-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add middleware to log all post requests #397
Conversation
WalkthroughThe changes introduce a new middleware class, Changes
Poem
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 1
🧹 Outside diff range and nitpick comments (1)
fyle_xero_api/logging_middleware.py (1)
31-47
: Summary: New middleware for logging POST/PUT requestsThe addition of
LogPostRequestMiddleware
enhances the application's logging capabilities by capturing details of POST and PUT requests. This can be valuable for debugging and monitoring purposes. However, there are important considerations:
- Security and Privacy: Ensure that sensitive data is not inadvertently logged.
- Performance: Be mindful of the potential impact on application performance, especially with large payloads.
- Error Handling: The current implementation could benefit from more specific exception handling.
- Compliance: Verify that this logging aligns with relevant data protection regulations.
Before merging this PR, consider the following:
- Implement data filtering or masking for sensitive information.
- Add configuration options to control logging behavior (e.g., enable/disable for specific endpoints, set payload size limits).
- Review and update error handling as suggested in previous comments.
- Ensure that this logging aligns with your overall application monitoring and debugging strategy.
These changes significantly alter the application's behavior in terms of data logging. Ensure that all stakeholders are aware of these changes and that they align with the project's requirements and compliance needs.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (2)
- fyle_xero_api/logging_middleware.py (2 hunks)
- fyle_xero_api/settings.py (1 hunks)
🧰 Additional context used
🔇 Additional comments (3)
fyle_xero_api/logging_middleware.py (2)
32-33
: LGTM: Correct initialization of middlewareThe
__init__
method correctly initializes the middleware by storing theget_response
function. This follows the standard Django middleware initialization pattern.
31-47
:⚠️ Potential issueConsider security and performance implications of logging all POST/PUT requests
While logging requests can be useful for debugging, there are several concerns to address:
- Security: Logging entire request bodies may expose sensitive data (e.g., passwords, tokens).
- Performance: Logging large payloads could impact application performance.
- Compliance: Storing personal data in logs might violate data protection regulations (e.g., GDPR).
Consider the following improvements:
- Implement request body filtering to exclude or mask sensitive fields.
- Add size limits for logged payloads to prevent performance issues.
- Ensure compliance with relevant data protection regulations.
- Add configuration options to enable/disable logging for specific endpoints.
Example implementation for filtering sensitive data:
import re def filter_sensitive_data(data): sensitive_fields = ['password', 'token', 'credit_card'] filtered_data = data.copy() for field in sensitive_fields: if field in filtered_data: filtered_data[field] = '[REDACTED]' return filtered_data # In the __call__ method: request_body = json.loads(body_unicode) filtered_body = filter_sensitive_data(request_body) logger.info("POST request to %s: %s", request.path, filtered_body)To check for potential sensitive data exposure, run:
fyle_xero_api/settings.py (1)
63-63
: LGTM. Verify middleware implementation and consider performance impact.The addition of
LogPostRequestMiddleware
aligns with the PR objective to log all POST requests. Its placement in the middleware stack is appropriate.Please run the following script to verify the middleware implementation:
Consider the performance impact of logging all POST (and possibly PUT) requests, especially for high-traffic environments. You might want to implement sampling or other performance optimization techniques if not already in place.
def __call__(self, request): | ||
if request.method in ['POST', 'PUT']: | ||
try: | ||
body_unicode = request.body.decode('utf-8') | ||
request_body = json.loads(body_unicode) | ||
logger.info("POST request to %s: %s", request.path, request_body) | ||
except (json.JSONDecodeError, UnicodeDecodeError): | ||
logger.warning("Failed to decode POST request body for %s", request.path) | ||
except Exception as e: | ||
logger.info('Something went wrong when logging post call - %s', e) | ||
|
||
response = self.get_response(request) | ||
return response |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🛠️ Refactor suggestion
Improve error handling and logging in the __call__
method
The current implementation is good, but there are a few areas for improvement:
- The general
except Exception
block on line 43 could be more specific to avoid catching unexpected errors. - The warning log on line 42 could include more details about the failure, such as the exception message.
Consider refactoring the method as follows:
def __call__(self, request):
if request.method in ['POST', 'PUT']:
try:
body_unicode = request.body.decode('utf-8')
request_body = json.loads(body_unicode)
logger.info("POST request to %s: %s", request.path, request_body)
except json.JSONDecodeError as e:
logger.warning("Failed to decode JSON in POST request body for %s: %s", request.path, str(e))
except UnicodeDecodeError as e:
logger.warning("Failed to decode Unicode in POST request body for %s: %s", request.path, str(e))
except Exception as e:
logger.error("Unexpected error when logging POST request to %s: %s", request.path, str(e))
response = self.get_response(request)
return response
This refactoring:
- Separates the
JSONDecodeError
andUnicodeDecodeError
exceptions for more specific error handling. - Includes the exception message in the warning logs for better debugging.
- Changes the general exception log to an error level and includes more context.
|
https://app.clickup.com/1864988/v/l/6-901603904304-1