Draft
Conversation
- Remove commit_db_session - Add status code - Add /api/access_logs route and schema - Add datetime-aware logic in query parser
Author
|
Out of curiosity I'm gonna give copilot a review (note to self: don't ping it or else it will do work...) |
There was a problem hiding this comment.
Pull request overview
Adds server-side access logging for state-changing HTTP requests and exposes an admin-only endpoint to query those logs, alongside a schema/migration update to persist richer request metadata and support unix-timestamp filtering.
Changes:
- Add HTTP middleware to log POST/PUT/PATCH/DELETE requests (method, route, query string, payload, status) into the
accesstable. - Introduce
/access_logsadmin route +AccessGetschema and add tests for access logging behavior. - Update query parsing to cast datetime filters from unix timestamps; migrate
access.payloadto JSONB and add new columns.
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| userapp/main.py | Adds access-logging middleware that inserts Access rows after request handling. |
| userapp/core/models/tables.py | Expands Access model (method/query_string/status) and changes payload to JSONB. |
| alembic/versions/a095c68f3ad3_move_access_table_to_use_jsonb_for_.py | Migrates access table schema to match new logging fields. |
| userapp/api/routes/access.py | Adds /access_logs admin-only listing endpoint. |
| userapp/core/schemas/access.py | Adds response schema for access-log entries. |
| userapp/api/routes/init.py | Registers the new access router. |
| userapp/api/routes/security.py | Stores auth token data on request.state for middleware access. |
| userapp/query_parser.py | Adds unix-timestamp → datetime casting for filters. |
| userapp/api/tests/test_access_log.py | Adds tests validating logging behavior and access controls. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…p-api into access-logging
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds access logging to POST/PUT/PATCH/DELETE endpoints
Full list of changes:
accesstable to include payload, method, query_string and status{"raw_body": "utf-8 string"}/access_logsroute and schema to access logscommit_db_sessionmiddleware (FastAPI automatically commits when destroying async_session_maker, lead to funkiness with interacting with the session from a different middleware)Also the target of this PR is active_field just to display the changes made on top of that branch.
Resolves CHTC/chtc-user-ui#43