Ephemeral keys for xterm.js. Initial rework of audit logging. All endpoints now return a 401 regardless of presence if not logged in.

2026-02-03 08:26:37 +00:00
parent 3e17d6412c
commit 667b02f0c3
28 changed files with 1546 additions and 181 deletions
--- a/app/apps/audit/utils.py
+++ b/app/apps/audit/utils.py
@@ -42,3 +42,51 @@ def get_request_id(request) -> str:
        or request.META.get("HTTP_X_CORRELATION_ID")
        or ""
    )
+
+
+def _get_scope_header(scope, header_name: str) -> str | None:
+    headers = scope.get("headers") if scope else None
+    if not headers:
+        return None
+    target = header_name.lower().encode("latin-1")
+    for key, value in headers:
+        if key.lower() == target:
+            try:
+                return value.decode("latin-1")
+            except Exception:
+                return None
+    return None
+
+
+def get_client_ip_from_scope(scope) -> str | None:
+    if not scope:
+        return None
+    x_real_ip = _normalize_ip(_get_scope_header(scope, "x-real-ip"))
+    if x_real_ip:
+        return x_real_ip
+    forwarded_for = _get_scope_header(scope, "x-forwarded-for") or ""
+    if forwarded_for:
+        for part in forwarded_for.split(","):
+            ip = _normalize_ip(part)
+            if ip:
+                return ip
+    client = scope.get("client")
+    if isinstance(client, (list, tuple)) and client:
+        return _normalize_ip(str(client[0]))
+    return None
+
+
+def get_request_id_from_scope(scope) -> str:
+    if not scope:
+        return ""
+    return (
+        _get_scope_header(scope, "x-request-id")
+        or _get_scope_header(scope, "x-correlation-id")
+        or ""
+    )
+
+
+def get_user_agent_from_scope(scope) -> str:
+    if not scope:
+        return ""
+    return _get_scope_header(scope, "user-agent") or ""