Master staging merge

[JoshuaSBrown]

Ticket

 

Description

How Has This Been Tested?

Artifacts (if appropriate):

Tasks

• - A description of the PR has been provided, and a diagram included if it is a new feature.
• - Formatter has been run
• - CHANGELOG comment has been added
• - Labels have been assigned to the pr
• - A reviwer has been added
• - A user has been assigned to work on the pr
• - If new feature a unit test has been added

Summary by Sourcery

Improve user and query API logging around client-derived operations and align client variable handling in affected routes.

Bug Fixes:

• Ensure client user lookup results can be reused within route handlers by adjusting client variable declarations.

Enhancements:

• Add structured request-start logging for user update and identity-add routes, including correlation IDs and key user limits.
• Initialize client variables in additional routes to support consistent logging and future client context usage.

[sourcery-ai]

Reviewer's Guide

This PR updates several Foxx router handlers in user_router.js and query_router.js to standardize how the client user object is retrieved and logged, and to enrich request logging with additional contextual information for user update and identity operations.

Sequence diagram for user update route logging

sequenceDiagram
    actor Client
    participant UserRouter
    participant g_lib
    participant logger
    participant Database

    Client->>UserRouter: HTTP GET /user/update?client&subject
    UserRouter->>g_lib: getUserFromClientID(client)
    g_lib-->>UserRouter: client_object
    UserRouter->>logger: logRequestStarted(client._id, correlationId, GET, basePath + /update, Started, Update user information)

    alt subject query param present
        UserRouter->>Database: lookup user by subject
        Database-->>UserRouter: user_record
    else no subject param
        UserRouter->>Database: lookup user by other criteria
        Database-->>UserRouter: user_record
    end

    UserRouter->>Database: update user_record
    Database-->>UserRouter: updated_user

    UserRouter->>UserRouter: build result = [updated_user]
    UserRouter->>UserRouter: extract is_admin, max_coll, max_proj, max_sav_qry
    UserRouter->>UserRouter: build extra_log_info with quotas and admin flag

    UserRouter-->>Client: HTTP 200 [updated_user]

Loading

Sequence diagram for identity add route logging

sequenceDiagram
    actor Client
    participant UserRouter
    participant g_lib
    participant logger
    participant Database

    Client->>UserRouter: HTTP GET /user/ident/add?client&ident
    UserRouter->>g_lib: getUserFromClientID(client)
    g_lib-->>UserRouter: client_object

    UserRouter->>logger: logRequestStarted(client._id, correlationId, GET, basePath + /ident/add, Started, Add new linked identity)

    UserRouter->>g_lib: isUUID(ident)
    g_lib-->>UserRouter: boolean

    alt ident is valid UUID and not already linked
        UserRouter->>Database: create linked identity
        Database-->>UserRouter: new_identity
    else invalid or duplicate ident
        UserRouter->>UserRouter: handle error or no-op
    end

    UserRouter-->>Client: HTTP response (success or error)

Loading

File-Level Changes

Change	Details	Files
Standardize client retrieval and enhance logging in the user update endpoint.	Change client acquisition to assign the result of getUserFromClientID to a shared client variable instead of a new const declaration Add a logRequestStarted call at the beginning of the update action, including client id, correlation id, HTTP verb, route path, status, and description After computing the updated user, extract selected fields (is_admin, max_coll, max_proj, max_sav_qry) into an extra_log_info object for downstream logging or processing	core/database/foxx/api/user_router.js
Initialize client variable in list-all users endpoint to avoid undefined usage.	Declare a local client variable and initialize it to null at the start of the /list/all handler	core/database/foxx/api/user_router.js
Standardize client retrieval and logging in the add-identity endpoint, and predeclare client in remove-identity handler.	Change client acquisition to assign the result of getUserFromClientID to a shared client variable instead of a new const declaration Add a logRequestStarted call for the ident/add route with detailed context, including client id, correlation id, HTTP verb, route path, and description Predeclare a client variable initialized to null at the start of the /ident/remove handler	core/database/foxx/api/user_router.js
Standardize client variable handling in the saved-query delete endpoint.	Predeclare a client variable initialized to undefined at the start of the /delete handler Change client acquisition to assign the result of getUserFromClientID to the predeclared client variable instead of using a new const	core/database/foxx/api/query_router.js

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've found 1 issue, and left some high level feedback:

• In the routes where const client = ... was changed to client = ... (e.g., user update and identity-add), ensure client is explicitly declared in the appropriate scope (e.g., let client = null; at the top of the handler) to avoid creating or mutating an implicit/global variable across requests.
• The new extra_log_info object in the user update handler is assigned without a local declaration; declare it (e.g., let extra_log_info = {...}) in the correct scope to avoid implicit globals and to make its lifecycle explicit.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- In the routes where `const client = ...` was changed to `client = ...` (e.g., user update and identity-add), ensure `client` is explicitly declared in the appropriate scope (e.g., `let client = null;` at the top of the handler) to avoid creating or mutating an implicit/global variable across requests.
- The new `extra_log_info` object in the user update handler is assigned without a local declaration; declare it (e.g., `let extra_log_info = {...}`) in the correct scope to avoid implicit globals and to make its lifecycle explicit.

## Individual Comments

### Comment 1
<location path="core/database/foxx/api/user_router.js" line_range="406" />
<code_context>
+
+                    const { is_admin, max_coll, max_proj, max_sav_qry } = user.new;
+
+                    extra_log_info = {
+                        is_admin,
+                        max_coll,
</code_context>
<issue_to_address>
**issue (bug_risk):** `extra_log_info` is assigned without declaration, which can create or mutate a global variable.

Assigning to `extra_log_info` without `const`/`let`/`var` will either create/mutate a global (non‑strict) or throw (strict), and obscures its scope. If this should be local, declare it; if it’s part of an outer logging context, reference that explicitly instead of relying on an implicit global.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

issue (bug_risk): extra_log_info is assigned without declaration, which can create or mutate a global variable.

Assigning to extra_log_info without const/let/var will either create/mutate a global (non‑strict) or throw (strict), and obscures its scope. If this should be local, declare it; if it’s part of an outer logging context, reference that explicitly instead of relying on an implicit global.