feat(logging): add NanoShare wide event instrumentation
Build and Push Docker Container / build-and-push (push) Failing after 51s
Build and Push Docker Container / build-and-push (push) Failing after 51s
- Register quart_common wide-event logging during app setup so every HTTP request emits one canonical structured event. - Replace the inline security middleware with reusable quart_common security middleware wiring and move skip path configuration into app constants. - Add NanoShare-specific wide-event context for health checks, auth/error handlers, file list/edit/delete/serve flows and upload outcomes. - Rename runtime logging/project metadata from simple-picoshare to nanoshare where it is emitted in service context. - Update my_helpers and quart_common submodules for Convex/wide-event integration and reusable security middleware support. - Add NanoShare middleware tests covering safe user context, client IP enrichment, missing Convex handling and Convex security lookup failures.
This commit is contained in:
@@ -19,6 +19,9 @@ API_GROUP = os.getenv("API_GROUP", 'NanoShare')
|
||||
|
||||
THE_IP_BOT_MANAGER = TheIPManager()
|
||||
|
||||
SKIP_PATH_PREFIXES = ("/static", "/storage")
|
||||
SKIP_PATHS = ("/favicon.ico",)
|
||||
|
||||
# Blocke IPs (Bots, Hackers)
|
||||
BLOCKED_IPS_ACCESSING_TIMES = int(os.getenv("BLOCKE_IPS_AFTER_ACCESSING_HOWMANY_TIME", 5))
|
||||
BLOCKED_IPS_STORED_TIMEFRAME = int(os.getenv("BLOCKE_IPS_STORE_KEYS_TIMEFRAME", 3600))
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
from quart_common.web.logger import build_logger
|
||||
|
||||
logger = build_logger(name="simple-picoshare")
|
||||
logger = build_logger(name="nanoshare")
|
||||
|
||||
@@ -9,6 +9,7 @@ from my_modules.app.constens import SECRET_KEY, THE_IP_BOT_MANAGER
|
||||
from my_modules.OrphanStorageIdRegistry import OrphanStorageIdRegistry
|
||||
from my_modules.AsyncCache import AsyncCache
|
||||
from my_modules.app.logger import logger
|
||||
from quart_common.web.wide_event import register_wide_event_logging
|
||||
|
||||
from my_helpers.db.convex.ConvexRuntime import ConvexRuntime
|
||||
from my_helpers.db.convex.ConvexWorkerPool import ConvexWorkerPool
|
||||
@@ -26,6 +27,7 @@ app = Quart(__name__,
|
||||
static_folder="../../templates/static",
|
||||
)
|
||||
app.config['MAX_CONTENT_LENGTH'] = 1024 * 1024 * 1024
|
||||
register_wide_event_logging(app, logger)
|
||||
|
||||
app.secret_key = SECRET_KEY
|
||||
|
||||
|
||||
+12
-36
@@ -1,47 +1,23 @@
|
||||
from routes.handeling.errorsAndBots import maybe_a_hacker
|
||||
|
||||
from my_modules.app.constens import THE_IP_BOT_MANAGER
|
||||
from my_modules.app.constens import THE_IP_BOT_MANAGER, SKIP_PATH_PREFIXES, SKIP_PATHS
|
||||
from my_modules.app.logger import logger
|
||||
from my_modules.functions import get_ip
|
||||
from my_modules.app.setup import app
|
||||
from quart_common.web.security_middleware import register_security_middleware
|
||||
|
||||
from quart import request, render_template, current_app, session
|
||||
from quart import session
|
||||
from datetime import datetime
|
||||
|
||||
@app.before_request
|
||||
async def custom_middleware():
|
||||
if session.get('user'): # only if session already has data, update redis expire time
|
||||
session.permanent = True
|
||||
|
||||
client_ip = get_ip()
|
||||
path = request.path
|
||||
method = request.method
|
||||
|
||||
db_whitelisted_or_blocked = await current_app.convex.is_ip_address_whitelisted_or_blocked(ip_address=client_ip)
|
||||
|
||||
# Skip allowed IPs or non-critical assets
|
||||
if (
|
||||
db_whitelisted_or_blocked['whiteliste']
|
||||
or THE_IP_BOT_MANAGER.is_client_ip_always_allowed(client_ip)
|
||||
or "static" in path
|
||||
or "favicon" in path
|
||||
or "storage" in path
|
||||
):
|
||||
return
|
||||
|
||||
# 2. If IP is already blocked
|
||||
if db_whitelisted_or_blocked['blocked']:
|
||||
await logger.error(f"[BLOCKED] {method} | {client_ip} tried {method} {path}")
|
||||
await current_app.convex.increment_blocked_ip_address_access(ip_address=client_ip, method=method, path=path)
|
||||
return await render_template("views/basics/blocked_access.htm", remote_addr=client_ip), 403
|
||||
|
||||
# 3. If path contains honeypot targets
|
||||
if await current_app.convex.is_path_blocked(path=path):
|
||||
await logger.warning(f"[HONEYPOT] {method} | {client_ip} accessed {path}")
|
||||
await current_app.convex.increment_blocked_path_access(path=path)
|
||||
return await maybe_a_hacker()
|
||||
|
||||
await logger.info(f"{method} | {client_ip} had accessed the Side {path}")
|
||||
custom_middleware = register_security_middleware(
|
||||
app,
|
||||
logger=logger,
|
||||
ip_bot_manager=THE_IP_BOT_MANAGER,
|
||||
get_ip=get_ip,
|
||||
maybe_hacker_fn=maybe_a_hacker,
|
||||
skip_paths=SKIP_PATHS,
|
||||
skip_path_prefixes=SKIP_PATH_PREFIXES,
|
||||
)
|
||||
|
||||
@app.context_processor
|
||||
async def inject_context_data():
|
||||
|
||||
Reference in New Issue
Block a user