"""Middleware HTTP: request_id per cerere. Fiecare raspuns primeste un header `X-Request-ID` (generat daca clientul nu trimite unul). Pe durata cererii, id-ul e disponibil prin `observ.request_id_var` (contextvar) in handlerul de erori si in `log_event` — fara a polua semnaturile. Format opac, fara PII: `secrets.token_hex(8)` (16 hex). Daca clientul trimite un `X-Request-ID`, il pastram (corelare end-to-end), dar il scurtam defensiv (max 64). """ from __future__ import annotations import secrets from starlette.middleware.base import BaseHTTPMiddleware from starlette.requests import Request from ..observ import request_id_var class RequestIDMiddleware(BaseHTTPMiddleware): async def dispatch(self, request: Request, call_next): incoming = request.headers.get("X-Request-ID") request_id = (incoming.strip()[:64] if incoming and incoming.strip() else secrets.token_hex(8)) token = request_id_var.set(request_id) # Expune si pe request.state pentru handlerele care prefera accesul explicit. request.state.request_id = request_id try: response = await call_next(request) finally: request_id_var.reset(token) response.headers["X-Request-ID"] = request_id return response