Merge pull request #882 from OpenSPP/fix/api-log

[FIX] Fix and improve API Log

Author: emjay0921

spp_api/controllers/api.py

@@ -35,6 +35,7 @@
 #################################################################
 
 API_ENDPOINT = "/api"
+SENSITIVE_KEYS = {"authorization", "cookie", "x-api-key", "x-odoo-session-id"}
 
 
 def create_api_log(func):
@@ -43,6 +44,7 @@ def wrapper(self, *args, **kwargs):
         # Request Log
         path = kwargs.get("path")
         request_id = kwargs.get("request_id", False)
+        namespace = kwargs.get("namespace", False)
         if not request_id:
             raise werkzeug.exceptions.HTTPException(
                 response=error_response(400, "Bad Request", "request_id is required.")
@@ -52,19 +54,46 @@ def wrapper(self, *args, **kwargs):
                 response=error_response(400, "Bad Request", "request_id is already taken.")
             )
 
+        namespace_id = False
+        if namespace:
+            version = kwargs.get("version")
+            search_domain = [("name", "=", namespace)]
+            if version:
+                search_domain.append(("version_name", "=", version))
+            namespace_id = request.env["spp_api.namespace"].search(search_domain, limit=1)
+
         initial_val = {
             "method": path.method,
             "model": path.model,
             "request": http.request.httprequest.full_path,
+            "namespace_id": namespace_id.id if namespace_id else False,
         }
 
         request_log_val = initial_val.copy()
         request_log_val["http_type"] = "request"
         request_log_val["request_id"] = request_id
-        if path.method in ["get"]:
-            request_log_val["request_parameter"] = kwargs
+
+        request_log_val["request_parameter"] = request.httprequest.query_string.decode("utf-8", errors="replace")
+
+        # Try to get parsed JSON first
+        # silent=True prevents Werkzeug from raising a 400 error on bad JSON
+        json_payload = request.httprequest.get_json(silent=True)
+
+        if json_payload is not None:
+            request_data = json.dumps(json_payload)
         else:
-            request_log_val["request_data"] = kwargs
+            # Fallback to raw data if not JSON
+            # errors='replace' inserts a  character instead of crashing on bad bytes
+            request_data = request.httprequest.get_data().decode("utf-8", errors="replace")
+
+        request_log_val["request_data"] = request_data
+
+        # Sanitize headers
+        safe_headers = {
+            key: "REDACTED" if key.lower() in SENSITIVE_KEYS else value
+            for key, value in request.httprequest.headers.items()
+        }
+        request_log_val["headers"] = json.dumps(safe_headers)
 
         request.env["spp_api.log"].create(request_log_val)
         del request_log_val

spp_api/models/spp_api_log.py

@@ -28,6 +28,7 @@ class Log(models.Model):
     )
     model = fields.Char(required=True)
     namespace_id = fields.Many2one("spp_api.namespace", "Integration")
+    headers = fields.Text()
     request = fields.Text()
 
     request_id = fields.Text(string="Request ID")

spp_api/views/openapi_view.xml

@@ -45,6 +45,8 @@
                     <field name="create_uid" readonly="1" />
                     <field name="create_date" readonly="1" />
                     <field name="request" readonly="1" />
+                    <field name="headers" readonly="1" />
+                    <field name="request_parameter" readonly="1" />
                     <field name="request_data" readonly="1" />
                     <field name="response_data" readonly="1" />
                 </group>
@@ -302,7 +304,7 @@
     <record model="ir.actions.act_window" id="spp_api_log_list_action">
         <field name="name">API Logs</field>
         <field name="res_model">spp_api.log</field>
-        <field name="view_mode">tree</field>
+        <field name="view_mode">tree,form</field>
         <field name="help">List of API Logs.</field>
     </record>