feat(5.6): observabilitate + jurnal aplicatie + lifecycle trimiteri blocate
Implementeaza PRD 5.6 complet (14 stories, TDD). Doua axe:
Lifecycle trimiteri blocate (Val A):
- submissions_admin.py: sterge/repune scoped (404 cross-account inaintea lui 409 stare)
- reactivare dedup peste `error` cu CAS (WHERE id=? AND status='error'), creds noi in
submissions + accounts.rar_creds_enc; worker invalideaza sesiunea RAR la creds proaspete
(JWT 30h vechi nu mai trimite cu parola gresita); camp aditiv `reactivated:true`
- retentie randuri blocate 30z; purge_expired exclude queued/sending; purge_after curatat
la reactivare/requeue
- API DELETE /v1/prezentari/{id} + /repune (200+JSON); UI butoane + bulk + banner actionabil
Observabilitate:
- app/observ.py log_event: dublu canal app_events (DB) + RotatingFileHandler per-proces,
redactare creds/PII la scriere (redact_pii/vin_partial)
- request_id middleware + X-Request-ID pe toate raspunsurile
- handler global excepții -> 500 envelope 6-chei + request_id (traceback doar in jurnal)
- audit cerere API (api_prezentari/api_auth_esuat) + audit worker (rar_login/tranzitii)
- tab "Jurnal" filtrabil scoped (non-admin doar contul sau); retentie jurnal 90z
- rar_error expus in GET /v1/prezentari/{id} (recovery observabil)
pytest -q: 741 passed, 0 failed. Docs: PRD raport VERIFY, contract endpointuri noi, ROADMAP.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -148,7 +148,10 @@ def test_fara_cheie_flag_off_vede_contul_1(env):
|
||||
|
||||
def test_detaliu_nu_expune_creds(env):
|
||||
"""B4: GET /v1/prezentari/{id} nu expune campuri sensibile (rar_creds_enc, payload_json,
|
||||
idempotency_key, rar_error).
|
||||
idempotency_key).
|
||||
|
||||
NOTA T9 (PRD 5.6): `rar_error` e ACUM expus intentionat (recovery API observabil) —
|
||||
contine doar coduri/mesaje de validare RAR, niciodata creds.
|
||||
"""
|
||||
with _client() as c:
|
||||
from app.auth import create_api_key
|
||||
@@ -165,5 +168,5 @@ def test_detaliu_nu_expune_creds(env):
|
||||
resp = c.get(f"/v1/prezentari/{sid}", headers={"X-API-Key": k1})
|
||||
assert resp.status_code == 200
|
||||
data = resp.json()
|
||||
for field in ("rar_creds_enc", "payload_json", "idempotency_key", "rar_error"):
|
||||
for field in ("rar_creds_enc", "payload_json", "idempotency_key"):
|
||||
assert field not in data, f"camp sensibil expus: {field}"
|
||||
|
||||
Reference in New Issue
Block a user