easyapi-django 0.30__tar.gz → 0.31__tar.gz

{easyapi_django-0.30/easyapi_django.egg-info → easyapi_django-0.31}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: easyapi_django
-Version: 0.30
+Version: 0.31
 Summary: A simple rest api generator for django based on models
 Author-email: Stamatios Stamou Jr <bushier.outsets.0c@icloud.com>
 License: MIT

easyapi_django-0.31/easyapi/exception.py

@@ -0,0 +1,24 @@
+import logging
+
+from django.http import JsonResponse
+
+logger = logging.getLogger(__name__)
+
+
+class HTTPException(Exception):
+
+    def render(self, exception):
+        (status, detail) = exception.args
+        # 5xx is a server-side problem — emit a logged stack trace so the
+        # response body is not the only signal. Without this, every
+        # ``raise HTTPException(500, ...)`` was invisible to logs/Sentry
+        # and operators had to guess from black-box symptoms.
+        if isinstance(status, int) and status >= 500:
+            logger.exception(
+                'HTTPException %s: %s', status, detail,
+                exc_info=exception,
+            )
+        return JsonResponse(
+            {'success': False, 'status': status, 'detail': detail},
+            status=status,
+        )

{easyapi_django-0.30 → easyapi_django-0.31}/easyapi/rate_limit.py

@@ -1,8 +1,12 @@
+import logging
 import time
+
 from redis import StrictRedis
 
 from .redis_config import REDIS_SERVER, REDIS_DB, KEY_PREFIX
 
+logger = logging.getLogger(__name__)
+
 
 class RateLimit(StrictRedis):
     def __init__(self):
@@ -30,7 +34,15 @@ class RateLimit(StrictRedis):
         return {"blocked": False}
 
     def track_pattern(self, identifier, action="abuse"):
-        """Detect regular request patterns indicative of abuse."""
+        """Detect regular request patterns indicative of abuse.
+
+        Reports the signal but does NOT auto-write a block key. Frontends
+        retrying after a server-side error look identical to a bot when
+        you only consider request timing — auto-blocking that traffic
+        locked legitimate users out and was opaque to debug. Callers may
+        decide to escalate based on the returned ``suspicious`` flag plus
+        other signals (e.g. authenticated identity, response codes).
+        """
         pattern_key = f"{KEY_PREFIX}rate_limit:pattern:{action}:{identifier}"
         now = self.current_milli_time()
         last_req = self.get(f"{pattern_key}:last")
@@ -50,8 +62,11 @@ class RateLimit(StrictRedis):
             mean = sum(intervals) / len(intervals)
             variance = sum((x - mean) ** 2 for x in intervals) / len(intervals)
             if variance < 100:
-                block_key = f"{KEY_PREFIX}block:{action}:{identifier}"
-                self.setex(block_key, 300, "suspicious")
+                logger.warning(
+                    'rate_limit: suspicious request pattern from %s '
+                    '(action=%s, mean_interval_ms=%.0f, variance=%.2f)',
+                    identifier, action, mean, variance,
+                )
                 return {"suspicious": True, "reason": "Regular request intervals"}
         return {"suspicious": False}
 
@@ -69,9 +84,13 @@ class RateLimit(StrictRedis):
             return {"rate_limited": True, "abuse": False, "blocked": True}
 
         if action in ["api", "login"]:
-            pattern_result = self.track_pattern(identifier, "abuse")
-            if pattern_result["suspicious"]:
-                return {"rate_limited": True, "abuse": True, "reason": pattern_result["reason"]}
+            # Pattern detection is recorded for observability but no
+            # longer short-circuits to ``abuse=True``. Timing-only
+            # signals caught legitimate retry traffic (frontends
+            # retrying after server-side errors look identical to bots
+            # when judged by intervals alone). Real abuse is caught by
+            # the count thresholds below; pattern alone goes to logs.
+            self.track_pattern(identifier, "abuse")
 
         now = self.current_milli_time()
         type_to_check = action

{easyapi_django-0.30 → easyapi_django-0.31/easyapi_django.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: easyapi_django
-Version: 0.30
+Version: 0.31
 Summary: A simple rest api generator for django based on models
 Author-email: Stamatios Stamou Jr <bushier.outsets.0c@icloud.com>
 License: MIT

{easyapi_django-0.30 → easyapi_django-0.31}/easyapi_django.egg-info/SOURCES.txt

@@ -50,6 +50,7 @@ tests/test_cache_auto_account_scope.py
 tests/test_cache_scope.py
 tests/test_client_ip.py
 tests/test_dispatch_error_handling.py
+tests/test_exception_render.py
 tests/test_exports.py
 tests/test_filter_validation.py
 tests/test_filters.py

{easyapi_django-0.30 → easyapi_django-0.31}/pyproject.toml

@@ -11,7 +11,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "easyapi_django"
-version = "0.30"
+version = "0.31"
 authors = [
   { name="Stamatios Stamou Jr", email="bushier.outsets.0c@icloud.com" },
 ]

easyapi_django-0.31/tests/test_exception_render.py

@@ -0,0 +1,69 @@
+"""HTTPException.render must log 5xx errors so Sentry / log aggregators
+see them. Silent 5xx renders were the root of an opaque-error incident
+in production."""
+import json
+import logging
+
+import pytest
+
+from easyapi.exception import HTTPException
+
+
+def _render(status, detail='boom'):
+    exc = HTTPException(status, detail)
+    response = exc.render(exc)
+    body = json.loads(response.content.decode('utf-8'))
+    return response, body
+
+
+def test_500_logs_exception(caplog):
+    with caplog.at_level(logging.ERROR, logger='easyapi.exception'):
+        response, body = _render(500, 'database unreachable')
+
+    assert response.status_code == 500
+    assert body == {'success': False, 'status': 500, 'detail': 'database unreachable'}
+
+    records = [r for r in caplog.records if r.name == 'easyapi.exception']
+    assert records, 'expected a log record for 500 render'
+    record = records[0]
+    assert record.levelno == logging.ERROR
+    assert '500' in record.getMessage()
+    assert 'database unreachable' in record.getMessage()
+    # exc_info attached so traceback is preserved for Sentry-style sinks
+    assert record.exc_info is not None
+
+
+def test_503_also_logs(caplog):
+    with caplog.at_level(logging.ERROR, logger='easyapi.exception'):
+        _render(503, 'upstream down')
+    records = [r for r in caplog.records if r.name == 'easyapi.exception']
+    assert records, '5xx other than 500 must also log'
+
+
+def test_400_does_not_log(caplog):
+    """4xx is client-side; no log noise — they're routine."""
+    with caplog.at_level(logging.DEBUG, logger='easyapi.exception'):
+        response, body = _render(400, 'bad input')
+    assert response.status_code == 400
+    records = [r for r in caplog.records if r.name == 'easyapi.exception']
+    assert not records
+
+
+def test_403_does_not_log(caplog):
+    with caplog.at_level(logging.DEBUG, logger='easyapi.exception'):
+        _render(403, 'forbidden')
+    records = [r for r in caplog.records if r.name == 'easyapi.exception']
+    assert not records
+
+
+def test_404_does_not_log(caplog):
+    with caplog.at_level(logging.DEBUG, logger='easyapi.exception'):
+        _render(404, 'not found')
+    records = [r for r in caplog.records if r.name == 'easyapi.exception']
+    assert not records
+
+
+def test_response_body_unchanged_for_5xx():
+    """Logging is additive — must not change the wire response."""
+    response, body = _render(500, 'something')
+    assert body == {'success': False, 'status': 500, 'detail': 'something'}

easyapi_django-0.30/easyapi/exception.py

@@ -1,11 +0,0 @@
-from django.http import JsonResponse
-
-
-class HTTPException(Exception):
-
-    def render(self, exception):
-        (status, detail) = exception.args
-        return JsonResponse(
-            {'success': False, 'status': status, 'detail': detail},
-            status=status,
-        )