Add application logging, SMTP email notifications, and supporting changes
Phase 5.4 — Application Logging: - AppLog model + migration 0010 for unified audit/usage/error logging - Usage logging middleware in app.py (after_request for /api/* requests) - Error logging in 500 handler with traceback capture - Audit logging for auth events (register, login, login_failed, logout, password_change) and admin actions (backup, restore, user_delete, registration_toggle, smtp_config, smtp_test) - Admin log viewer (LogsView.vue) with stats, category/search/date filters, paginated table with expandable detail rows - Admin logs API endpoints in admin.py (GET /logs, GET /logs/stats) - Configurable retention via LOG_RETENTION_DAYS with hourly cleanup Phase 5.5 — SMTP Email Notifications: - aiosmtplib dependency for async email sending - Email service (services/email.py) with STARTTLS/implicit TLS support - Notification service (services/notifications.py) for security alerts and task due date reminders with per-user preferences - Admin SMTP config endpoints (GET/PUT /api/admin/smtp, POST test) - SMTP config in Config class with env var + Docker secret support - Settings UI: notification preferences for all users, SMTP config section for admin with test email Other changes: - stream_chat() now accepts optional options dict (for num_predict) - Increase assist MAX_BODY_CHARS from 3000 to 8000 - get_user_by_username() added to auth service - apiStreamPost buffer processing refactored for robustness - AppHeader: admin Logs nav link - Router: /admin/logs route Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -1,4 +1,6 @@
|
||||
from quart import Blueprint, jsonify, request, session
|
||||
import asyncio
|
||||
|
||||
from quart import Blueprint, g, jsonify, request, session
|
||||
|
||||
from fabledassistant.auth import login_required, get_current_user_id
|
||||
from fabledassistant.services.auth import (
|
||||
@@ -6,9 +8,12 @@ from fabledassistant.services.auth import (
|
||||
change_password,
|
||||
create_user,
|
||||
get_user_by_id,
|
||||
get_user_by_username,
|
||||
get_user_count,
|
||||
is_registration_open,
|
||||
)
|
||||
from fabledassistant.services.logging import log_audit
|
||||
from fabledassistant.services.notifications import notify_security_event
|
||||
|
||||
auth_bp = Blueprint("auth", __name__, url_prefix="/api/auth")
|
||||
|
||||
@@ -34,6 +39,7 @@ async def register():
|
||||
return jsonify({"error": "Username already taken"}), 409
|
||||
|
||||
session["user_id"] = user.id
|
||||
await log_audit("register", user_id=user.id, username=user.username, ip_address=request.remote_addr)
|
||||
return jsonify(user.to_dict()), 201
|
||||
|
||||
|
||||
@@ -48,14 +54,35 @@ async def login():
|
||||
|
||||
user = await authenticate(username, password)
|
||||
if not user:
|
||||
await log_audit("login_failed", username=username, ip_address=request.remote_addr)
|
||||
# Try to notify the actual user about the failed attempt
|
||||
target_user = await get_user_by_username(username)
|
||||
if target_user:
|
||||
asyncio.create_task(notify_security_event(
|
||||
target_user.id, "login_failed",
|
||||
{"ip_address": request.remote_addr, "username": username},
|
||||
))
|
||||
return jsonify({"error": "Invalid username or password"}), 401
|
||||
|
||||
session["user_id"] = user.id
|
||||
await log_audit("login", user_id=user.id, username=user.username, ip_address=request.remote_addr)
|
||||
asyncio.create_task(notify_security_event(
|
||||
user.id, "login",
|
||||
{"ip_address": request.remote_addr},
|
||||
))
|
||||
return jsonify(user.to_dict())
|
||||
|
||||
|
||||
@auth_bp.route("/logout", methods=["POST"])
|
||||
async def logout():
|
||||
uid = session.get("user_id")
|
||||
if uid:
|
||||
user = await get_user_by_id(uid)
|
||||
await log_audit("logout", user_id=uid, username=user.username if user else None, ip_address=request.remote_addr)
|
||||
asyncio.create_task(notify_security_event(
|
||||
uid, "logout",
|
||||
{"ip_address": request.remote_addr},
|
||||
))
|
||||
session.clear()
|
||||
return jsonify({"status": "ok"})
|
||||
|
||||
@@ -86,6 +113,11 @@ async def update_password():
|
||||
if not success:
|
||||
return jsonify({"error": "Current password is incorrect"}), 403
|
||||
|
||||
await log_audit("password_change", user_id=uid, username=g.user.username, ip_address=request.remote_addr)
|
||||
asyncio.create_task(notify_security_event(
|
||||
uid, "password_change",
|
||||
{"ip_address": request.remote_addr},
|
||||
))
|
||||
return jsonify({"status": "ok"})
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user