refactor(be): request logging

[krystxf]

Changes

• create separate table for request logs
• remove old logs to avoid running out of space
• log user-agent & response to detect issues

Summary by CodeRabbit

Release Notes

• New Features

  • Introduced a new RequestLog table for enhanced logging of HTTP requests.
  • Added LogsCleanupModule for automatic cleanup of old request logs.
  • Implemented RequestLoggerMiddleware to log request details to the database.
  • Added a scheduled task for periodic log cleanup every 10 minutes.

• Improvements

  • Simplified interceptor usage in multiple controllers by removing unnecessary logging interceptors.

• Bug Fixes

  • Ensured existing query validation logic remains intact in controllers.

These updates enhance the application's logging capabilities and maintain the integrity of existing functionalities.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
metro-now	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Dec 7, 2024 9:05pm

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

A new SQL migration has been introduced to create a RequestLog table in the database, capturing details about HTTP requests. This includes fields for the request method, path, status, duration, response body, user agent, and creation timestamp. Additionally, a new RequestLoggerMiddleware has been implemented to log these details, and the AppModule has been updated to use this middleware. The logging system has been enhanced with a new LogsCleanupModule to manage log cleanup operations, while several controllers have been updated to remove the previous logging interceptor.

Changes

File Path	Change Summary
apps/backend/prisma/migrations/.../migration.sql	Created RequestLog table with specified columns (id, method, path, status, duration, response, userAgent, createdAt).
apps/backend/prisma/schema.prisma	Added RequestLog model with fields corresponding to the new table.
apps/backend/src/app.module.ts	Updated AppModule to implement NestModule, added configure method, and included LogsCleanupModule.
apps/backend/src/enums/log.enum.ts	Added REQUEST_LOGS_CLEANUP to LogMessage enum.
apps/backend/src/middleware/request-logger-middleware.ts	Introduced RequestLoggerMiddleware to log HTTP request details.
apps/backend/src/modules/departure/departure.controller.ts	Removed LogInterceptor from DepartureController.
apps/backend/src/modules/logger/log.interceptor.ts	Deleted LogInterceptor class.
apps/backend/src/modules/logs-cleanup/logs-cleanup.controller.ts	Added LogsCleanupController for managing log cleanup operations with scheduled tasks.
apps/backend/src/modules/logs-cleanup/logs-cleanup.module.ts	Created LogsCleanupModule with controller and service for log management.
apps/backend/src/modules/logs-cleanup/logs-cleanup.service.ts	Introduced LogsCleanupService to handle log cleanup logic.
apps/backend/src/modules/platform/platform.controller.ts	Removed LogInterceptor from PlatformController.
apps/backend/src/modules/stop/stop.controller.ts	Removed LogInterceptor from StopController.
apps/web/src/components/Footer/Footer.tsx	Updated QRCodeSVG component's level prop from "L" to "Q".
apps/web/src/components/Navbar/NavbarDownloadLink.tsx	Updated QRCodeSVG component's level prop from "L" to "Q".

Possibly related PRs

• refactor: backend structure #23: The main PR introduces a new RequestLog table and related schema changes, which could be relevant to the logging functionality discussed in PR feat(be): logging #28, where a new Log table and logging mechanisms were added.
• feat(be): logging #28: This PR focuses on logging enhancements, including the creation of a Log table and a LoggerMiddleware, which relates to the logging capabilities introduced in the main PR.
• fix(be): logging #32: This PR further modifies the logging setup, including changes to the Log model and the introduction of a trace field, which aligns with the logging features established in the main PR.
• feat(be): extend departure endpoint #35: The enhancements to the departure endpoint may involve logging aspects, particularly if the new features include logging requests or responses, which ties back to the logging changes in the main PR.
• feat(app): changeable icon #58: The addition of a changeable app icon may not directly relate to the main PR, but if the app's icon change involves logging user preferences or actions, it could be indirectly connected to the logging features introduced in the main PR.

Suggested labels

enhancement

---

📜 Recent review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 3749a52 and 019f1fd.

📒 Files selected for processing (2)

• apps/web/src/components/Footer/Footer.tsx (1 hunks)
• apps/web/src/components/Navbar/NavbarDownloadLink.tsx (1 hunks)

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 3

🧹 Outside diff range and nitpick comments (6)

apps/backend/prisma/migrations/20241205005919_request_logs/migration.sql (1)

2-13: Add indexes to improve query performance on the RequestLog table

To optimize database queries on the RequestLog table, consider adding indexes on columns that are frequently filtered or sorted upon, such as createdAt, method, path, or status.

Example of adding indexes:

CREATE INDEX idx_requestlog_createdat ON "RequestLog" ("createdAt");
CREATE INDEX idx_requestlog_method ON "RequestLog" ("method");
CREATE INDEX idx_requestlog_path ON "RequestLog" ("path");

apps/backend/src/modules/logs-cleanup/logs-cleanup.controller.ts (1)

6-6: Consider replacing @Controller with @Injectable for non-HTTP functionalities

Since LogsCleanupController does not handle any HTTP requests and is used for initializing and scheduling tasks, using @Controller may be misleading. Replacing it with @Injectable clarifies its purpose.

Apply this change:

-@Controller("logs-cleanup")
+@Injectable()

apps/backend/src/modules/logs-cleanup/logs-cleanup.service.ts (2)

7-7: Consider making MAX_COUNT configurable

The hardcoded limit of 500,000 records should be configurable through environment variables to allow for different environments and requirements.

-const MAX_COUNT = 500_000;
+const MAX_COUNT = Number(process.env.MAX_REQUEST_LOGS) || 500_000;

---

24-31: Consider implementing batch deletion

The current implementation might cause performance issues when deleting a large number of records at once. Consider implementing batch deletion to reduce database load.

Example approach:

const BATCH_SIZE = 1000;
let deleted = 0;
while (true) {
  const batch = await this.prisma.requestLog.findMany({
    where: { createdAt: { lte: last.createdAt } },
    take: BATCH_SIZE,
  });
  if (batch.length === 0) break;
  
  await this.prisma.requestLog.deleteMany({
    where: { 
      id: { in: batch.map(log => log.id) }
    }
  });
  deleted += batch.length;
}

apps/backend/src/app.module.ts (1)

45-47: Consider excluding health check and GraphQL playground routes

The current implementation logs all routes including health checks and GraphQL playground, which might generate unnecessary logs.

-consumer.apply(RequestLoggerMiddleware).forRoutes("*");
+consumer
+  .apply(RequestLoggerMiddleware)
+  .exclude(
+    "health",
+    { path: GRAPHQL_PATH, method: RequestMethod.GET } // GraphQL playground
+  )
+  .forRoutes("*");

apps/backend/prisma/schema.prisma (1)

82-92: Add documentation comments to the RequestLog model

Consider adding documentation comments to describe the purpose and fields of the model.

+/// Stores HTTP request logs for monitoring and debugging purposes
 model RequestLog {
   id        BigInt  @id @default(autoincrement())
+  /// HTTP method (GET, POST, etc.)
   method    String
+  /// Request path
   path      String
+  /// HTTP status code
   status    Int
+  /// Request duration in milliseconds
   duration  Int
+  /// Response body (if captured)
   response  String?
+  /// Client's user agent string
   userAgent String?

   createdAt DateTime @default(now())
 }

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 57eb3c9 and effb0e7.

📒 Files selected for processing (13)

• apps/backend/prisma/migrations/20241205005919_request_logs/migration.sql (1 hunks)
• apps/backend/prisma/schema.prisma (1 hunks)
• apps/backend/src/app.module.ts (3 hunks)
• apps/backend/src/enums/log.enum.ts (1 hunks)
• apps/backend/src/middleware/request-logger-middleware.ts (1 hunks)
• apps/backend/src/modules/departure/departure.controller.ts (1 hunks)
• apps/backend/src/modules/logger/log.interceptor.ts (0 hunks)
• apps/backend/src/modules/logs-cleanup/logs-cleanup.controller.ts (1 hunks)
• apps/backend/src/modules/logs-cleanup/logs-cleanup.module.ts (1 hunks)
• apps/backend/src/modules/logs-cleanup/logs-cleanup.service.ts (1 hunks)
• apps/backend/src/modules/platform/platform.controller.ts (1 hunks)
• apps/backend/src/modules/stop/stop.controller.ts (1 hunks)
• apps/web/src/app/not-found.tsx (0 hunks)

💤 Files with no reviewable changes (2)

• apps/backend/src/modules/logger/log.interceptor.ts
• apps/web/src/app/not-found.tsx

✅ Files skipped from review due to trivial changes (1)

• apps/backend/src/modules/logs-cleanup/logs-cleanup.module.ts

🧰 Additional context used

📓 Learnings (1)

apps/backend/prisma/schema.prisma (1)

Learnt from: krystxf
PR: krystxf/metro-now#28
File: backend-nest/prisma/schema.prisma:73-83
Timestamp: 2024-11-12T12:31:10.218Z
Learning: In the file `backend-nest/prisma/schema.prisma`, for the `Log` model, adding `userId` or `requestId` fields is unnecessary because the application currently doesn't have user registration or API keys.

🔇 Additional comments (3)

apps/backend/src/enums/log.enum.ts (1)

13-13: LGTM!

Adding REQUEST_LOGS_CLEANUP to the LogMessage enum enhances the clarity and consistency of log messages.

apps/backend/src/modules/stop/stop.controller.ts (1)

20-20: LGTM!

Removing LogInterceptor is appropriate as logging is now managed by RequestLoggerMiddleware. Continuing to use CacheInterceptor ensures caching behavior remains intact.

apps/backend/src/modules/platform/platform.controller.ts (1)

36-36: Verify logging coverage for platform endpoints

The removal of LogInterceptor aligns with the PR's objective to refactor request logging. However, we should verify that the new RequestLoggerMiddleware adequately captures all necessary information for these platform endpoints, especially for error cases and large response payloads.

✅ Verification successful

Let me gather more information about the middleware configuration and logging setup.

---

Let me check the implementation of the RequestLoggerMiddleware to verify its logging coverage.

---

Let me get the complete implementation of the middleware to verify error handling and logging details.

---

Logging coverage is properly implemented for platform endpoints

The RequestLoggerMiddleware is well-configured to handle all platform endpoints with comprehensive logging:

• Applied globally to all routes via forRoutes("*")
• Captures essential request data: method, path, user-agent, status code, and duration
• Properly handles response bodies with string/JSON serialization
• Includes error handling for logging failures
• Has specific handling for platform endpoints via the ignoreResponse check

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify that the new RequestLoggerMiddleware is properly configured to handle platform endpoints

# Check if RequestLoggerMiddleware is properly imported and configured in the app module
rg -l "RequestLoggerMiddleware" "apps/backend/src/app.module.ts"

# Check if the middleware is configured to handle all routes
ast-grep --pattern 'configure(consumer: MiddlewareConsumer) {
  $$$
  consumer
    .apply(RequestLoggerMiddleware)
    .forRoutes($$$)
}'

Length of output: 233

---

Script:

#!/bin/bash
# Check the actual configuration in app.module.ts
rg -A 10 "configure.*MiddlewareConsumer" apps/backend/src/app.module.ts

# Check the RequestLoggerMiddleware implementation
rg -l "class RequestLoggerMiddleware" apps/backend/src/

Length of output: 306

---

Script:

#!/bin/bash
# Check the implementation of RequestLoggerMiddleware
rg -A 20 "class RequestLoggerMiddleware" apps/backend/src/middleware/request-logger-middleware.ts

# Check if it handles response data and errors
rg "response\." apps/backend/src/middleware/request-logger-middleware.ts

Length of output: 956

---

Script:

#!/bin/bash
# Get the complete middleware implementation using cat
cat apps/backend/src/middleware/request-logger-middleware.ts

# Also check for any error handling patterns
rg -A 5 "catch|error" apps/backend/src/middleware/request-logger-middleware.ts

Length of output: 2386

[coderabbitai]

⚠️ Potential issue

Potential PII leakage from logging full response bodies

Storing the complete response body in the database may inadvertently capture sensitive or personally identifiable information (PII), leading to security and compliance risks. It's important to ensure that sensitive data is not logged.

Recommendations:

• Sanitize or redact sensitive information from the response before logging.
• Limit logging to metadata or summaries rather than full response bodies.
• Implement conditional logging to only log responses from non-sensitive endpoints.

[coderabbitai]

🛠️ Refactor suggestion

Add index and field constraints to RequestLog model

Consider the following improvements to optimize queries and ensure data integrity:

 model RequestLog {
   id        BigInt  @id @default(autoincrement())
-  method    String
+  method    String  @db.VarChar(10)
   path      String
-  status    Int
+  status    Int     @db.SmallInt
   duration  Int
   response  String?
   userAgent String?

   createdAt DateTime @default(now())
+
+  @@index([createdAt(sort: Desc)])
 }

The changes:

1. Add index on createdAt for faster cleanup queries
2. Limit method length as HTTP methods are short
3. Use SmallInt for status codes as they're small numbers

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	model RequestLog {
	id BigInt @id @default(autoincrement())
	method String
	path String
	status Int
	duration Int
	response String?
	userAgent String?
	createdAt DateTime @default(now())
	}
	model RequestLog {
	id BigInt @id @default(autoincrement())
	method String @db.VarChar(10)
	path String
	status Int @db.SmallInt
	duration Int
	response String?
	userAgent String?
	createdAt DateTime @default(now())
	@@index([createdAt(sort: Desc)])
	}

[coderabbitai]

💡 Codebase verification

Logging implementation for departure endpoints needs enhancement

The RequestLoggerMiddleware implementation has some limitations that should be addressed for departure endpoints:

1. Query parameters are not being logged, which is crucial for debugging complex departure queries
2. No response size limits or truncation logic is implemented, risking large payloads
3. No specific handling for cached responses is present

Required changes:

• Add req.query to the logged data for better debugging
• Implement response size limits to prevent storage issues
• Add cache hit/miss indicators in the logs

🔗 Analysis chain

Verify logging coverage for departure endpoints with complex queries

The removal of LogInterceptor is consistent with the logging refactor. However, these departure endpoints handle complex query parameters and potentially large response payloads. We should ensure that the new RequestLoggerMiddleware:

1. Properly captures all query parameters for debugging
2. Handles large response payloads efficiently
3. Respects the cache TTL when logging cached responses

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify logging configuration for departure endpoints

# Check if the middleware implements response size limits
rg -A 5 "class RequestLoggerMiddleware" | rg "response.*body|maxSize|truncate"

# Check if query parameter logging is implemented
ast-grep --pattern 'class RequestLoggerMiddleware {
  $$$
  log($$$) {
    $$$
    query: $$$
    $$$
  }
}'

# Check for cache-aware logging configuration
rg "CacheInterceptor.*RequestLoggerMiddleware|RequestLoggerMiddleware.*CacheInterceptor" -A 5

Length of output: 287

---

Script:

#!/bin/bash
# Let's try a different approach to find the middleware implementation

# Find the middleware file first
fd "request.*logger.*middleware" --type f

# Search for logging-related patterns in the codebase
rg -g "!{test,spec}*" "implements.*NestMiddleware|extends.*NestMiddleware" -A 5

# Look for request/response logging patterns
rg -g "!{test,spec}*" "class.*Logger|class.*Log" -A 10

# Check for query parameter handling in the codebase
rg -g "!{test,spec}*" "req\.query|request\.query" -A 3

Length of output: 5062

---

Script:

#!/bin/bash
# Let's examine the request logger middleware implementation in detail

# Check the complete implementation of request logger middleware
cat apps/backend/src/middleware/request-logger-middleware.ts

# Look for request log schema to understand what's being logged
fd "prisma.schema" --type f --exec cat {}

# Check for any configuration related to response size limits
fd "config|constants" --type f | rg -i "log|size|limit" --files-with-matches | xargs cat

Length of output: 2297

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (1)

apps/backend/src/app.module.ts (1)

31-31: Consider grouping related modules together

The LogsCleanupModule and LoggerModule are related to logging functionality but are separated in the imports array. Consider grouping them together for better code organization.

        PrismaModule,
        LoggerModule,
+       LogsCleanupModule,
        StatusModule,
        GtfsModule,
        RouteModule,
-       LogsCleanupModule,
        ConfigModule.forRoot(configModuleConfig),

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between effb0e7 and 3749a52.

📒 Files selected for processing (12)

• apps/backend/prisma/migrations/20241205005919_request_logs/migration.sql (1 hunks)
• apps/backend/prisma/schema.prisma (1 hunks)
• apps/backend/src/app.module.ts (3 hunks)
• apps/backend/src/enums/log.enum.ts (1 hunks)
• apps/backend/src/middleware/request-logger-middleware.ts (1 hunks)
• apps/backend/src/modules/departure/departure.controller.ts (1 hunks)
• apps/backend/src/modules/logger/log.interceptor.ts (0 hunks)
• apps/backend/src/modules/logs-cleanup/logs-cleanup.controller.ts (1 hunks)
• apps/backend/src/modules/logs-cleanup/logs-cleanup.module.ts (1 hunks)
• apps/backend/src/modules/logs-cleanup/logs-cleanup.service.ts (1 hunks)
• apps/backend/src/modules/platform/platform.controller.ts (1 hunks)
• apps/backend/src/modules/stop/stop.controller.ts (1 hunks)

💤 Files with no reviewable changes (1)

• apps/backend/src/modules/logger/log.interceptor.ts

🚧 Files skipped from review as they are similar to previous changes (10)

• apps/backend/src/enums/log.enum.ts
• apps/backend/src/modules/logs-cleanup/logs-cleanup.module.ts
• apps/backend/prisma/schema.prisma
• apps/backend/src/modules/stop/stop.controller.ts
• apps/backend/src/middleware/request-logger-middleware.ts
• apps/backend/src/modules/platform/platform.controller.ts
• apps/backend/src/modules/departure/departure.controller.ts
• apps/backend/src/modules/logs-cleanup/logs-cleanup.controller.ts
• apps/backend/src/modules/logs-cleanup/logs-cleanup.service.ts
• apps/backend/prisma/migrations/20241205005919_request_logs/migration.sql

🔇 Additional comments (2)

apps/backend/src/app.module.ts (2)

3-3: LGTM: Import statements are well-organized

The new imports are properly structured and align with the middleware implementation requirements.

Also applies to: 11-11, 16-16

---

48-52: Consider middleware application strategy

The middleware is currently applied to all routes (*). This might have some implications:

1. It will log all requests, including GraphQL operations at GRAPHQL_PATH
2. Health checks and metrics endpoints might get logged unnecessarily
3. High-traffic applications might generate excessive logs

Consider adding exclusion patterns for specific routes where logging isn't critical.