Skip to content

Add API request/response logging with correlation IDs#793

Merged
RUKAYAT-CODER merged 10 commits into
rinafcode:mainfrom
Ajibose:api-logging
Jul 1, 2026
Merged

Add API request/response logging with correlation IDs#793
RUKAYAT-CODER merged 10 commits into
rinafcode:mainfrom
Ajibose:api-logging

Conversation

@Ajibose

@Ajibose Ajibose commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

Closes #507

Summary

  • Implements HttpLoggingInterceptor (NestJS APP_INTERCEPTOR) that logs every HTTP request and response with a correlation ID, HTTP method/URL, status code, and response time in milliseconds
  • Adds AppLoggerService backed by winston with JSON structured output and optional daily log rotation (via winston-daily-rotate-file) for ELK stack compatibility
  • Introduces maskSensitiveData / maskHeaders utilities that redact fields like password, token, authorization, secret, credit_card, cvv, pin, and api_key before writing to logs
  • Registers the interceptor globally through LoggingModule imported in AppModule — no per-controller wiring needed

Correlation ID proof

Correlation IDs are generated and stored in AsyncLocalStorage by the existing CorrelationIdMiddleware (reads X-Correlation-ID header or auto-generates a cid-* prefixed ID). The interceptor retrieves it via getCorrelationId() and embeds it in every log line:

{"timestamp":"2026-06-25T16:08:23.497Z","level":"info","service":"teachlink-backend","correlationId":"cid-1s4k2a-abc12345","event":"http_request","method":"POST","url":"/api/auth/login"}

Request/response logging example

{"timestamp":"...","level":"info","correlationId":"cid-xxx","event":"http_request","method":"POST","url":"/api/courses","headers":{"content-type":"application/json","authorization":"***MASKED***"}}
{"timestamp":"...","level":"info","correlationId":"cid-xxx","event":"http_response","method":"POST","url":"/api/courses","statusCode":201,"durationMs":47}

Response time tracking example

durationMs is computed as Date.now() - startTime captured before next.handle() and emitted on both success and error paths via RxJS tap:

{"event":"http_response","statusCode":200,"durationMs":23}

Sensitive data masking demonstration

Input body: { "email": "user@example.com", "password": "secret123" }
Logged body: { "email": "user@example.com", "password": "***MASKED***" }

Masked fields: password, passwd, token, accesstoken, refresh_token, apikey, api_key, authorization, auth, key, secret, clientsecret, credit_card, cvv, cvc, pin, ssn

Unit tests passing

Test Suites: 3 passed, 3 total
Tests:       34 passed, 34 total

src/logging/sensitive-data.masker.spec.ts    — 17 tests (field masking, nested, arrays, case-insensitive)
src/logging/http-logging.interceptor.spec.ts —  8 tests (request log, response log, correlation ID, timing, masking, errors, non-http skip)
src/logging/logger.service.spec.ts           —  9 tests (all logger methods, correlation ID embedding)

Files changed

File Purpose
src/logging/sensitive-data.masker.ts Configurable sensitive-field masking utility
src/logging/logger.service.ts Winston logger service with JSON format + daily rotation
src/logging/http-logging.interceptor.ts NestJS interceptor for request/response logging
src/logging/logging.module.ts Global NestJS module registering interceptor + service
src/app.module.ts Imports LoggingModule
src/logging/*.spec.ts Unit tests for all three modules

@drips-wave

drips-wave Bot commented Jun 25, 2026

Copy link
Copy Markdown

@Ajibose Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@RUKAYAT-CODER

Copy link
Copy Markdown
Contributor

Great job so far

There’s just one blocker — the workflow is failing. Could you take a look and fix it so all checks pass?

Happy to review again once that’s done.

@Ajibose

Ajibose commented Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

@RUKAYAT-CODER pls can you help me review it now

@RUKAYAT-CODER

Copy link
Copy Markdown
Contributor

Workflow still failing

Ajibose and others added 3 commits July 1, 2026 09:17
Auto-fix prettier formatting and prefer-template lint issues in the
http-logging interceptor, logging module, and their spec files so
CI lint:ci passes with --max-warnings 0.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@RUKAYAT-CODER

Copy link
Copy Markdown
Contributor

Pull from the main first you will be able to see the conflict on your editor. Then resolve it
i cant resolve it here.
Also work on your workflow

@Ajibose

Ajibose commented Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

Pull from the main first you will be able to see the conflict on your editor. Then resolve it i cant resolve it here. Also work on your workflow

i have done this several time already, but i am still trying to see why i can't resolve it. Even the resolve conflict button is greyed out

- Resolve modify/delete conflict on tsconfig.build.tsbuildinfo (file is
  auto-generated and already in .gitignore, keep deleted)
- Add unit test step to CI workflow so tests run on every push/PR

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@Ajibose

Ajibose commented Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

Don't mind me. I thought already synced the repo. Sorry about that

I think it should be working now

@RUKAYAT-CODER

Copy link
Copy Markdown
Contributor

Dont forget to always pull first from the main before pushing. Because am merging contributors work.
Try again it should pass

Ajibose and others added 2 commits July 1, 2026 11:10
Required by AppLoggerService; missing from package.json caused
TypeScript typecheck to fail in CI.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@Ajibose

Ajibose commented Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

Fixed. Pls help me review it

Thanks

@RUKAYAT-CODER

Copy link
Copy Markdown
Contributor

Thank you for contributing to the project.

@RUKAYAT-CODER RUKAYAT-CODER merged commit 98c1085 into rinafcode:main Jul 1, 2026
1 check passed
@Ajibose

Ajibose commented Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

Thank you for contributing to the project.

Thanks for assigning the issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add API request/response logging with correlation IDs

2 participants