn.cursor()
@@ -102,7 +103,7 @@ def handle_cart_update(self, data):
             return
 
         if DEBUG:
-            print(f"[CartUpdate] session_id={session_id}, csrf_token={csrf_token}")
+            logger.debug("[CartUpdate] session_id=%s, csrf_token=%s", session_id, csrf_token)
 
         conn = get_db_connection()
         cursor = conn.cursor()

src/vulnTestServer/handlers/order_handlers.py

@@ -17,6 +17,7 @@
 from config import DEBUG
 from database import get_db_connection
 from waf import get_waf
+from logger import sql_logger, logger
 
 
 class OrderHandlerMixin:
@@ -62,7 +63,7 @@ def handle_order_create(self, data):
             return
 
         if DEBUG:
-            print(f"[OrderCreate] session_id={session_id}, token={token}, user_agent={user_agent}")
+            logger.debug("[OrderCreate] session_id=%s, token=%s, user_agent=%s", session_id, token, user_agent)
 
         conn = get_db_connection()
         cursor = conn.cursor()
@@ -130,7 +131,7 @@ def handle_orders_query(self, params):
             return
 
         if DEBUG:
-            print(f"[SQL] {sql}")
+            sql_logger.debug("[SQL] %s", sql)
 
         try:
             # 不使用executescript，避免堆叠查询修改数据
@@ -191,7 +192,7 @@ def handle_order_cancel(self, data):
             return
 
         if DEBUG:
-            print(f"[OrderCancel] session_id={session_id}, auth_token={auth_token}")
+            logger.debug("[OrderCancel] session_id=%s, auth_token=%s", session_id, auth_token)
 
         conn = get_db_connection()
         cursor = conn.cursor()

src/vulnTestServer/handlers/product_handlers.py

@@ -12,6 +12,7 @@
 from config import DEBUG
 from database import get_db_connection
 from waf import get_waf
+from logger import sql_logger
 
 
 class ProductHandlerMixin:
@@ -66,7 +67,7 @@ def handle_products_search(self, params):
         sql += " AND is_active = 1"
 
         if DEBUG:
-            print(f"[SQL] {sql}")
+            sql_logger.debug("[SQL] %s", sql)
 
         try:
             cursor.execute(sql)
@@ -123,7 +124,7 @@ def handle_product_detail(self, params):
         sql = f"SELECT * FROM products WHERE id = {product_id}"
 
         if DEBUG:
-            print(f"[SQL] {sql}")
+            sql_logger.debug("[SQL] %s", sql)
 
         try:
             start_time = time.time()

src/vulnTestServer/handlers/system_handlers.py

@@ -15,6 +15,7 @@
 from config import DEBUG, VERSION, DIFFICULTY, APP_NAME
 from database import get_db_connection
 from waf import get_waf, set_difficulty
+from logger import logger
 
 
 class SystemHandlerMixin:
@@ -127,7 +128,7 @@ def handle_feedback(self, data):
             return
 
         if DEBUG:
-            print(f"[Feedback] session_id={session_id}, token={token}, timestamp={timestamp}")
+            logger.debug("[Feedback] session_id=%s, token=%s, timestamp=%s", session_id, token, timestamp)
 
         conn = get_db_connection()
         cursor = conn.cursor()

src/vulnTestServer/handlers/user_handlers.py

@@ -12,6 +12,7 @@
 from config import DEBUG
 from database import get_db_connection, hash_password
 from waf import get_waf
+from logger import sql_logger, logger
 
 
 class UserHandlerMixin:
@@ -44,8 +45,8 @@ def handle_user_login(self, data):
         sql = f"SELECT * FROM users WHERE username = '{username}' AND password = '{hash_password(password)}'"
 
         if DEBUG:
-            print(f"[SQL] {sql}")
-            print(f"[Session] session_id={session_id}, device_id={device_id}")
+            sql_logger.debug("[SQL] %s", sql)
+            logger.debug("[Session] session_id=%s, device_id=%s", session_id, device_id)
 
         try:
             cursor.execute(sql)
@@ -101,7 +102,7 @@ def handle_user_register(self, data):
             return
 
         if DEBUG:
-            print(f"[Register] session_id={session_id}, captcha_token={captcha_token}")
+            logger.debug("[Register] session_id=%s, captcha_token=%s", session_id, captcha_token)
 
         conn = get_db_connection()
         cursor = conn.cursor()
@@ -147,7 +148,7 @@ def handle_user_profile(self, params):
         sql = f"SELECT id, username, email, phone, address, balance FROM users WHERE id = {user_id}"
 
         if DEBUG:
-            print(f"[SQL] {sql}")
+            sql_logger.debug("[SQL] %s", sql)
 
         try:
             cursor.execute(sql)
@@ -214,7 +215,7 @@ def handle_user_update(self, data):
             return
 
         if DEBUG:
-            print(f"[UserUpdate] session_id={session_id}, token={token}, device_id={device_id}")
+            logger.debug("[UserUpdate] session_id=%s, token=%s, device_id=%s", session_id, token, device_id)
 
         conn = get_db_connection()
         cursor = conn.cursor()

src/vulnTestServer/logger.py

@@ -0,0 +1,191 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+"""
+VulnShop 日志模块
+
+使用Python内置logging库，支持：
+- 同时输出到控制台和文件
+- 滚动日志文件（RotatingFileHandler）
+- 通过JSON配置文件进行配置
+- 多个日志器：主日志、访问日志、SQL日志、错误日志
+"""
+
+import os
+import json
+import logging
+import logging.config
+import logging.handlers
+from pathlib import Path
+
+
+# 日志目录
+LOG_DIR = Path(__file__).parent / "logs"
+CONFIG_FILE = Path(__file__).parent / "logging_config.json"
+
+# 默认配置（当配置文件不存在时使用）
+DEFAULT_CONFIG = {
+    "version": 1,
+    "disable_existing_loggers": False,
+    "formatters": {
+        "standard": {
+            "format": "[%(asctime)s] %(levelname)-8s %(name)s - %(message)s",
+            "datefmt": "%Y-%m-%d %H:%M:%S"
+        },
+        "detailed": {
+            "format": "[%(asctime)s] %(levelname)-8s [%(name)s:%(funcName)s:%(lineno)d] - %(message)s",
+            "datefmt": "%Y-%m-%d %H:%M:%S"
+        },
+        "access": {
+            "format": "[%(asctime)s] %(message)s",
+            "datefmt": "%Y-%m-%d %H:%M:%S"
+        }
+    },
+    "handlers": {
+        "console": {
+            "class": "logging.StreamHandler",
+            "level": "DEBUG",
+            "formatter": "standard",
+            "stream": "ext://sys.stdout"
+        },
+        "file": {
+            "class": "logging.handlers.RotatingFileHandler",
+            "level": "DEBUG",
+            "formatter": "detailed",
+            "filename": str(LOG_DIR / "vulnshop.log"),
+            "maxBytes": 10485760,  # 10MB
+            "backupCount": 5,
+            "encoding": "utf-8"
+        },
+        "access_file": {
+            "class": "logging.handlers.RotatingFileHandler",
+            "level": "INFO",
+            "formatter": "access",
+            "filename": str(LOG_DIR / "access.log"),
+            "maxBytes": 10485760,
+            "backupCount": 5,
+            "encoding": "utf-8"
+        },
+        "error_file": {
+            "class": "logging.handlers.RotatingFileHandler",
+            "level": "ERROR",
+            "formatter": "detailed",
+            "filename": str(LOG_DIR / "error.log"),
+            "maxBytes": 5242880,  # 5MB
+            "backupCount": 3,
+            "encoding": "utf-8"
+        }
+    },
+    "loggers": {
+        "vulnshop": {
+            "level": "DEBUG",
+            "handlers": ["console", "file"],
+            "propagate": False
+        },
+        "vulnshop.access": {
+            "level": "INFO",
+            "handlers": ["console", "access_file"],
+            "propagate": False
+        },
+        "vulnshop.sql": {
+            "level": "DEBUG",
+            "handlers": ["console", "file"],
+            "propagate": False
+        },
+        "vulnshop.error": {
+            "level": "ERROR",
+            "handlers": ["console", "error_file"],
+            "propagate": False
+        }
+    },
+    "root": {
+        "level": "INFO",
+        "handlers": ["console", "file"]
+    }
+}
+
+
+def _ensure_log_dir():
+    """确保日志目录存在"""
+    LOG_DIR.mkdir(parents=True, exist_ok=True)
+
+
+def _fix_log_paths(config: dict) -> dict:
+    """修正配置中的日志文件路径为绝对路径"""
+    handlers = config.get("handlers", {})
+    for handler_name, handler_config in handlers.items():
+        if "filename" in handler_config:
+            filename = handler_config["filename"]
+            # 如果是相对路径，转换为绝对路径
+            if not os.path.isabs(filename):
+                handler_config["filename"] = str(LOG_DIR / os.path.basename(filename))
+    return config
+
+
+def load_config() -> dict:
+    """加载日志配置"""
+    _ensure_log_dir()
+    
+    if CONFIG_FILE.exists():
+        try:
+            with open(CONFIG_FILE, 'r', encoding='utf-8') as f:
+                config = json.load(f)
+            return _fix_log_paths(config)
+        except Exception as e:
+            print(f"[WARNING] Failed to load logging config: {e}, using default config")
+            return _fix_log_paths(DEFAULT_CONFIG.copy())
+    else:
+        return _fix_log_paths(DEFAULT_CONFIG.copy())
+
+
+def setup_logging():
+    """初始化日志系统"""
+    config = load_config()
+    logging.config.dictConfig(config)
+
+
+def get_logger(name: str = "vulnshop") -> logging.Logger:
+    """
+    获取日志器
+    
+    Args:
+        name: 日志器名称
+            - "vulnshop": 主日志器
+            - "vulnshop.access": 访问日志器
+            - "vulnshop.sql": SQL日志器
+            - "vulnshop.error": 错误日志器
+    
+    Returns:
+        logging.Logger: 日志器实例
+    """
+    return logging.getLogger(name)
+
+
+# 便捷函数
+def get_main_logger() -> logging.Logger:
+    """获取主日志器"""
+    return get_logger("vulnshop")
+
+
+def get_access_logger() -> logging.Logger:
+    """获取访问日志器"""
+    return get_logger("vulnshop.access")
+
+
+def get_sql_logger() -> logging.Logger:
+    """获取SQL日志器"""
+    return get_logger("vulnshop.sql")
+
+
+def get_error_logger() -> logging.Logger:
+    """获取错误日志器"""
+    return get_logger("vulnshop.error")
+
+
+# 模块加载时自动初始化日志系统
+setup_logging()
+
+# 导出的日志器实例
+logger = get_main_logger()
+access_logger = get_access_logger()
+sql_logger = get_sql_logger()
+error_logger = get_error_logger()