feat: add middleware to log client IP for every API request#705
Open
Xaxxoo wants to merge 1 commit into
Open
Conversation
Closes SoroScan#426 - Add ClientIPLoggingMiddleware that extracts REMOTE_ADDR (already corrected by ReverseProxyFixedIPMiddleware) and logs the HTTP method, path, and client IP via the soroscan.ip_access logger. - Static-asset paths (/static/, /media/, /favicon.ico) are excluded to avoid noise. - Register middleware in MIDDLEWARE after ReverseProxyFixedIPMiddleware so the IP is already resolved when the log entry is written. - Add soroscan.ip_access logger config in settings.py. - Add test_ip_logging_middleware.py covering: normal requests, static exclusion, unknown-IP fallback, extra log-record fields, and proxy-resolved IP.
|
@Xaxxoo Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #426
Summary
ClientIPLoggingMiddlewaretosoroscan/middleware.pythat logs the HTTP method, request path, and client IP (fromREMOTE_ADDR) for every non-static API request via thesoroscan.ip_accesslogger.MIDDLEWAREimmediately afterReverseProxyFixedIPMiddlewaresoREMOTE_ADDRalready holds the real client IP when resolved throughX-Forwarded-For./static/,/media/,/favicon.ico) are skipped to avoid log noise.soroscan.ip_accesslogger insettings.py.Test plan
test_logs_method_path_and_ip— confirms method, path, and IP appear in log outputtest_logs_post_request— verifies POST requests are loggedtest_static_files_not_logged— static/media/favicon paths produce no log recordstest_unknown_ip_fallback— missingREMOTE_ADDRlogs"unknown"test_extra_fields_attached—client_ip,method,pathare present as log-record extrastest_proxy_ip_used_after_remote_addr_override— IP already resolved by proxy middleware is logged correctly