feat(server): add request logging middleware with request IDs#807
Open
Dayz-tech-co wants to merge 948 commits into
Open
feat(server): add request logging middleware with request IDs#807Dayz-tech-co wants to merge 948 commits into
Dayz-tech-co wants to merge 948 commits into
Conversation
feat: implement persistent theme toggle with FOUC prevention bakeronchain#61
- Add client-side validation for title, description, URL format, and funding amount - Implement accessible inline errors with aria-invalid and role=alert - Add character count displays with yellow warning near limits - Show spinner in submit button during pending transaction state - Add in-page success screen with proposal ID and links Closes bakeronchain#508
- Rename contract headings from .sol to Soroban snake_case names - Replace ERC20 with SEP-41 fungible token, ERC721 with SEP-41 NFT - Update Tech Stack table: Rust (Stellar Soroban), React 19 + Stellar Design System - Remove EVM-compatible L2 and MetaMask references Closes bakeronchain#112
CI already enforces formatting and linting via contracts-ci.yml. This commit adds the .rustfmt.toml config file (edition 2024, max_width 100) and documents the cargo fmt/clippy commands in the README dev setup so contributors can run checks locally before submitting a PR. Closes bakeronchain#126
- Remove GuessTheNumber game and Sample Contracts scaffold section - Add hero with 'Start Learning' (→ /courses) and 'Fund a Scholar' (→ /treasury) CTAs - Add How It Works 3-step section (Learn → Earn → Get Funded) - Add stats bar: 6 Core Contracts | 3 Skill Tracks | Built on Stellar - Add 'Join the open-source sprint' CTA banner linking to GitHub Issues - Keep course progress section (only shown when user is enrolled) - Keep ScholarNFTs / Automated Funding / Community DAO feature cards Closes bakeronchain#108
…ue-113-readme-badges docs: add build status, license, Stellar, and contributions badges
…e-112-readme-soroban docs: replace Solidity/.sol references with Soroban/Rust in README
…ue-126-cargo-ci ci: add .rustfmt.toml and document cargo fmt/clippy in README
…ue-108-landing-page feat(home): replace scaffold page with LearnVault landing page
…dentials Fix profile real credentials
…tract-upgrades Implement Soroban upgrade path for V1 contracts
…xample-vars docs: add complete env example
…or-states implemented missing empty and error states
feat: add pagination to governance proposals list
feat: centralize contract addresses in src/constants/contracts.ts
fix: Replace LRNBalanceWidget mock data with real LearnToken contract calls bakeronchain#209
feat(treasury): hookify treasury page with /api/treasury/stats + /api…
…t-logger feat(server): add request logging middleware
…_Analysis_API_endpoint Github Action on adding donor impact
…enchmarks Security fix for bakeronchain#562 and gas optimization for bakeronchain#590
implemented bakeronchain#766 feat: add course bookmarking / wishlist feature
…tone-resubmission fix: allow milestone resubmission after rejection
…-for-Spanish-language-FIXED
…ain#662-feat--add-i18n-translations-for-Spanish-language-FIXED bakeronchain#662 feat: add i18n translations for Spanish language Fixed
Added bundle size analysis to frontend CI
…n-and-health-monitoring
…nnection-pooling-configuration-and-health-monitoring Add database connection pooling configuration and health monitoring
…er-tests test: add integration tests for event indexer and poller bakeronchain#578
…ibility-aria-labels Feat/accessibility aria labels
Implement course browsing, lesson viewing, and wallet connection
- Enforce RS256 exclusively; remove hardcoded HS256 fallback secret from admin and course-admin middlewares (production already blocked HS256, now development no longer falls back to a known-constant secret) - Add iss (learnvault) and aud (learnvault-api) claims to every signed token and validate them on verification to prevent token substitution across services - Add jti (UUID) claim to every token to support future revocation tracking - Validate RSA public key is >= 2048 bits at server startup - Expose ephemeral dev keys to process.env so standalone middlewares use RS256 instead of HS256 even in key-less development mode - Add jwt.service.test.ts covering: HS256 rejection, wrong iss/aud rejection, missing jti/sub rejection, expired token rejection, and valid round-trip - Update admin-milestones.test.ts to set JWT_SECRET explicitly (no longer relies on removed hardcoded fallback) - Document key rotation procedure in .env.example
- Enforce RS256 exclusively; remove hardcoded HS256 fallback secret from admin and course-admin middlewares (production already blocked HS256, now development no longer falls back to a known-constant secret) - Add iss (learnvault) and aud (learnvault-api) claims to every signed token and validate them on verification to prevent token substitution across services - Add jti (UUID) claim to every token to support future revocation tracking - Validate RSA public key is >= 2048 bits at server startup - Expose ephemeral dev keys to process.env so standalone middlewares use RS256 instead of HS256 even in key-less development mode - Add jwt.service.test.ts covering: HS256 rejection, wrong iss/aud rejection, missing jti/sub rejection, expired token rejection, and valid round-trip - Update admin-milestones.test.ts to set JWT_SECRET explicitly (no longer relies on removed hardcoded fallback) - Document key rotation procedure in .env.example
Replace Morgan + raw console.* calls with pino throughout the server.
- Add pino and pino-pretty dependencies; remove unused morgan and @types/morgan
- Create src/lib/logger.ts: central pino logger with JSON output in production,
pretty-print in development, silent in tests; LOG_LEVEL env var support
- Add maskAddress() helper to truncate Stellar wallet addresses in logs
(first 4 + last 4 chars) so full addresses are never logged as PII
- Replace 55 console.log/warn/error calls across all controllers, services,
middleware, routes, db, and workers with typed pino child loggers
(logger.child({ module: 'xxx' })) preserving structured { err } objects
- Update request-logger.middleware.ts to use pino as default logger while
keeping the injectable interface for tests
- Remove dead morgan import from index.ts
- Fix admin-milestones.controller.test.ts to set process.env.JWT_SECRET
explicitly (no hardcoded fallback exists since JWT security PR)
- Document LOG_LEVEL env var and log rotation via logrotate/pino-roll in
.env.example
Covers form validation, navigation, API submission, and confirmation across all five wizard steps with 21 passing test cases.
…ance-improvements perf/fix: compression, CI fixes, migration idempotency, TypeScript bu…
…implementation security: audit and harden JWT implementation (bakeronchain#716)
…gging-pino Devops/structured logging pino
…ly-tests Feat/scholarship apply tests
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #238
Summary
This PR adds structured API request logging with per-request correlation IDs to improve backend observability and request tracing.
What Changed
server/src/middleware/request-logger.middleware.tsrequestIdfor every incoming requestrequestIdtoreqX-Request-Idin every responserequestIdmethodpathstatusCodedurationMspinofor structured loggingapp.use(requestLogger)before routes inserver/src/index.tsrequestIdWhy
The backend previously had no structured request logging, which made it difficult to trace errors, investigate slow requests, and correlate frontend issues with backend logs.
Testing
npm test -- request-logger.middleware.test.tsNotes
npm run buildcurrently fails because of unrelated pre-existing TypeScript errors elsewhere in the repo.