Add application logging, SMTP email notifications, and supporting changes

Phase 5.4 — Application Logging:
- AppLog model + migration 0010 for unified audit/usage/error logging
- Usage logging middleware in app.py (after_request for /api/* requests)
- Error logging in 500 handler with traceback capture
- Audit logging for auth events (register, login, login_failed, logout,
  password_change) and admin actions (backup, restore, user_delete,
  registration_toggle, smtp_config, smtp_test)
- Admin log viewer (LogsView.vue) with stats, category/search/date
  filters, paginated table with expandable detail rows
- Admin logs API endpoints in admin.py (GET /logs, GET /logs/stats)
- Configurable retention via LOG_RETENTION_DAYS with hourly cleanup

Phase 5.5 — SMTP Email Notifications:
- aiosmtplib dependency for async email sending
- Email service (services/email.py) with STARTTLS/implicit TLS support
- Notification service (services/notifications.py) for security alerts
  and task due date reminders with per-user preferences
- Admin SMTP config endpoints (GET/PUT /api/admin/smtp, POST test)
- SMTP config in Config class with env var + Docker secret support
- Settings UI: notification preferences for all users, SMTP config
  section for admin with test email

Other changes:
- stream_chat() now accepts optional options dict (for num_predict)
- Increase assist MAX_BODY_CHARS from 3000 to 8000
- get_user_by_username() added to auth service
- apiStreamPost buffer processing refactored for robustness
- AppHeader: admin Logs nav link
- Router: /admin/logs route

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-02-13 08:34:52 -05:00
parent a89d25f5d6
commit d874e0e2ae
19 changed files with 1516 additions and 31 deletions
+33 -1
View File
@@ -1,4 +1,6 @@
from quart import Blueprint, jsonify, request, session
import asyncio
from quart import Blueprint, g, jsonify, request, session
from fabledassistant.auth import login_required, get_current_user_id
from fabledassistant.services.auth import (
@@ -6,9 +8,12 @@ from fabledassistant.services.auth import (
change_password,
create_user,
get_user_by_id,
get_user_by_username,
get_user_count,
is_registration_open,
)
from fabledassistant.services.logging import log_audit
from fabledassistant.services.notifications import notify_security_event
auth_bp = Blueprint("auth", __name__, url_prefix="/api/auth")
@@ -34,6 +39,7 @@ async def register():
return jsonify({"error": "Username already taken"}), 409
session["user_id"] = user.id
await log_audit("register", user_id=user.id, username=user.username, ip_address=request.remote_addr)
return jsonify(user.to_dict()), 201
@@ -48,14 +54,35 @@ async def login():
user = await authenticate(username, password)
if not user:
await log_audit("login_failed", username=username, ip_address=request.remote_addr)
# Try to notify the actual user about the failed attempt
target_user = await get_user_by_username(username)
if target_user:
asyncio.create_task(notify_security_event(
target_user.id, "login_failed",
{"ip_address": request.remote_addr, "username": username},
))
return jsonify({"error": "Invalid username or password"}), 401
session["user_id"] = user.id
await log_audit("login", user_id=user.id, username=user.username, ip_address=request.remote_addr)
asyncio.create_task(notify_security_event(
user.id, "login",
{"ip_address": request.remote_addr},
))
return jsonify(user.to_dict())
@auth_bp.route("/logout", methods=["POST"])
async def logout():
uid = session.get("user_id")
if uid:
user = await get_user_by_id(uid)
await log_audit("logout", user_id=uid, username=user.username if user else None, ip_address=request.remote_addr)
asyncio.create_task(notify_security_event(
uid, "logout",
{"ip_address": request.remote_addr},
))
session.clear()
return jsonify({"status": "ok"})
@@ -86,6 +113,11 @@ async def update_password():
if not success:
return jsonify({"error": "Current password is incorrect"}), 403
await log_audit("password_change", user_id=uid, username=g.user.username, ip_address=request.remote_addr)
asyncio.create_task(notify_security_event(
uid, "password_change",
{"ip_address": request.remote_addr},
))
return jsonify({"status": "ok"})