feat: add access logging middleware and disable default uvicorn access log

2026-03-09 17:54:35 +01:00
parent fb70e497a3
commit 40f1051d1f
2 changed files with 30 additions and 2 deletions
--- a/src/app.py
+++ b/src/app.py
@@ -16,7 +16,7 @@ from config import get_config
 from tracker import AccessTracker, set_tracker
 from database import initialize_database
 from tasks_master import get_tasksmaster
-from logger import initialize_logging, get_app_logger
+from logger import initialize_logging, get_app_logger, get_access_logger
 from generators import random_server_header


@@ -121,11 +121,35 @@ def create_app() -> FastAPI:

    application.add_middleware(DeceptionMiddleware)

-    # Banned IP check middleware (outermost — runs first on request)
+    # Banned IP check middleware
    from middleware.ban_check import BanCheckMiddleware

    application.add_middleware(BanCheckMiddleware)

+    # Access log middleware (outermost — logs every request with real client IP)
+    @application.middleware("http")
+    async def access_log_middleware(request: Request, call_next):
+        response: Response = await call_next(request)
+        from dependencies import get_client_ip
+
+        client_ip = get_client_ip(request)
+        path = request.url.path
+        method = request.method
+        status = response.status_code
+        access_logger = get_access_logger()
+
+        user_agent = request.headers.get("User-Agent", "")
+        tracker = request.app.state.tracker
+        suspicious = tracker.is_suspicious_user_agent(user_agent)
+
+        if suspicious:
+            access_logger.warning(
+                f"[SUSPICIOUS] [{method}] {client_ip} - {path} - {status} - {user_agent[:50]}"
+            )
+        else:
+            access_logger.info(f"[{method}] {client_ip} - {path} - {status}")
+        return response
+
    # Mount static files for the dashboard
    config = get_config()
    secret = config.dashboard_secret_path.lstrip("/")
--- a/src/logger.py
+++ b/src/logger.py
@@ -112,6 +112,10 @@ class LoggerManager:
        credential_file_handler.setFormatter(credential_format)
        self._credential_logger.addHandler(credential_file_handler)

+        # Disable uvicorn's default access log to avoid duplicate entries
+        # with the wrong (proxy) IP. Our custom access logger handles this.
+        logging.getLogger("uvicorn.access").setLevel(logging.WARNING)
+
        self._initialized = True

    @property