HangmanLab.Backend/api/log.py

#api/log.py
from flask import Blueprint, jsonify, request
from api import require_auth
from db import get_db
from db.models.Log import Log
from db.utils import insert_log

logs_bp = Blueprint('log', __name__, url_prefix='/api/log')

# Bound per-entry size so an authenticated-but-low-trust caller can't bloat
# the log table with multi-megabyte payloads.
_MAX_LOG_MESSAGE_LEN = 16 * 1024

@logs_bp.route('/', methods=['GET'])
@require_auth(roles=['admin'])
def get_logs():
    level = request.args.get('level')
    application = request.args.get('application')
    page = int(request.args.get('page', 1))
    per_page = int(request.args.get('per_page', 10))

    with get_db() as session:
        query = session.query(Log)
        if level:
            query = query.filter(Log.level == level)
        if application:
            query = query.filter(Log.application == application)
        total_logs = query.count()
        logs = query.order_by(Log.timestamp.desc()).offset((page - 1)*per_page).limit(per_page).all()
    return jsonify({
        "total": total_logs,
        "page": page,
        "per_page": per_page,
        "logs": [log.to_dict() for log in logs]
    })

@logs_bp.route('/', methods=['POST'])
@require_auth()
def create_log():
    data = request.get_json(silent=True)
    if not data:
        return jsonify({"error": "invalid or missing JSON body"}), 400
    required_fields = ['level', 'message']
    for field in required_fields:
        if field not in data:
            return jsonify({"error": f"missing {field} in request"}), 400
    level = str(data.get('level'))[:64]
    message = str(data.get('message'))[:_MAX_LOG_MESSAGE_LEN]
    application = "frontend"
    extra = data.get('extra', None)
    log_entry = Log(level=level, message=message, application=application, extra=extra)
    insert_log(log_entry)
    return jsonify({"message": "log created"}), 201