Merge pull request #267 from DFE-Digital/logging-request-response

Log request/response with payloads

GetIntoTeachingApi/Attributes/CrmETagAttribute.cs

@@ -9,7 +9,7 @@
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Filters;
 
-namespace GetIntoTeachingApi.Filters
+namespace GetIntoTeachingApi.Attributes
 {
     public class CrmETagAttribute : Attribute, IActionFilter
     {

GetIntoTeachingApi/Attributes/LogRequestsAttribute.cs

@@ -0,0 +1,97 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Reflection;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.Controllers;
+using Microsoft.AspNetCore.Mvc.Filters;
+using Microsoft.Extensions.Logging;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Serialization;
+
+namespace GetIntoTeachingApi.Attributes
+{
+    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = false)]
+    public class LogRequestsAttribute : Attribute, IActionFilter
+    {
+        private readonly ILogger<LogRequestsAttribute> _logger;
+
+        public LogRequestsAttribute()
+        {
+            var factory = LoggerFactory.Create(builder => builder.AddConsole());
+            _logger = factory.CreateLogger<LogRequestsAttribute>();
+        }
+
+        public LogRequestsAttribute(ILogger<LogRequestsAttribute> logger)
+        {
+            _logger = logger;
+        }
+
+        public void OnActionExecuting(ActionExecutingContext context)
+        {
+            var descriptor = (ControllerActionDescriptor)context.ActionDescriptor;
+
+            var messages = context.ActionArguments.Select(a => LogMessageForObject(a.Value));
+            var message = LogMessage("Request", descriptor, messages);
+            _logger.LogInformation(message);
+        }
+
+        public void OnActionExecuted(ActionExecutedContext context)
+        {
+            if (context.Result is ObjectResult result)
+            {
+                var descriptor = (ControllerActionDescriptor)context.ActionDescriptor;
+                var messages = new List<string> { LogMessageForObject(result.Value) };
+                var message = LogMessage("Response", descriptor, messages);
+                _logger.LogInformation(message);
+            }
+        }
+
+        private static string LogMessage(string type, ControllerActionDescriptor descriptor, IEnumerable<string> messages)
+        {
+            var actionName = descriptor.ActionName;
+            var controllerName = descriptor.ControllerName;
+            var payload = string.Join("\n", messages.Where(m => !string.IsNullOrEmpty(m)));
+
+            return $"{type} {controllerName}:{actionName} - {payload}";
+        }
+
+        private static string LogMessageForObject(object obj)
+        {
+            var type = obj.GetType().GetGenericArguments().FirstOrDefault();
+
+            if (type == null)
+            {
+                type = obj.GetType();
+            }
+
+            if (type.GetCustomAttribute<LoggableAttribute>() == null)
+            {
+                return null;
+            }
+
+            return JsonConvert.SerializeObject(
+                obj,
+                Formatting.None,
+                new JsonSerializerSettings
+                {
+                    ContractResolver = new FilterSensitiveDataContractResolver(),
+                });
+        }
+
+        private class FilterSensitiveDataContractResolver : DefaultContractResolver
+        {
+            protected override JsonProperty CreateProperty(MemberInfo member, MemberSerialization memberSerialization)
+            {
+                var property = base.CreateProperty(member, memberSerialization);
+
+                property.ShouldSerialize = instance =>
+                    instance.GetType().GetCustomAttribute<LoggableAttribute>() != null &&
+                    member.GetCustomAttribute<SensitiveDataAttribute>() == null &&
+                    member.GetCustomAttribute<System.Text.Json.Serialization.JsonIgnoreAttribute>() == null;
+
+                return property;
+            }
+        }
+    }
+}

GetIntoTeachingApi/Attributes/LoggableAttribute.cs

@@ -0,0 +1,9 @@
+using System;
+
+namespace GetIntoTeachingApi.Attributes
+{
+    [AttributeUsage(AttributeTargets.Class, AllowMultiple = false, Inherited = true)]
+    public class LoggableAttribute : Attribute
+    {
+    }
+}

GetIntoTeachingApi/Attributes/SensitiveDataAttribute.cs

@@ -0,0 +1,9 @@
+using System;
+
+namespace GetIntoTeachingApi.Attributes
+{
+    [AttributeUsage(AttributeTargets.Property, AllowMultiple = false, Inherited = true)]
+    public class SensitiveDataAttribute : Attribute
+    {
+    }
+}

GetIntoTeachingApi/Controllers/CallbackBookingQuotasController.cs

@@ -1,4 +1,5 @@
 using System.Collections.Generic;
+using GetIntoTeachingApi.Attributes;
 using GetIntoTeachingApi.Models;
 using GetIntoTeachingApi.Services;
 using Microsoft.AspNetCore.Authorization;
@@ -9,6 +10,7 @@ namespace GetIntoTeachingApi.Controllers
 {
     [Route("api/callback_booking_quotas")]
     [ApiController]
+    [LogRequests]
     [Authorize]
     public class CallbackBookingQuotasController : ControllerBase
     {

GetIntoTeachingApi/Controllers/CandidatesController.cs

@@ -1,4 +1,5 @@
 using System.Collections.Generic;
+using GetIntoTeachingApi.Attributes;
 using GetIntoTeachingApi.Models;
 using GetIntoTeachingApi.Services;
 using Microsoft.AspNetCore.Authorization;
@@ -9,6 +10,7 @@ namespace GetIntoTeachingApi.Controllers
 {
     [Route("api/candidates")]
     [ApiController]
+    [LogRequests]
     [Authorize]
     public class CandidatesController : ControllerBase
     {

GetIntoTeachingApi/Controllers/MailingListController.cs

@@ -1,4 +1,5 @@
 using System.Collections.Generic;
+using GetIntoTeachingApi.Attributes;
 using GetIntoTeachingApi.Jobs;
 using GetIntoTeachingApi.Models;
 using GetIntoTeachingApi.Services;
@@ -11,6 +12,7 @@ namespace GetIntoTeachingApi.Controllers
 {
     [Route("api/mailing_list")]
     [ApiController]
+    [LogRequests]
     [Authorize]
     public class MailingListController : ControllerBase
     {

GetIntoTeachingApi/Controllers/OperationsController.cs

@@ -1,7 +1,7 @@
-using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
+using GetIntoTeachingApi.Attributes;
 using GetIntoTeachingApi.Models;
 using GetIntoTeachingApi.Services;
 using GetIntoTeachingApi.Utils;
@@ -12,6 +12,7 @@ namespace GetIntoTeachingApi.Controllers
 {
     [Route("api/operations")]
     [ApiController]
+    [LogRequests]
     public class OperationsController : ControllerBase
     {
         private readonly IStore _store;

GetIntoTeachingApi/Controllers/PrivacyPoliciesController.cs

@@ -1,6 +1,6 @@
 using System;
 using System.Threading.Tasks;
-using GetIntoTeachingApi.Filters;
+using GetIntoTeachingApi.Attributes;
 using GetIntoTeachingApi.Models;
 using GetIntoTeachingApi.Services;
 using Microsoft.AspNetCore.Authorization;
@@ -11,6 +11,7 @@ namespace GetIntoTeachingApi.Controllers
 {
     [Route("api/privacy_policies")]
     [ApiController]
+    [LogRequests]
     [Authorize]
     public class PrivacyPoliciesController : ControllerBase
     {

GetIntoTeachingApi/Controllers/TeacherTrainingAdviser/CandidatesController.cs

@@ -1,4 +1,5 @@
 using System.Collections.Generic;
+using GetIntoTeachingApi.Attributes;
 using GetIntoTeachingApi.Jobs;
 using GetIntoTeachingApi.Models;
 using GetIntoTeachingApi.Services;
@@ -11,6 +12,7 @@ namespace GetIntoTeachingApi.Controllers.TeacherTrainingAdviser
 {
     [Route("api/teacher_training_adviser/candidates")]
     [ApiController]
+    [LogRequests]
     [Authorize]
     public class CandidatesController : ControllerBase
     {

GetIntoTeachingApi/Controllers/TeachingEventsController.cs

@@ -1,6 +1,6 @@
 using System.Collections.Generic;
 using System.Threading.Tasks;
-using GetIntoTeachingApi.Filters;
+using GetIntoTeachingApi.Attributes;
 using GetIntoTeachingApi.Jobs;
 using GetIntoTeachingApi.Models;
 using GetIntoTeachingApi.Services;
@@ -13,6 +13,7 @@ namespace GetIntoTeachingApi.Controllers
 {
     [Route("api/teaching_events")]
     [ApiController]
+    [LogRequests]
     [Authorize]
     public class TeachingEventsController : ControllerBase
     {

GetIntoTeachingApi/Controllers/TypesController.cs

@@ -1,6 +1,6 @@
 using System.Collections.Generic;
 using System.Threading.Tasks;
-using GetIntoTeachingApi.Filters;
+using GetIntoTeachingApi.Attributes;
 using GetIntoTeachingApi.Models;
 using GetIntoTeachingApi.Services;
 using Microsoft.AspNetCore.Authorization;
@@ -12,6 +12,7 @@ namespace GetIntoTeachingApi.Controllers
 {
     [Route("api/types")]
     [ApiController]
+    [LogRequests]
     [Authorize]
     public class TypesController : ControllerBase
     {

GetIntoTeachingApi/Models/CallbackBookingQuota.cs

@@ -5,6 +5,7 @@
 
 namespace GetIntoTeachingApi.Models
 {
+    [Loggable]
     [Entity("dfe_callbackbookingquota")]
     public class CallbackBookingQuota : BaseModel
     {

GetIntoTeachingApi/Models/HealthCheckResponse.cs

@@ -1,9 +1,11 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Text.Json.Serialization;
+using GetIntoTeachingApi.Attributes;
 
 namespace GetIntoTeachingApi.Models
 {
+    [Loggable]
     public class HealthCheckResponse
     {
         public const string StatusOk = "ok";

GetIntoTeachingApi/Models/MailingListAddMember.cs

@@ -1,10 +1,12 @@
 using System;
 using System.Linq;
 using System.Text.Json.Serialization;
+using GetIntoTeachingApi.Attributes;
 using Swashbuckle.AspNetCore.Annotations;
 
 namespace GetIntoTeachingApi.Models
 {
+    [Loggable]
     public class MailingListAddMember
     {
         public Guid? CandidateId { get; set; }
@@ -18,10 +20,15 @@ public class MailingListAddMember
         [SwaggerSchema(WriteOnly = true)]
         public int? ChannelId { get; set; }
 
+        [SensitiveData]
         public string Email { get; set; }
+        [SensitiveData]
         public string FirstName { get; set; }
+        [SensitiveData]
         public string LastName { get; set; }
+        [SensitiveData]
         public string AddressPostcode { get; set; }
+        [SensitiveData]
         public string Telephone { get; set; }
         [SwaggerSchema(ReadOnly = true)]
         public bool AlreadySubscribedToEvents { get; set; }

GetIntoTeachingApi/Models/MappingInfo.cs

@@ -1,8 +1,10 @@
 using System;
 using System.Collections.Generic;
+using GetIntoTeachingApi.Attributes;
 
 namespace GetIntoTeachingApi.Models
 {
+    [Loggable]
     public class MappingInfo
     {
         private readonly Type _type;

GetIntoTeachingApi/Models/TeacherTrainingAdviserSignUp.cs

@@ -1,10 +1,12 @@
 using System;
 using System.Linq;
 using System.Text.Json.Serialization;
+using GetIntoTeachingApi.Attributes;
 using Swashbuckle.AspNetCore.Annotations;
 
 namespace GetIntoTeachingApi.Models
 {
+    [Loggable]
     public class TeacherTrainingAdviserSignUp
     {
         public Guid? CandidateId { get; set; }
@@ -25,17 +27,26 @@ public class TeacherTrainingAdviserSignUp
         public int? PlanningToRetakeGcseMathsAndEnglishId { get; set; }
         public int? PlanningToRetakeGcseScienceId { get; set; }
 
+        [SensitiveData]
         public string Email { get; set; }
+        [SensitiveData]
         public string FirstName { get; set; }
+        [SensitiveData]
         public string LastName { get; set; }
         [SwaggerSchema(Format = "date")]
+        [SensitiveData]
         public DateTime? DateOfBirth { get; set; }
+        [SensitiveData]
         public string TeacherId { get; set; }
         public string DegreeSubject { get; set; }
+        [SensitiveData]
         public string Telephone { get; set; }
+        [SensitiveData]
         public string AddressLine1 { get; set; }
+        [SensitiveData]
         public string AddressLine2 { get; set; }
         public string AddressCity { get; set; }
+        [SensitiveData]
         public string AddressPostcode { get; set; }
         [SwaggerSchema(WriteOnly = true)]
         public DateTime? PhoneCallScheduledAt { get; set; }

GetIntoTeachingApi/Models/TeachingEvent.cs

@@ -7,6 +7,7 @@
 
 namespace GetIntoTeachingApi.Models
 {
+    [Loggable]
     [Entity("msevtmgt_event")]
     public class TeachingEvent : BaseModel
     {

GetIntoTeachingApi/Models/TeachingEventAddAttendee.cs

@@ -1,10 +1,12 @@
 using System;
 using System.Linq;
 using System.Text.Json.Serialization;
+using GetIntoTeachingApi.Attributes;
 using Swashbuckle.AspNetCore.Annotations;
 
 namespace GetIntoTeachingApi.Models
 {
+    [Loggable]
     public class TeachingEventAddAttendee
     {
         public Guid? CandidateId { get; set; }
@@ -19,10 +21,15 @@ public class TeachingEventAddAttendee
         public int? ConsiderationJourneyStageId { get; set; }
         public int? DegreeStatusId { get; set; }
 
+        [SensitiveData]
         public string Email { get; set; }
+        [SensitiveData]
         public string FirstName { get; set; }
+        [SensitiveData]
         public string LastName { get; set; }
+        [SensitiveData]
         public string AddressPostcode { get; set; }
+        [SensitiveData]
         public string Telephone { get; set; }
         [SwaggerSchema(ReadOnly = true)]
         public bool SubscribeToEvents => AddressPostcode != null && SubscribeToMailingList;

GetIntoTeachingApi/Models/TeachingEventBuilding.cs

@@ -8,6 +8,7 @@
 
 namespace GetIntoTeachingApi.Models
 {
+    [Loggable]
     [Entity("msevtmgt_building")]
     public class TeachingEventBuilding : BaseModel
     {