feat: add access logging middleware and disable default uvicorn access log
This commit is contained in:
Lorenzo Venerandi
28
src/app.py
28
src/app.py
@@ -16,7 +16,7 @@ from config import get_config
|
|||||||
from tracker import AccessTracker, set_tracker
|
from tracker import AccessTracker, set_tracker
|
||||||
from database import initialize_database
|
from database import initialize_database
|
||||||
from tasks_master import get_tasksmaster
|
from tasks_master import get_tasksmaster
|
||||||
from logger import initialize_logging, get_app_logger
|
from logger import initialize_logging, get_app_logger, get_access_logger
|
||||||
from generators import random_server_header
|
from generators import random_server_header
|
||||||
|
|
||||||
|
|
||||||
@@ -121,11 +121,35 @@ def create_app() -> FastAPI:
|
|||||||
|
|
||||||
application.add_middleware(DeceptionMiddleware)
|
application.add_middleware(DeceptionMiddleware)
|
||||||
|
|
||||||
# Banned IP check middleware (outermost — runs first on request)
|
# Banned IP check middleware
|
||||||
from middleware.ban_check import BanCheckMiddleware
|
from middleware.ban_check import BanCheckMiddleware
|
||||||
|
|
||||||
application.add_middleware(BanCheckMiddleware)
|
application.add_middleware(BanCheckMiddleware)
|
||||||
|
|
||||||
|
# Access log middleware (outermost — logs every request with real client IP)
|
||||||
|
@application.middleware("http")
|
||||||
|
async def access_log_middleware(request: Request, call_next):
|
||||||
|
response: Response = await call_next(request)
|
||||||
|
from dependencies import get_client_ip
|
||||||
|
|
||||||
|
client_ip = get_client_ip(request)
|
||||||
|
path = request.url.path
|
||||||
|
method = request.method
|
||||||
|
status = response.status_code
|
||||||
|
access_logger = get_access_logger()
|
||||||
|
|
||||||
|
user_agent = request.headers.get("User-Agent", "")
|
||||||
|
tracker = request.app.state.tracker
|
||||||
|
suspicious = tracker.is_suspicious_user_agent(user_agent)
|
||||||
|
|
||||||
|
if suspicious:
|
||||||
|
access_logger.warning(
|
||||||
|
f"[SUSPICIOUS] [{method}] {client_ip} - {path} - {status} - {user_agent[:50]}"
|
||||||
|
)
|
||||||
|
else:
|
||||||
|
access_logger.info(f"[{method}] {client_ip} - {path} - {status}")
|
||||||
|
return response
|
||||||
|
|
||||||
# Mount static files for the dashboard
|
# Mount static files for the dashboard
|
||||||
config = get_config()
|
config = get_config()
|
||||||
secret = config.dashboard_secret_path.lstrip("/")
|
secret = config.dashboard_secret_path.lstrip("/")
|
||||||
|
|||||||
@@ -112,6 +112,10 @@ class LoggerManager:
|
|||||||
credential_file_handler.setFormatter(credential_format)
|
credential_file_handler.setFormatter(credential_format)
|
||||||
self._credential_logger.addHandler(credential_file_handler)
|
self._credential_logger.addHandler(credential_file_handler)
|
||||||
|
|
||||||
|
# Disable uvicorn's default access log to avoid duplicate entries
|
||||||
|
# with the wrong (proxy) IP. Our custom access logger handles this.
|
||||||
|
logging.getLogger("uvicorn.access").setLevel(logging.WARNING)
|
||||||
|
|
||||||
self._initialized = True
|
self._initialized = True
|
||||||
|
|
||||||
@property
|
@property
|
||||||
|
|||||||
Reference in New Issue
Block a user