From 96c527038cb1d3231a172ffcc07199dbaae69959 Mon Sep 17 00:00:00 2001 From: Ben Thorner Date: Wed, 4 Aug 2021 16:16:31 +0100 Subject: [PATCH] Only log authorization for public requests This is the original behaviour [1]. Since all internal requests will have corresponding logs from public-facing apps that are making them, there's little value in logging them. Logging internal requests doesn't lead to a significant increase in our overall log ingestion: a rough estimate is its an extra 5000 logs per minute, out of about 900K per minute. [1]: https://github.com/alphagov/notifications-api/blame/e08d726f0579e023c565f5cf42dff5dc95e41a0d/app/authentication/auth.py#L153 --- app/authentication/auth.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/app/authentication/auth.py b/app/authentication/auth.py index f6179dc3b..0df0ed720 100644 --- a/app/authentication/auth.py +++ b/app/authentication/auth.py @@ -113,6 +113,13 @@ def requires_auth(): api_key = _decode_jwt_token(auth_token, service.api_keys, service.id) + current_app.logger.info('API authorised for service {} with api key {}, using issuer {} for URL: {}'.format( + service_id, + api_key.id, + request.headers.get('User-Agent'), + request.base_url + )) + g.api_user = api_key g.service_id = service_id g.authenticated_service = service @@ -142,13 +149,6 @@ def _decode_jwt_token(auth_token, api_keys, service_id=None): if api_key.expiry_date: raise AuthError("Invalid token: API key revoked", 403, service_id=service_id, api_key_id=api_key.id) - current_app.logger.info('API authorised for service {} with api key {}, using issuer {} for URL: {}'.format( - service_id, - api_key.id, - request.headers.get('User-Agent'), - request.base_url - )) - return api_key else: # service has API keys, but none matching the one the user provided