access_log.py
python
sha256:34035d72cef530c1ab9d6a6f53be18d803dde705fc3157617d70352a96d0747b
Merge branch 'fix/wire-push-external-parent-manifest' into dev
Human
8 days ago
| 1 | """Per-request structured access logging middleware. |
| 2 | |
| 3 | Injects ``request_id`` and ``user_id`` into contextvars so every |
| 4 | log record emitted during the request carries them. Emits a single access |
| 5 | log line at the end of the request: |
| 6 | |
| 7 | {"timestamp":...,"level":"INFO","message":"GET /api/v1/repos 200 14.3ms", |
| 8 | "request_id":"...","user_id":"gabriel","method":"GET","path":"...","status":200,"duration_ms":14.3} |
| 9 | |
| 10 | Design choices: |
| 11 | * User identity — only the MSign ``handle`` is logged (never the raw token). |
| 12 | * /healthz — logged at DEBUG to avoid noise in monitoring dashboards. |
| 13 | * No request/response body logging — eliminates PII risk at the middleware level. |
| 14 | * request_id is a random hex string generated per-request; injected into response |
| 15 | headers as ``X-Request-Id`` so clients can correlate errors with log entries. |
| 16 | """ |
| 17 | |
| 18 | import logging |
| 19 | import re |
| 20 | import secrets |
| 21 | import time |
| 22 | |
| 23 | from starlette.types import ASGIApp, Message, Receive, Scope, Send |
| 24 | |
| 25 | from musehub.logging_config import request_id_var, user_id_var |
| 26 | |
| 27 | logger = logging.getLogger(__name__) |
| 28 | |
| 29 | # Extract the handle from Authorization: MSign handle="gabriel" ts=... sig=... |
| 30 | _MSIGN_HANDLE_RE = re.compile(r'handle="([^"]+)"') |
| 31 | |
| 32 | _HEALTH_PATH = "/healthz" |
| 33 | _STATIC_PREFIX = "/static/" |
| 34 | |
| 35 | class AccessLogMiddleware: |
| 36 | """ASGI middleware: structured per-request access log + X-Request-Id header.""" |
| 37 | |
| 38 | def __init__(self, app: ASGIApp) -> None: |
| 39 | self.app = app |
| 40 | |
| 41 | async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None: |
| 42 | if scope["type"] != "http": |
| 43 | await self.app(scope, receive, send) |
| 44 | return |
| 45 | |
| 46 | # ── Inject request_id ───────────────────────────────────────────────── |
| 47 | request_id = secrets.token_hex(16) |
| 48 | token_rid = request_id_var.set(request_id) |
| 49 | |
| 50 | # ── Extract user_id from MSign Authorization header ─────────────────── |
| 51 | # Never log the raw token value — only the human-readable handle. |
| 52 | user_id = "" |
| 53 | for raw_key, raw_val in scope.get("headers", []): |
| 54 | if raw_key.lower() == b"authorization": |
| 55 | auth_header = raw_val.decode("latin-1", errors="replace") |
| 56 | m = _MSIGN_HANDLE_RE.search(auth_header) |
| 57 | if m: |
| 58 | user_id = m.group(1) |
| 59 | break |
| 60 | token_uid = user_id_var.set(user_id) |
| 61 | |
| 62 | status_code = 500 |
| 63 | response_started = False |
| 64 | |
| 65 | async def send_with_request_id(message: Message) -> None: |
| 66 | nonlocal status_code, response_started |
| 67 | if message["type"] == "http.response.start": |
| 68 | status_code = message["status"] |
| 69 | response_started = True |
| 70 | # Inject X-Request-Id into response headers. |
| 71 | headers = list(message.get("headers", [])) |
| 72 | headers.append((b"x-request-id", request_id.encode())) |
| 73 | message = {**message, "headers": headers} |
| 74 | await send(message) |
| 75 | |
| 76 | start = time.monotonic() |
| 77 | try: |
| 78 | await self.app(scope, receive, send_with_request_id) |
| 79 | finally: |
| 80 | duration_ms = round((time.monotonic() - start) * 1000, 1) |
| 81 | path = scope.get("path", "") |
| 82 | method = scope.get("method", "") |
| 83 | |
| 84 | # /healthz and /static/* at DEBUG — suppress from INFO dashboards. |
| 85 | is_noisy = path == _HEALTH_PATH or path.startswith(_STATIC_PREFIX) |
| 86 | level = logging.DEBUG if is_noisy else logging.INFO |
| 87 | |
| 88 | logger.log( |
| 89 | level, |
| 90 | "%s %s %s %.1fms", |
| 91 | method, path, status_code, duration_ms, |
| 92 | extra={ |
| 93 | "method": method, |
| 94 | "path": path, |
| 95 | "status": status_code, |
| 96 | "duration_ms": duration_ms, |
| 97 | }, |
| 98 | ) |
| 99 | |
| 100 | request_id_var.reset(token_rid) |
| 101 | user_id_var.reset(token_uid) |
File History
14 commits
sha256:34035d72cef530c1ab9d6a6f53be18d803dde705fc3157617d70352a96d0747b
Merge branch 'fix/wire-push-external-parent-manifest' into dev
Human
8 days ago
sha256:fc04e4cae9e1774d6a21b65c45daeed0e6787eb581d13aa1b03bfe9384a34226
Merge branch 'fix/two-column-scroll-layout' into dev
Human
8 days ago
sha256:408916fc5973ba59c6e4eebaa80ebdcc801c0a63205651e25009d11548f79454
chore: bump version to 0.2.0.dev2 — nightly.2, matching muse
Sonnet 4.6
patch
11 days ago
sha256:d035733f21ccff27735fddebfbbe0ed24565a32a22db8de5885402262671ecd2
chore: bump version to 0.2.0rc15 for musehub#113 fix release
Sonnet 4.6
patch
14 days ago
sha256:0032d6cfa33bc3c8367436ad768e7dd0e339b4332153160247da8266cb5fa352
Merge branch 'task/version-tags-phase3-server' into dev
Human
17 days ago
sha256:4669620efda9ff41c55bdefd1f7bfe1c239d468428744c84ead9957e5a003a53
merge: rescue snapshot-recovery hardening (c00aa21d) into d…
Opus 4.8
minor
⚠
29 days ago
sha256:a59da49c4611b970fc4b6ae48678ce4943261c213a07ddbd73ce9201df869b4a
fix: remove false-positive proposal_comments index drop fro…
Sonnet 4.6
patch
34 days ago
sha256:0a240d6dbff234f07d98a28a4a9a68db702f3f9ff9260196f24219bdb1c0b6f3
feat: render markdown mists as HTML with heading anchor links
Sonnet 4.6
patch
34 days ago
sha256:24a7d47486ebc4ebd1832830580e177ec6f877b48dced8c000e198cdec4ce9d6
Merge 'task/bump-version-rc12' into 'dev' — proposal: Bump …
Human
35 days ago
sha256:b9ff931d147e0114a1f17060f415b89ed551c170a91ff226c70437aa5c85f9ee
Merge 'task/bump-version-rc12' into 'dev' — proposal: Bump …
Human
35 days ago
sha256:d1122d21e73471879b460037b22c0b50fded7c423444a176f248428f75dac39c
Merge 'task/fix-issue-pagination-cursor' into 'dev' — propo…
Human
35 days ago
sha256:01e18975e73d2b3cd5b6db7929c895bef9aa6e0d4391dc5b2adfc548b41318dd
Merge 'feat/adding-debug-logs-to-staging' into 'dev' — prop…
Human
36 days ago
sha256:6b1949fc2797ca4c1936a637a4cbfec828ef56cf52398a2e74ca3c4f494e728f
fix: use wire_bytes not mpack_bytes_raw in compute_object_b…
Sonnet 4.6
patch
48 days ago
sha256:b99f2455dc346966d040133f5203297e6e3ef5803a93728a2c30568d0a0f7583
rename: delta_add → delta_upsert across wire format, models…
Sonnet 4.6
patch
50 days ago