From ce7ea9b6e8d8321015560566b6e538c300b8496c Mon Sep 17 00:00:00 2001
From: Ryan Barrett <git@ryanb.org>
Date: Wed, 22 Jan 2025 21:35:19 -0800
Subject: [PATCH] standardize request param logging into common.log_request()

truncates values at 1k chars each
---
 common.py   |  9 ++++++++-
 protocol.py |  6 +++---
 web.py      | 10 +++++-----
 3 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/common.py b/common.py
index f81940cd..b4413821 100644
--- a/common.py
+++ b/common.py
@@ -446,7 +446,6 @@ NDB_CONTEXT_KWARGS = {
 }
 
 
-
 def as2_request_type():
     """If this request has conneg (ie the ``Accept`` header) for AS2, returns its type.
 
@@ -472,3 +471,11 @@ def as2_request_type():
             elif accept_type in (as2.CONTENT_TYPE_LD, as2.CONTENT_TYPE_LD_PROFILE):
                 return as2.CONTENT_TYPE_LD_PROFILE
             logger.debug(f'Conneg resolved {accept_type} for Accept: {accept}')
+
+
+def log_request():
+    """Logs GET query params and POST form.
+
+    Limits each value to 1000 chars."""
+    logger.info(f'Params:\n' + '\n'.join(
+        f'{k} = {v[:1000]}' for k, v in request.values.items()))
diff --git a/protocol.py b/protocol.py
index b77dce89..39f7c3c7 100644
--- a/protocol.py
+++ b/protocol.py
@@ -1732,8 +1732,8 @@ def receive_task():
     ``changed``, HTTP request details, etc. See stash for attempt at this for
     :class:`web.Web`.
     """
+    common.log_request()
     form = request.form.to_dict()
-    logger.info(f'Params:\n' + '\n'.join(f'{k} = {v[:100]}' for k, v in form.items()))
 
     authed_as = form.pop('authed_as', None)
     internal = (authed_as == common.PRIMARY_DOMAIN
@@ -1776,10 +1776,10 @@ def send_task():
       *: If ``obj_id`` is unset, all other parameters are properties for a new
         :class:`models.Object` to handle
     """
-    form = request.form.to_dict()
-    logger.info(f'Params: {list(form.items())}')
+    common.log_request()
 
     # prepare
+    form = request.form.to_dict()
     url = form.get('url')
     protocol = form.get('protocol')
     if not url or not protocol:
diff --git a/web.py b/web.py
index 57cb3b6f..b66a45ae 100644
--- a/web.py
+++ b/web.py
@@ -688,8 +688,7 @@ def enter_web_site():
 
 @app.post('/web-site')
 def check_web_site():
-    logger.info(f'Params: {list(request.form.items())}')
-
+    common.log_request()
     url = request.values['url']
 
     # this normalizes and lower cases domain
@@ -739,7 +738,7 @@ def webmention_external():
     Use a task queue to deliver to followers because we send to each inbox in
     serial, which can take a long time with many followers/instances.
     """
-    logger.info(f'Params: {list(request.form.items())}')
+    common.log_request()
 
     source = flask_util.get_required_param('source').strip()
     if Web.owns_id(source) is False:
@@ -869,7 +868,8 @@ def poll_feed_task():
       ``last_polled`` (str): should match the user's ``last_polled_feed``. Used
         to detect duplicate poll tasks for the same user.
     """
-    logger.info(f'Params: {request.values}')
+    common.log_request()
+
     domain = flask_util.get_required_param('domain')
     logger.info(f'Polling feed for {domain}')
 
@@ -950,7 +950,7 @@ def webmention_task():
     Params:
       ``source`` (str): URL
     """
-    logger.info(f'Params: {list(request.form.items())}')
+    common.log_request()
 
     # load user
     source = flask_util.get_required_param('source').strip()