Feat/logger and api logger #69
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
alexanderleegs
requested changes
Nov 20, 2020
There was a problem hiding this comment.
Left comments. Also, regarding the information that we log in the API logger - does the request body have any important information we should be logging? It's mostly made of encrypted content, which may not be very useful in debugging - let me know what you think about this
added 9 commits
November 20, 2020 10:08
This commit installs the necessary dependencies for the logger component. The reason we need a separate logger, which logs to CloudWatch directly, is because the EC2 instance that our server is running on might batches log statements before sending them to CloudWatch. Logs might fail to get sent if the EC2 cloudwatch daemon is corrupted or fails in some way. This external logger will send logs instantly to CloudWatch so we have a fallback source of logs. We chose to use the Winston logger as we have had success using it for the homer project. this commit also installs the aws sdk as we need to retrieve the EC2 instance id to log to the correct cloudwatch log group.
This commit adds a CloudWatchLogger class which uses the singleton pattern. Since a logger does not hold any state, it makes sense to use the singleton pattern. This logger attempts to connect to and log directly to cloudwatch if in a production environment (NODE_ENV = prod or staging) and logs directly to console if in dev mode. In other words, in a prod environment we log both directly to cloudwatch and to console, so we have two sets of logs as a fallback mechanism. In particular, our cloudwatch only logs provide a clean application log which make it easier to debug our own operations.
This commit removes try-catch statements that we were supposed to remove in PR #63 but which we forgot to do so. These blocks are no longer needed since we have a central error handler which deals with errors.
This commit replaces existing usage of console.log with our new logger class' `logger.info` method
This commit retrieves a user's GitHub id during the login authentication stage for auditing purposes so that we can log user actions when they perform actions on the CMS.
This commit extracts the newly added user_id attribute from the JWT during the request authentication stage and attaches it to the request object. This allows us to identify user logs by their GitHub user id instead of an unidentifiable access token string.
Previously, we erroneously assigned the logout endpoint the `noVerify` auth function. However, the logout endpoint should not be accesible to users who have not logged in, therefore it should be a protected endpoint.
This commit adds an api logger middleware which logs all api requests that have been submitted to the server for auditing purposes. Note that this middleware is added AFTER the auth middleware instead of before - that's because we're reliant on the auth middleware to add the user id to the request object which will allow our api logs to be identifiable.
This commit modifies the API logger so that we log the request body. The request body usually contains encrypted post content, and the relevant file sha, which isn't important to us when we're sifting the logs. Furthermore, we can identify the files being changes simply by looking at the request path and date-time of the request - from these, we would be able to identify the file being changed and also identify the file version from the date-time of teh request. that useful to us when we
kwajiehao
force-pushed
the
feat/api-logger
branch
from
ab50f9b to
71f2ffc
Compare
Removed logging of request body in 71f2ffc |
Currently, the logout endpoint is protected by the `verifyJwt` auth function. However, this prevents auto-logout functionality for when a user's token expires, leaving them stuck in the UI with a useless JWT which is incapable of making successful API calls. This commit reverts the endpoint to be unprotected to fix this problem.
harishv7
pushed a commit
that referenced
this pull request
Feb 17, 2023
* chore: install dependencies needed for logger component This commit installs the necessary dependencies for the logger component. The reason we need a separate logger, which logs to CloudWatch directly, is because the EC2 instance that our server is running on might batches log statements before sending them to CloudWatch. Logs might fail to get sent if the EC2 cloudwatch daemon is corrupted or fails in some way. This external logger will send logs instantly to CloudWatch so we have a fallback source of logs. We chose to use the Winston logger as we have had success using it for the homer project. this commit also installs the aws sdk as we need to retrieve the EC2 instance id to log to the correct cloudwatch log group. * feat: add singleton CloudWatchLogger class This commit adds a CloudWatchLogger class which uses the singleton pattern. Since a logger does not hold any state, it makes sense to use the singleton pattern. This logger attempts to connect to and log directly to cloudwatch if in a production environment (NODE_ENV = prod or staging) and logs directly to console if in dev mode. In other words, in a prod environment we log both directly to cloudwatch and to console, so we have two sets of logs as a fallback mechanism. In particular, our cloudwatch only logs provide a clean application log which make it easier to debug our own operations. * chore: remove try-catch statements This commit removes try-catch statements that we were supposed to remove in PR #63 but which we forgot to do so. These blocks are no longer needed since we have a central error handler which deals with errors. * feat: replace existing usage of console.log This commit replaces existing usage of console.log with our new logger class' `logger.info` method * feat: retrieve user id for logging purposes This commit retrieves a user's GitHub id during the login authentication stage for auditing purposes so that we can log user actions when they perform actions on the CMS. * feat: add userId attribute to request object in auth middleware This commit extracts the newly added user_id attribute from the JWT during the request authentication stage and attaches it to the request object. This allows us to identify user logs by their GitHub user id instead of an unidentifiable access token string. * fix: assign verifyJwt auth function to logout endpoint Previously, we erroneously assigned the logout endpoint the `noVerify` auth function. However, the logout endpoint should not be accesible to users who have not logged in, therefore it should be a protected endpoint. * feat: add api-logging middleware This commit adds an api logger middleware which logs all api requests that have been submitted to the server for auditing purposes. Note that this middleware is added AFTER the auth middleware instead of before - that's because we're reliant on the auth middleware to add the user id to the request object which will allow our api logs to be identifiable. * fix: remove logging of request body This commit modifies the API logger so that we log the request body. The request body usually contains encrypted post content, and the relevant file sha, which isn't important to us when we're sifting the logs. Furthermore, we can identify the files being changes simply by looking at the request path and date-time of the request - from these, we would be able to identify the file being changed and also identify the file version from the date-time of teh request. that useful to us when we * fix: unprotect logout endpoint Currently, the logout endpoint is protected by the `verifyJwt` auth function. However, this prevents auto-logout functionality for when a user's token expires, leaving them stuck in the UI with a useless JWT which is incapable of making successful API calls. This commit reverts the endpoint to be unprotected to fix this problem. Co-authored-by: Jie Hao Kwa <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
This PR goes some way to addressing the logging needs of the project. It accomplishes the following:
CloudWatchLoggerclass which uses theWinstonpackage to log directly to CloudWatchapiLoggermiddleware which logs all API requests to our serverThese changes help with log reliability, auditing, and log identifiability.