[FIX] Fix and improve API Log

Author: reichie020212

spp_api/controllers/api.py

@@ -35,6 +35,7 @@
 #################################################################
 
 API_ENDPOINT = "/api"
+SENSITIVE_KEYS = ["Authorization", "Cookie", "X-Api-Key", "X-Odoo-Session-Id"]
 
 
 def create_api_log(func):
@@ -43,6 +44,7 @@ def wrapper(self, *args, **kwargs):
         # Request Log
         path = kwargs.get("path")
         request_id = kwargs.get("request_id", False)
+        namespace = kwargs.get("namespace", False)
         if not request_id:
             raise werkzeug.exceptions.HTTPException(
                 response=error_response(400, "Bad Request", "request_id is required.")
@@ -52,10 +54,15 @@ def wrapper(self, *args, **kwargs):
                 response=error_response(400, "Bad Request", "request_id is already taken.")
             )
 
+        namespace_id = False
+        if namespace:
+            namespace_id = request.env["spp_api.namespace"].search([("name", "=", namespace)])
+
         initial_val = {
             "method": path.method,
             "model": path.model,
             "request": http.request.httprequest.full_path,
+            "namespace_id": namespace_id.id if namespace_id else False,
         }
 
         request_log_val = initial_val.copy()
@@ -64,7 +71,27 @@ def wrapper(self, *args, **kwargs):
         if path.method in ["get"]:
             request_log_val["request_parameter"] = kwargs
         else:
-            request_log_val["request_data"] = kwargs
+            # Try to get parsed JSON first
+            # silent=True prevents Werkzeug from raising a 400 error on bad JSON
+            json_payload = request.httprequest.get_json(silent=True)
+
+            if json_payload:
+                request_data = json.dumps(json_payload)
+            else:
+                # Fallback to raw data if not JSON
+                # errors='replace' inserts a  character instead of crashing on bad bytes
+                request_data = request.httprequest.get_data().decode("utf-8", errors="replace")
+
+            request_log_val["request_data"] = request_data
+
+        # Sanitize headers
+        safe_headers = {}
+        for key, value in request.httprequest.headers.items():
+            if key in SENSITIVE_KEYS:
+                safe_headers[key] = "REDACTED"
+            else:
+                safe_headers[key] = value
+        request_log_val["headers"] = json.dumps(safe_headers)
 
         request.env["spp_api.log"].create(request_log_val)
         del request_log_val

spp_api/models/spp_api_log.py

@@ -28,6 +28,7 @@ class Log(models.Model):
     )
     model = fields.Char(required=True)
     namespace_id = fields.Many2one("spp_api.namespace", "Integration")
+    headers = fields.Text()
     request = fields.Text()
 
     request_id = fields.Text(string="Request ID")

spp_api/views/openapi_view.xml

@@ -45,6 +45,7 @@
                     <field name="create_uid" readonly="1" />
                     <field name="create_date" readonly="1" />
                     <field name="request" readonly="1" />
+                    <field name="headers" readonly="1" />
                     <field name="request_data" readonly="1" />
                     <field name="response_data" readonly="1" />
                 </group>
@@ -302,7 +303,7 @@
     <record model="ir.actions.act_window" id="spp_api_log_list_action">
         <field name="name">API Logs</field>
         <field name="res_model">spp_api.log</field>
-        <field name="view_mode">tree</field>
+        <field name="view_mode">tree,form</field>
         <field name="help">List of API Logs.</field>
     </record>