[FIX] Fix and improve API Log

[reichie020212]

Why is this change needed?

Encountered several problems regaring logging of API

• Unable to open the form view of API Log
• Saved Request Data is not correct
• Saved log doesn't have a relation with the namespace

How was the change implemented?

• Added form in the view_mode of spp_api_log_list_action to be able to view the form view
• Added namespace_id to the API Log
• Corrected saved Request Data
• Added Headers field

New unit tests

None

Unit tests executed by the author

None

How to test manually

Related links

After the fix screenshots

---

Note

Medium Risk
Logging now persists request bodies and headers (even though sensitive keys are redacted), which increases exposure risk if other secrets appear in payloads/headers and may impact storage volume/performance.

Overview
Fixes and enriches OpenAPI request/response logging. Request logs now link to the resolved spp_api.namespace (optionally matching version), store the raw query string, capture request bodies more accurately (parsed JSON when possible, else decoded raw bytes), and persist sanitized HTTP headers with sensitive values redacted.

Updates the spp_api.log model/UI to support this data by adding a headers field, exposing headers and request_parameter on the log form, and enabling tree,form view mode so logs can be opened from the list view.

^{Written by Cursor Bugbot for commit d604986. This will update automatically on new commits. Configure here.}

[gemini-code-assist]

Summary of Changes

Hello @reichie020212, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the API logging functionality by addressing critical issues related to data visibility and integrity. It enables the proper display of API log details through a new form view, ensures accurate recording of diverse request data formats, and establishes a clear association between logs and their originating namespaces. Furthermore, it adds a layer of security and detail by logging request headers with sensitive information automatically redacted.

Highlights

• API Log Form View Enabled: Resolved an issue preventing the form view of API logs from opening, allowing users to inspect detailed log entries.
• Accurate Request Data Capture: Improved the logging mechanism to correctly capture and store request data, handling both JSON payloads and raw request bodies.
• Namespace Integration for API Logs: Established a relationship between API logs and their respective namespaces, enhancing traceability and organization.
• Header Logging with Sanitization: Introduced the logging of request headers, including a sanitization process to redact sensitive information like authorization tokens.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces several valuable improvements to the API logging functionality, including associating logs with a namespace, adding sanitized header logging, and correcting the way request data is captured. The fix to enable the form view for API logs is also a good usability improvement.

My review has identified a couple of high-severity issues. One is a security concern where sensitive headers might not be redacted due to a case-sensitive comparison. The other is a potential bug in how namespaces are looked up, which could lead to errors if multiple API versions share the same name. I've provided specific suggestions to address these points.

[codecov]

Codecov Report

❌ Patch coverage is 11.11111% with 16 lines in your changes missing coverage. Please review.
✅ Project coverage is 81.30%. Comparing base (306320e) to head (d604986).

Files with missing lines	Patch %	Lines
spp_api/controllers/api.py	5.88%	16 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             17.0     #882      +/-   ##
==========================================
- Coverage   81.33%   81.30%   -0.04%     
==========================================
  Files         821      821              
  Lines       25105    25120      +15     
  Branches     2928     2931       +3     
==========================================
+ Hits        20420    20424       +4     
- Misses       3948     3961      +13     
+ Partials      737      735       -2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud