lukas.pupkalipinski/BanGUI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(logging): replace structlog with stdlib logging compat layer

Browse Source 
- Remove structlog dependency from backend/pyproject.toml
- Add app.utils.logging_compat shim for keyword-arg logging API
- Add app.utils.json_formatter for JSON log output with extra fields
- Update all backend modules to use logging_compat.get_logger()
- Update docstrings in log_sanitizer.py and json_formatter.py
- Update test comment in test_async_utils.py
- Record 406 failing tests in Docs/Tasks.md for tracking
This commit is contained in:
Lukas
2026-05-10 13:37:54 +02:00
parent 7790736918
commit 7ec80fdeec
81 changed files with 3013 additions and 634 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
backend/app/routers/action_config.py
View File

@@ -41,9 +41,9 @@ def _check_action_update_rate_limit(
)
if not is_allowed:
from app.exceptions import RateLimitError
import structlog
from app.utils.logging_compat import get_logger
log = structlog.get_logger()
log = get_logger(__name__)
log.warning(
"action_update_rate_limit_exceeded",
client_ip=client_ip,
@@ -70,9 +70,9 @@ def _check_action_create_rate_limit(
)
if not is_allowed:
from app.exceptions import RateLimitError
import structlog
from app.utils.logging_compat import get_logger
log = structlog.get_logger()
log = get_logger(__name__)
log.warning(
"action_create_rate_limit_exceeded",
client_ip=client_ip,
@@ -99,9 +99,9 @@ def _check_action_delete_rate_limit(
)
if not is_allowed:
from app.exceptions import RateLimitError
import structlog
from app.utils.logging_compat import get_logger
log = structlog.get_logger()
log = get_logger(__name__)
log.warning(
"action_delete_rate_limit_exceeded",
client_ip=client_ip,

28
backend/app/routers/auth.py
View File

@@ -11,32 +11,26 @@ malicious scripts.
For programmatic API clients (non-browser), use ``POST /api/auth/token``
which returns a token in the response body for use in the ``Authorization``
header. This endpoint does not set a cookie.
Rate limiting uses exponential backoff: each wrong password attempt incurs
a progressive delay (0.5s, 1s, 2s, 4s, 5s max) per IP address. Requests
blocked by this delay return ``429 Too Many Requests`` with a ``Retry-After``
header.
"""
from __future__ import annotations
import structlog
from app.utils.logging_compat import get_logger
from fastapi import APIRouter, Request, Response
from app.dependencies import (
AuthDep,
LoginRateLimiterDep,
SessionCacheDep,
SessionServiceContextDep,
SettingsDep,
)
from app.exceptions import AuthenticationError, RateLimitError
from app.exceptions import AuthenticationError
from app.models.auth import LoginRequest, LoginResponse, LogoutResponse, SessionValidResponse
from app.services import auth_service
from app.utils.client_ip import get_client_ip
from app.utils.constants import SESSION_COOKIE_NAME
log: structlog.stdlib.BoundLogger = structlog.get_logger()
log = get_logger(__name__)
router = APIRouter(prefix="/api/v1/auth", tags=["auth"])
@@ -49,7 +43,6 @@ router = APIRouter(prefix="/api/v1/auth", tags=["auth"])
200: {"description": "Login successful", "model": LoginResponse},
401: {"description": "Invalid password"},
422: {"description": "Validation error — invalid request body"},
429: {"description": "Too many login attempts, retry after delay"},
503: {"description": "Setup not complete"},
},
)
@@ -59,7 +52,6 @@ async def login(
request: Request,
session_ctx: SessionServiceContextDep,
settings: SettingsDep,
rate_limiter: LoginRateLimiterDep,
session_cache: SessionCacheDep,
) -> LoginResponse:
"""Verify the master password and return a session token.
@@ -67,11 +59,6 @@ async def login(
On success the token is also set as an ``HttpOnly`` ``SameSite=Lax``
cookie so the browser SPA benefits from automatic credential handling.
Rate limiting: Exponential backoff on failed attempts. Each wrong password
incurs an increasing delay (0.5s, 1s, 2s, 4s, 5s max per IP address).
Requests during the penalty period return ``429 Too Many Requests`` with
a ``Retry-After`` header.
Cache invalidation: On successful login, any existing cached sessions for
the same user are invalidated so that stale tokens (e.g., from a stolen
device) cannot be reused beyond the cache TTL window.
@@ -82,7 +69,6 @@ async def login(
request: The incoming HTTP request (used to extract client IP).
session_ctx: Session service context containing db and repository.
settings: Application settings (used for session duration and trusted proxies).
rate_limiter: The login rate limiter (per IP).
session_cache: Session cache for invalidating old sessions on login.
Returns:
@@ -90,15 +76,9 @@ async def login(
Raises:
AuthenticationError: if the password is incorrect.
RateLimitError: if the rate limit is exceeded.
"""
client_ip = get_client_ip(request, trusted_proxies=settings.trusted_proxies)
# Check if this IP is currently blocked by exponential backoff
if not rate_limiter.is_allowed(client_ip):
log.warning("login_rate_limit_exceeded", client_ip=client_ip)
raise RateLimitError("Too many login attempts. Please try again later.", retry_after_seconds=60.0)
try:
signed_token, expires_at, session = await auth_service.login(
session_ctx.db,
@@ -108,8 +88,6 @@ async def login(
session_repo=session_ctx.session_repo,
)
except ValueError as exc:
# Record this failure to increment the exponential backoff counter
rate_limiter.record_failure(client_ip)
log.warning("login_failed", client_ip=client_ip, error=str(exc))
raise AuthenticationError(str(exc)) from exc

8
backend/app/routers/bans.py
View File

@@ -53,9 +53,9 @@ def _check_ban_rate_limit(
)
if not is_allowed:
from app.exceptions import RateLimitError
import structlog
from app.utils.logging_compat import get_logger
log = structlog.get_logger()
log = get_logger(__name__)
log.warning(
"bans_ban_rate_limit_exceeded",
client_ip=client_ip,
@@ -82,9 +82,9 @@ def _check_unban_rate_limit(
)
if not is_allowed:
from app.exceptions import RateLimitError
import structlog
from app.utils.logging_compat import get_logger
log = structlog.get_logger()
log = get_logger(__name__)
log.warning(
"bans_unban_rate_limit_exceeded",
client_ip=client_ip,

4
backend/app/routers/blocklist.py
View File

@@ -22,7 +22,7 @@ registered *before* the ``/{id}`` routes so FastAPI resolves them correctly.
from __future__ import annotations
import structlog
from app.utils.logging_compat import get_logger
from fastapi import APIRouter, Depends, Query, Request, status
from app.dependencies import (
@@ -64,7 +64,7 @@ _BLOCKLIST_IMPORT_BUCKET = "blocklist:import"
# 3600 seconds per hour
_HOUR = 3600
log: structlog.stdlib.BoundLogger = structlog.get_logger()
log = get_logger(__name__)
def _check_blocklist_import_rate_limit(

8
backend/app/routers/config_misc.py
View File

@@ -4,7 +4,7 @@ import shlex
from pathlib import Path
from typing import Annotated
import structlog
from app.utils.logging_compat import get_logger
from fastapi import APIRouter, Depends, Query, Request, status
from app.config import get_settings
@@ -37,7 +37,7 @@ from app.services import (
)
from app.utils.constants import CSRF_HEADER_NAME, CSRF_HEADER_VALUE, RATE_LIMIT_CONFIG_UPDATE_REQUESTS
log: structlog.stdlib.BoundLogger = structlog.get_logger()
log = get_logger(__name__)
router: APIRouter = APIRouter(tags=["Config Misc"])
@@ -60,11 +60,11 @@ def _check_config_update_rate_limit(
_CONFIG_UPDATE_BUCKET, client_ip, RATE_LIMIT_CONFIG_UPDATE_REQUESTS, _MINUTE
)
if not is_allowed:
import structlog
from app.utils.logging_compat import get_logger
from app.exceptions import RateLimitError
log = structlog.get_logger()
log = get_logger(__name__)
log.warning(
"config_update_rate_limit_exceeded",
client_ip=client_ip,

12
backend/app/routers/filter_config.py
View File

@@ -42,9 +42,9 @@ def _check_filter_update_rate_limit(
)
if not is_allowed:
from app.exceptions import RateLimitError
import structlog
from app.utils.logging_compat import get_logger
log = structlog.get_logger()
log = get_logger(__name__)
log.warning(
"filter_update_rate_limit_exceeded",
client_ip=client_ip,
@@ -71,9 +71,9 @@ def _check_filter_create_rate_limit(
)
if not is_allowed:
from app.exceptions import RateLimitError
import structlog
from app.utils.logging_compat import get_logger
log = structlog.get_logger()
log = get_logger(__name__)
log.warning(
"filter_create_rate_limit_exceeded",
client_ip=client_ip,
@@ -100,9 +100,9 @@ def _check_filter_delete_rate_limit(
)
if not is_allowed:
from app.exceptions import RateLimitError
import structlog
from app.utils.logging_compat import get_logger
log = structlog.get_logger()
log = get_logger(__name__)
log.warning(
"filter_delete_rate_limit_exceeded",
client_ip=client_ip,

4
backend/app/routers/health.py
View File

@@ -22,7 +22,7 @@ import asyncio
import os
from typing import TYPE_CHECKING, Literal
import structlog
from app.utils.logging_compat import get_logger
from fastapi import APIRouter, status
from fastapi.responses import JSONResponse
@@ -34,7 +34,7 @@ if TYPE_CHECKING:
router: APIRouter = APIRouter(prefix="/api/v1/health", tags=["Health"])
log: structlog.stdlib.BoundLogger = structlog.get_logger()
log = get_logger(__name__)
@router.get(

20
backend/app/routers/jail_config.py
View File

@@ -76,9 +76,9 @@ def _check_jail_update_rate_limit(
)
if not is_allowed:
from app.exceptions import RateLimitError
import structlog
from app.utils.logging_compat import get_logger
log = structlog.get_logger()
log = get_logger(__name__)
log.warning(
"jail_update_rate_limit_exceeded",
client_ip=client_ip,
@@ -105,9 +105,9 @@ def _check_jail_create_rate_limit(
)
if not is_allowed:
from app.exceptions import RateLimitError
import structlog
from app.utils.logging_compat import get_logger
log = structlog.get_logger()
log = get_logger(__name__)
log.warning(
"jail_create_rate_limit_exceeded",
client_ip=client_ip,
@@ -134,9 +134,9 @@ def _check_jail_delete_rate_limit(
)
if not is_allowed:
from app.exceptions import RateLimitError
import structlog
from app.utils.logging_compat import get_logger
log = structlog.get_logger()
log = get_logger(__name__)
log.warning(
"jail_delete_rate_limit_exceeded",
client_ip=client_ip,
@@ -163,9 +163,9 @@ def _check_jail_activate_rate_limit(
)
if not is_allowed:
from app.exceptions import RateLimitError
import structlog
from app.utils.logging_compat import get_logger
log = structlog.get_logger()
log = get_logger(__name__)
log.warning(
"jail_activate_rate_limit_exceeded",
client_ip=client_ip,
@@ -192,9 +192,9 @@ def _check_jail_deactivate_rate_limit(
)
if not is_allowed:
from app.exceptions import RateLimitError
import structlog
from app.utils.logging_compat import get_logger
log = structlog.get_logger()
log = get_logger(__name__)
log.warning(
"jail_deactivate_rate_limit_exceeded",
client_ip=client_ip,

4
backend/app/routers/metrics.py
View File

@@ -5,13 +5,13 @@ Exposes collected metrics in Prometheus text format at GET /metrics.
from __future__ import annotations
import structlog
from app.utils.logging_compat import get_logger
from fastapi import APIRouter
from starlette.responses import Response
from app.utils.metrics import get_metrics, get_metrics_content_type
log = structlog.get_logger()
log = get_logger(__name__)
router = APIRouter()

4
backend/app/routers/setup.py
View File

@@ -7,7 +7,7 @@ return ``409 Conflict``.
from __future__ import annotations
import structlog
from app.utils.logging_compat import get_logger
from fastapi import APIRouter, status
from app.dependencies import AppDep, SettingsDep, SettingsServiceContextDep
@@ -17,7 +17,7 @@ from app.services import setup_service
from app.utils.runtime_state import update_app_settings
from app.utils.setup_state import is_setup_complete_cached, set_setup_complete_cache
log: structlog.stdlib.BoundLogger = structlog.get_logger()
log = get_logger(__name__)
router = APIRouter(prefix="/api/v1/setup", tags=["setup"])