Permalink
Browse files

Fixed #12012 -- Added support for logging. Thanks to Vinay Sajip for …

…his draft patch, and to the many people who gave feedback during development of the patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@13981 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
1 parent 667d832 commit 24acca413977422681ca16b42fe9a6d763df2121 @freakboy3742 freakboy3742 committed Oct 4, 2010
@@ -16,6 +16,7 @@
ENVIRONMENT_VARIABLE = "DJANGO_SETTINGS_MODULE"
+
class LazySettings(LazyObject):
"""
A lazy proxy for either global Django settings or a custom settings object.
@@ -114,6 +115,16 @@ def __init__(self, settings_module):
os.environ['TZ'] = self.TIME_ZONE
time.tzset()
+ # Settings are configured, so we can set up the logger if required
+ if self.LOGGING_CONFIG:
+ # First find the logging configuration function ...
+ logging_config_path, logging_config_func_name = self.LOGGING_CONFIG.rsplit('.', 1)
+ logging_config_module = importlib.import_module(logging_config_path)
+ logging_config_func = getattr(logging_config_module, logging_config_func_name)
+
+ # ... then invoke it with the logging settings
+ logging_config_func(self.LOGGING)
+
class UserSettingsHolder(object):
"""
Holder for user configured settings.
@@ -499,6 +499,34 @@
# django.contrib.messages to avoid imports in this settings file.
###########
+# LOGGING #
+###########
+
+# The callable to use to configure logging
+LOGGING_CONFIG = 'django.utils.log.dictConfig'
+
+# The default logging configuration. This sends an email to
+# the site admins on every HTTP 500 error. All other log
+# records are sent to the bit bucket.
+LOGGING = {
+ 'version': 1,
+ 'disable_existing_loggers': False,
+ 'handlers': {
+ 'mail_admins': {
+ 'level': 'ERROR',
+ 'class': 'django.utils.log.AdminEmailHandler'
+ }
+ },
+ 'loggers': {
+ 'django.request':{
+ 'handlers': ['mail_admins'],
+ 'level': 'ERROR',
+ 'propagate': True,
+ },
+ }
+}
+
+###########
# TESTING #
###########
@@ -94,3 +94,26 @@
# Uncomment the next line to enable admin documentation:
# 'django.contrib.admindocs',
)
+
+# A sample logging configuration. The only tangible logging
+# performed by this configuration is to send an email to
+# the site admins on every HTTP 500 error.
+# See http://docs.djangoproject.com/en/dev/topics/logging for
+# more details on how to customize your logging configuration.
+LOGGING = {
+ 'version': 1,
+ 'disable_existing_loggers': False,
+ 'handlers': {
+ 'mail_admins': {
+ 'level': 'ERROR',
+ 'class': 'django.utils.log.AdminEmailHandler'
+ }
+ },
+ 'loggers': {
+ 'django.request':{
+ 'handlers': ['mail_admins'],
+ 'level': 'ERROR',
+ 'propagate': True,
+ },
+ }
+}
@@ -1,10 +1,14 @@
+import logging
import sys
from django import http
from django.core import signals
from django.utils.encoding import force_unicode
from django.utils.importlib import import_module
+logger = logging.getLogger('django.request')
+
+
class BaseHandler(object):
# Changes that are always applied to a response (in this order).
response_fixes = [
@@ -118,6 +122,11 @@ def get_response(self, request):
return response
except http.Http404, e:
+ logger.warning('Not Found: %s' % request.path,
+ extra={
+ 'status_code': 404,
+ 'request': request
+ })
if settings.DEBUG:
from django.views import debug
return debug.technical_404_response(request, e)
@@ -131,6 +140,11 @@ def get_response(self, request):
finally:
receivers = signals.got_request_exception.send(sender=self.__class__, request=request)
except exceptions.PermissionDenied:
+ logger.warning('Forbidden (Permission denied): %s' % request.path,
+ extra={
+ 'status_code': 403,
+ 'request': request
+ })
return http.HttpResponseForbidden('<h1>Permission denied</h1>')
except SystemExit:
# Allow sys.exit() to actually exit. See tickets #1023 and #4701
@@ -155,7 +169,6 @@ def handle_uncaught_exception(self, request, resolver, exc_info):
available would be an error.
"""
from django.conf import settings
- from django.core.mail import mail_admins
if settings.DEBUG_PROPAGATE_EXCEPTIONS:
raise
@@ -164,26 +177,21 @@ def handle_uncaught_exception(self, request, resolver, exc_info):
from django.views import debug
return debug.technical_500_response(request, *exc_info)
- # When DEBUG is False, send an error message to the admins.
- subject = 'Error (%s IP): %s' % ((request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS and 'internal' or 'EXTERNAL'), request.path)
- try:
- request_repr = repr(request)
- except:
- request_repr = "Request repr() unavailable"
- message = "%s\n\n%s" % (self._get_traceback(exc_info), request_repr)
- mail_admins(subject, message, fail_silently=True)
+ logger.error('Internal Server Error: %s' % request.path,
+ exc_info=exc_info,
+ extra={
+ 'status_code': 500,
+ 'request':request
+ }
+ )
+
# If Http500 handler is not installed, re-raise last exception
if resolver.urlconf_module is None:
raise exc_info[1], None, exc_info[2]
# Return an HttpResponse that displays a friendly error message.
callback, param_dict = resolver.resolve500()
return callback(request, **param_dict)
- def _get_traceback(self, exc_info=None):
- "Helper function to return the traceback as a string"
- import traceback
- return '\n'.join(traceback.format_exception(*(exc_info or sys.exc_info())))
-
def apply_response_fixes(self, request, response):
"""
Applies each of the functions in self.response_fixes to the request and
@@ -1,5 +1,7 @@
+import logging
import os
from pprint import pformat
+import sys
from warnings import warn
from django import http
@@ -9,6 +11,9 @@
from django.utils import datastructures
from django.utils.encoding import force_unicode, smart_str, iri_to_uri
+logger = logging.getLogger('django.request')
+
+
# NOTE: do *not* import settings (or any module which eventually imports
# settings) until after ModPythonHandler has been called; otherwise os.environ
# won't be set up correctly (with respect to settings).
@@ -200,6 +205,13 @@ def __call__(self, req):
try:
request = self.request_class(req)
except UnicodeDecodeError:
+ logger.warning('Bad Request (UnicodeDecodeError): %s' % request.path,
+ exc_info=sys.exc_info(),
+ extra={
+ 'status_code': 400,
+ 'request': request
+ }
+ )
response = http.HttpResponseBadRequest()
else:
response = self.get_response(request)
@@ -1,5 +1,7 @@
-from threading import Lock
+import logging
from pprint import pformat
+import sys
+from threading import Lock
try:
from cStringIO import StringIO
except ImportError:
@@ -12,6 +14,9 @@
from django.utils import datastructures
from django.utils.encoding import force_unicode, iri_to_uri
+logger = logging.getLogger('django.request')
+
+
# See http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
STATUS_CODE_TEXT = {
100: 'CONTINUE',
@@ -236,6 +241,13 @@ def __call__(self, environ, start_response):
try:
request = self.request_class(environ)
except UnicodeDecodeError:
+ logger.warning('Bad Request (UnicodeDecodeError): %s' % request.path,
+ exc_info=sys.exc_info(),
+ extra={
+ 'status_code': 400,
+ 'request': request
+ }
+ )
response = http.HttpResponseBadRequest()
else:
response = self.get_response(request)
@@ -1,9 +1,12 @@
import datetime
import decimal
+import logging
from time import time
from django.utils.hashcompat import md5_constructor
+logger = logging.getLogger('django.db.backends')
+
class CursorDebugWrapper(object):
def __init__(self, cursor, db):
self.cursor = cursor
@@ -15,22 +18,30 @@ def execute(self, sql, params=()):
return self.cursor.execute(sql, params)
finally:
stop = time()
+ duration = stop - start
sql = self.db.ops.last_executed_query(self.cursor, sql, params)
self.db.queries.append({
'sql': sql,
- 'time': "%.3f" % (stop - start),
+ 'time': "%.3f" % duration,
})
+ logger.debug('(%.3f) %s; args=%s' % (duration, sql, params),
+ extra={'duration':duration, 'sql':sql, 'params':params}
+ )
def executemany(self, sql, param_list):
start = time()
try:
return self.cursor.executemany(sql, param_list)
finally:
stop = time()
+ duration = stop - start
self.db.queries.append({
'sql': '%s times: %s' % (len(param_list), sql),
- 'time': "%.3f" % (stop - start),
+ 'time': "%.3f" % duration,
})
+ logger.debug('(%.3f) %s; args=%s' % (duration, sql, param_list),
+ extra={'duration':duration, 'sql':sql, 'params':param_list}
+ )
def __getattr__(self, attr):
if attr in self.__dict__:
@@ -1,3 +1,4 @@
+import logging
import re
from django.conf import settings
@@ -7,6 +8,9 @@
from django.core import urlresolvers
from django.utils.hashcompat import md5_constructor
+logger = logging.getLogger('django.request')
+
+
class CommonMiddleware(object):
"""
"Common" middleware for taking care of some basic operations:
@@ -38,6 +42,12 @@ def process_request(self, request):
if 'HTTP_USER_AGENT' in request.META:
for user_agent_regex in settings.DISALLOWED_USER_AGENTS:
if user_agent_regex.search(request.META['HTTP_USER_AGENT']):
+ logger.warning('Forbidden (User agent): %s' % request.path,
+ extra={
+ 'status_code': 403,
+ 'request': request
+ }
+ )
return http.HttpResponseForbidden('<h1>Forbidden</h1>')
# Check for a redirect based on settings.APPEND_SLASH
@@ -6,6 +6,7 @@
"""
import itertools
+import logging
import re
import random
@@ -20,6 +21,8 @@
_HTML_TYPES = ('text/html', 'application/xhtml+xml')
+logger = logging.getLogger('django.request')
+
# Use the system (hardware-based) random number generator if it exists.
if hasattr(random, 'SystemRandom'):
randrange = random.SystemRandom().randrange
@@ -169,14 +172,26 @@ def accept():
# we can use strict Referer checking.
referer = request.META.get('HTTP_REFERER')
if referer is None:
+ logger.warning('Forbidden (%s): %s' % (REASON_NO_COOKIE, request.path),
+ extra={
+ 'status_code': 403,
+ 'request': request,
+ }
+ )
return reject(REASON_NO_REFERER)
# The following check ensures that the referer is HTTPS,
# the domains match and the ports match - the same origin policy.
good_referer = 'https://%s/' % request.get_host()
if not referer.startswith(good_referer):
- return reject(REASON_BAD_REFERER %
- (referer, good_referer))
+ reason = REASON_BAD_REFERER % (referer, good_referer)
+ logger.warning('Forbidden (%s): %s' % (reason, request.path),
+ extra={
+ 'status_code': 403,
+ 'request': request,
+ }
+ )
+ return reject(reason)
# If the user didn't already have a CSRF cookie, then fall back to
# the Django 1.1 method (hash of session ID), so a request is not
@@ -190,6 +205,12 @@ def accept():
# No CSRF cookie and no session cookie. For POST requests,
# we insist on a CSRF cookie, and in this way we can avoid
# all CSRF attacks, including login CSRF.
+ logger.warning('Forbidden (%s): %s' % (REASON_NO_COOKIE, request.path),
+ extra={
+ 'status_code': 403,
+ 'request': request,
+ }
+ )
return reject(REASON_NO_COOKIE)
else:
csrf_token = request.META["CSRF_COOKIE"]
@@ -199,8 +220,20 @@ def accept():
if request_csrf_token != csrf_token:
if cookie_is_new:
# probably a problem setting the CSRF cookie
+ logger.warning('Forbidden (%s): %s' % (REASON_NO_CSRF_COOKIE, request.path),
+ extra={
+ 'status_code': 403,
+ 'request': request,
+ }
+ )
return reject(REASON_NO_CSRF_COOKIE)
else:
+ logger.warning('Forbidden (%s): %s' % (REASON_BAD_TOKEN, request.path),
+ extra={
+ 'status_code': 403,
+ 'request': request,
+ }
+ )
return reject(REASON_BAD_TOKEN)
return accept()
Oops, something went wrong.

0 comments on commit 24acca4

Please sign in to comment.