fix(logger): contextual logs

rtrompier · rtrompier · commit 12facbe2426a · 2025-12-16T10:20:05.000+01:00
diff --git a/src/hooks.server.ts b/src/hooks.server.ts
@@ -20,6 +20,7 @@ import { adminTokenManager } from "$lib/server/adminToken";
 import { isHostLocalhost } from "$lib/server/isURLLocal";
 import { MetricsServer } from "$lib/server/metrics";
 import { loadMcpServersOnStartup } from "$lib/server/mcp/registry";
+import { runWithRequestContext } from "$lib/server/requestContext";
 
 export const init: ServerInit = async () => {
 	// Wait for config to be fully loaded
@@ -100,194 +101,200 @@ export const handleError: HandleServerError = async ({ error, event, status, mes
 };
 
 export const handle: Handle = async ({ event, resolve }) => {
-	await ready.then(() => {
-		config.checkForUpdates();
-	});
+	// Generate a unique request ID for this request
+	const requestId = crypto.randomUUID();
 
-	logger.debug({
-		locals: event.locals,
-		url: event.url.pathname,
-		params: event.params,
-		request: event.request,
-	});
-
-	function errorResponse(status: number, message: string) {
-		const sendJson =
-			event.request.headers.get("accept")?.includes("application/json") ||
-			event.request.headers.get("content-type")?.includes("application/json");
-		return new Response(sendJson ? JSON.stringify({ error: message }) : message, {
-			status,
-			headers: {
-				"content-type": sendJson ? "application/json" : "text/plain",
-			},
+	// Run the entire request handling within the request context
+	return runWithRequestContext(async () => {
+		await ready.then(() => {
+			config.checkForUpdates();
 		});
-	}
 
-	if (event.url.pathname.startsWith(`${base}/admin/`) || event.url.pathname === `${base}/admin`) {
-		const ADMIN_SECRET = config.ADMIN_API_SECRET || config.PARQUET_EXPORT_SECRET;
+		logger.debug({
+			locals: event.locals,
+			url: event.url.pathname,
+			params: event.params,
+			request: event.request,
+		});
 
-		if (!ADMIN_SECRET) {
-			return errorResponse(500, "Admin API is not configured");
+		function errorResponse(status: number, message: string) {
+			const sendJson =
+				event.request.headers.get("accept")?.includes("application/json") ||
+				event.request.headers.get("content-type")?.includes("application/json");
+			return new Response(sendJson ? JSON.stringify({ error: message }) : message, {
+				status,
+				headers: {
+					"content-type": sendJson ? "application/json" : "text/plain",
+				},
+			});
 		}
 
-		if (event.request.headers.get("Authorization") !== `Bearer ${ADMIN_SECRET}`) {
-			return errorResponse(401, "Unauthorized");
-		}
-	}
+		if (event.url.pathname.startsWith(`${base}/admin/`) || event.url.pathname === `${base}/admin`) {
+			const ADMIN_SECRET = config.ADMIN_API_SECRET || config.PARQUET_EXPORT_SECRET;
 
-	const auth = await authenticateRequest(
-		{ type: "svelte", value: event.request.headers },
-		{ type: "svelte", value: event.cookies },
-		event.url
-	);
-
-	event.locals.sessionId = auth.sessionId;
-
-	if (loginEnabled && !auth.user && !event.url.pathname.startsWith(`${base}/.well-known/`)) {
-		if (config.AUTOMATIC_LOGIN === "true") {
-			// AUTOMATIC_LOGIN: always redirect to OAuth flow (unless already on login or healthcheck pages)
-			if (
-				!event.url.pathname.startsWith(`${base}/login`) &&
-				!event.url.pathname.startsWith(`${base}/healthcheck`)
-			) {
-				// To get the same CSRF token after callback
-				refreshSessionCookie(event.cookies, auth.secretSessionId);
-				return await triggerOauthFlow(event);
+			if (!ADMIN_SECRET) {
+				return errorResponse(500, "Admin API is not configured");
 			}
-		} else {
-			// Redirect to OAuth flow unless on the authorized pages (home, shared conversation, login, healthcheck, model thumbnails)
-			if (
-				event.url.pathname !== `${base}/` &&
-				event.url.pathname !== `${base}` &&
-				!event.url.pathname.startsWith(`${base}/login`) &&
-				!event.url.pathname.startsWith(`${base}/login/callback`) &&
-				!event.url.pathname.startsWith(`${base}/healthcheck`) &&
-				!event.url.pathname.startsWith(`${base}/r/`) &&
-				!event.url.pathname.startsWith(`${base}/conversation/`) &&
-				!event.url.pathname.startsWith(`${base}/models/`) &&
-				!event.url.pathname.startsWith(`${base}/api`)
-			) {
-				refreshSessionCookie(event.cookies, auth.secretSessionId);
-				return triggerOauthFlow(event);
+
+			if (event.request.headers.get("Authorization") !== `Bearer ${ADMIN_SECRET}`) {
+				return errorResponse(401, "Unauthorized");
 			}
 		}
-	}
-
-	event.locals.user = auth.user || undefined;
-	event.locals.token = auth.token;
-
-	event.locals.isAdmin =
-		event.locals.user?.isAdmin || adminTokenManager.isAdmin(event.locals.sessionId);
 
-	// CSRF protection
-	const requestContentType = event.request.headers.get("content-type")?.split(";")[0] ?? "";
-	/** https://developer.mozilla.org/en-US/docs/Web/HTML/Element/form#attr-enctype */
-	const nativeFormContentTypes = [
-		"multipart/form-data",
-		"application/x-www-form-urlencoded",
-		"text/plain",
-	];
-
-	if (event.request.method === "POST") {
-		if (nativeFormContentTypes.includes(requestContentType)) {
-			const origin = event.request.headers.get("origin");
+		const auth = await authenticateRequest(
+			{ type: "svelte", value: event.request.headers },
+			{ type: "svelte", value: event.cookies },
+			event.url
+		);
 
-			if (!origin) {
-				return errorResponse(403, "Non-JSON form requests need to have an origin");
+		event.locals.sessionId = auth.sessionId;
+
+		if (loginEnabled && !auth.user && !event.url.pathname.startsWith(`${base}/.well-known/`)) {
+			if (config.AUTOMATIC_LOGIN === "true") {
+				// AUTOMATIC_LOGIN: always redirect to OAuth flow (unless already on login or healthcheck pages)
+				if (
+					!event.url.pathname.startsWith(`${base}/login`) &&
+					!event.url.pathname.startsWith(`${base}/healthcheck`)
+				) {
+					// To get the same CSRF token after callback
+					refreshSessionCookie(event.cookies, auth.secretSessionId);
+					return await triggerOauthFlow(event);
+				}
+			} else {
+				// Redirect to OAuth flow unless on the authorized pages (home, shared conversation, login, healthcheck, model thumbnails)
+				if (
+					event.url.pathname !== `${base}/` &&
+					event.url.pathname !== `${base}` &&
+					!event.url.pathname.startsWith(`${base}/login`) &&
+					!event.url.pathname.startsWith(`${base}/login/callback`) &&
+					!event.url.pathname.startsWith(`${base}/healthcheck`) &&
+					!event.url.pathname.startsWith(`${base}/r/`) &&
+					!event.url.pathname.startsWith(`${base}/conversation/`) &&
+					!event.url.pathname.startsWith(`${base}/models/`) &&
+					!event.url.pathname.startsWith(`${base}/api`)
+				) {
+					refreshSessionCookie(event.cookies, auth.secretSessionId);
+					return triggerOauthFlow(event);
+				}
 			}
+		}
 
-			const validOrigins = [
-				new URL(event.request.url).host,
-				...(config.PUBLIC_ORIGIN ? [new URL(config.PUBLIC_ORIGIN).host] : []),
-			];
-
-			if (!validOrigins.includes(new URL(origin).host)) {
-				return errorResponse(403, "Invalid referer for POST request");
+		event.locals.user = auth.user || undefined;
+		event.locals.token = auth.token;
+
+		event.locals.isAdmin =
+			event.locals.user?.isAdmin || adminTokenManager.isAdmin(event.locals.sessionId);
+
+		// CSRF protection
+		const requestContentType = event.request.headers.get("content-type")?.split(";")[0] ?? "";
+		/** https://developer.mozilla.org/en-US/docs/Web/HTML/Element/form#attr-enctype */
+		const nativeFormContentTypes = [
+			"multipart/form-data",
+			"application/x-www-form-urlencoded",
+			"text/plain",
+		];
+
+		if (event.request.method === "POST") {
+			if (nativeFormContentTypes.includes(requestContentType)) {
+				const origin = event.request.headers.get("origin");
+
+				if (!origin) {
+					return errorResponse(403, "Non-JSON form requests need to have an origin");
+				}
+
+				const validOrigins = [
+					new URL(event.request.url).host,
+					...(config.PUBLIC_ORIGIN ? [new URL(config.PUBLIC_ORIGIN).host] : []),
+				];
+
+				if (!validOrigins.includes(new URL(origin).host)) {
+					return errorResponse(403, "Invalid referer for POST request");
+				}
 			}
 		}
-	}
 
-	if (
-		event.request.method === "POST" ||
-		event.url.pathname.startsWith(`${base}/login`) ||
-		event.url.pathname.startsWith(`${base}/login/callback`)
-	) {
-		// if the request is a POST request or login-related we refresh the cookie
-		refreshSessionCookie(event.cookies, auth.secretSessionId);
-
-		await collections.sessions.updateOne(
-			{ sessionId: auth.sessionId },
-			{ $set: { updatedAt: new Date(), expiresAt: addWeeks(new Date(), 2) } }
-		);
-	}
-
-	if (
-		loginEnabled &&
-		!event.locals.user &&
-		!event.url.pathname.startsWith(`${base}/login`) &&
-		!event.url.pathname.startsWith(`${base}/admin`) &&
-		!event.url.pathname.startsWith(`${base}/settings`) &&
-		!["GET", "OPTIONS", "HEAD"].includes(event.request.method)
-	) {
-		return errorResponse(401, ERROR_MESSAGES.authOnly);
-	}
-
-	let replaced = false;
+		if (
+			event.request.method === "POST" ||
+			event.url.pathname.startsWith(`${base}/login`) ||
+			event.url.pathname.startsWith(`${base}/login/callback`)
+		) {
+			// if the request is a POST request or login-related we refresh the cookie
+			refreshSessionCookie(event.cookies, auth.secretSessionId);
 
-	const response = await resolve(event, {
-		transformPageChunk: (chunk) => {
-			// For some reason, Sveltekit doesn't let us load env variables from .env in the app.html template
-			if (replaced || !chunk.html.includes("%gaId%")) {
-				return chunk.html;
-			}
-			replaced = true;
+			await collections.sessions.updateOne(
+				{ sessionId: auth.sessionId },
+				{ $set: { updatedAt: new Date(), expiresAt: addWeeks(new Date(), 2) } }
+			);
+		}
 
-			return chunk.html.replace("%gaId%", config.PUBLIC_GOOGLE_ANALYTICS_ID);
-		},
-		filterSerializedResponseHeaders: (header) => {
-			return header.includes("content-type");
-		},
-	});
+		if (
+			loginEnabled &&
+			!event.locals.user &&
+			!event.url.pathname.startsWith(`${base}/login`) &&
+			!event.url.pathname.startsWith(`${base}/admin`) &&
+			!event.url.pathname.startsWith(`${base}/settings`) &&
+			!["GET", "OPTIONS", "HEAD"].includes(event.request.method)
+		) {
+			return errorResponse(401, ERROR_MESSAGES.authOnly);
+		}
 
-	// Add CSP header to disallow framing if ALLOW_IFRAME is not "true"
-	if (config.ALLOW_IFRAME !== "true") {
-		response.headers.append("Content-Security-Policy", "frame-ancestors 'none';");
-	}
+		let replaced = false;
 
-	if (
-		event.url.pathname.startsWith(`${base}/login/callback`) ||
-		event.url.pathname.startsWith(`${base}/login`)
-	) {
-		response.headers.append("Cache-Control", "no-store");
-	}
+		const response = await resolve(event, {
+			transformPageChunk: (chunk) => {
+				// For some reason, Sveltekit doesn't let us load env variables from .env in the app.html template
+				if (replaced || !chunk.html.includes("%gaId%")) {
+					return chunk.html;
+				}
+				replaced = true;
 
-	if (event.url.pathname.startsWith(`${base}/api/`)) {
-		// get origin from the request
-		const requestOrigin = event.request.headers.get("origin");
+				return chunk.html.replace("%gaId%", config.PUBLIC_GOOGLE_ANALYTICS_ID);
+			},
+			filterSerializedResponseHeaders: (header) => {
+				return header.includes("content-type");
+			},
+		});
 
-		// get origin from the config if its defined
-		let allowedOrigin = config.PUBLIC_ORIGIN ? new URL(config.PUBLIC_ORIGIN).origin : undefined;
+		// Add CSP header to disallow framing if ALLOW_IFRAME is not "true"
+		if (config.ALLOW_IFRAME !== "true") {
+			response.headers.append("Content-Security-Policy", "frame-ancestors 'none';");
+		}
 
 		if (
-			dev || // if we're in dev mode
-			!requestOrigin || // or the origin is null (SSR)
-			isHostLocalhost(new URL(requestOrigin).hostname) // or the origin is localhost
+			event.url.pathname.startsWith(`${base}/login/callback`) ||
+			event.url.pathname.startsWith(`${base}/login`)
 		) {
-			allowedOrigin = "*"; // allow all origins
-		} else if (allowedOrigin === requestOrigin) {
-			allowedOrigin = requestOrigin; // echo back the caller
+			response.headers.append("Cache-Control", "no-store");
 		}
 
-		if (allowedOrigin) {
-			response.headers.set("Access-Control-Allow-Origin", allowedOrigin);
-			response.headers.set(
-				"Access-Control-Allow-Methods",
-				"GET, POST, PUT, PATCH, DELETE, OPTIONS"
-			);
-			response.headers.set("Access-Control-Allow-Headers", "Content-Type, Authorization");
+		if (event.url.pathname.startsWith(`${base}/api/`)) {
+			// get origin from the request
+			const requestOrigin = event.request.headers.get("origin");
+
+			// get origin from the config if its defined
+			let allowedOrigin = config.PUBLIC_ORIGIN ? new URL(config.PUBLIC_ORIGIN).origin : undefined;
+
+			if (
+				dev || // if we're in dev mode
+				!requestOrigin || // or the origin is null (SSR)
+				isHostLocalhost(new URL(requestOrigin).hostname) // or the origin is localhost
+			) {
+				allowedOrigin = "*"; // allow all origins
+			} else if (allowedOrigin === requestOrigin) {
+				allowedOrigin = requestOrigin; // echo back the caller
+			}
+
+			if (allowedOrigin) {
+				response.headers.set("Access-Control-Allow-Origin", allowedOrigin);
+				response.headers.set(
+					"Access-Control-Allow-Methods",
+					"GET, POST, PUT, PATCH, DELETE, OPTIONS"
+				);
+				response.headers.set("Access-Control-Allow-Headers", "Content-Type, Authorization");
+			}
 		}
-	}
-	return response;
+		return response;
+	}, requestId);
 };
 
 export const handleFetch: HandleFetch = async ({ event, request, fetch }) => {
diff --git a/src/lib/server/logger.ts b/src/lib/server/logger.ts
@@ -1,6 +1,7 @@
 import pino from "pino";
 import { dev } from "$app/environment";
 import { config } from "$lib/server/config";
+import { getRequestId } from "$lib/server/requestContext";
 
 let options: pino.LoggerOptions = {};
 
@@ -15,7 +16,7 @@ if (dev) {
 	};
 }
 
-export const logger = pino({
+const baseLogger = pino({
 	...options,
 	messageKey: "message",
 	level: config.LOG_LEVEL || "info",
@@ -24,4 +25,10 @@ export const logger = pino({
 			return { level: label };
 		},
 	},
+	mixin() {
+		const requestId = getRequestId();
+		return requestId ? { requestId } : {};
+	},
 });
+
+export const logger = baseLogger;
diff --git a/src/lib/server/requestContext.ts b/src/lib/server/requestContext.ts
