Skip to content

feat: logging#9

Merged
RagingRedRiot merged 1 commit into
mainfrom
feat/logging
Jun 3, 2026
Merged

feat: logging#9
RagingRedRiot merged 1 commit into
mainfrom
feat/logging

Conversation

@RagingRedRiot

Copy link
Copy Markdown
Owner

What

Adds structured logging across the server with tracing, filling in all ~148 logging TODOs and replacing the stray println!s. This completes the server-side half of the generic-error design: the client still receives a generic event while the discarded error becomes the log payload.

Conventions

src/logging.rs is the single source of truth (levels, targets, fields, redaction, retention).

  • Levels: server faults → error!; security denials & failed logins → warn!; lifecycle, admin actions & reaper summaries → info!; client-caused noise (bad JSON, undersized frames) → debug!.
  • Client-input constraint violations (duplicate username/room name, empty content, malformed attachment, empty emoji) → warn!, not error!.
  • Audit stream: a dedicated relay::audit target for security events — authn outcomes, authz / owner-gated denials, and admin actions (promote/demote/delete/reset, account & room creation, ownership grants, invites, server control). Routable separately, e.g. RUST_LOG=relay::audit=info.
  • Correlation: a per-connection conn span carries who and, after auth, user_id, so dispatch-side events are attributable. Actors run as separate tasks and carry the relevant ids explicitly.
  • Never log secrets: Password/PasswordHash already redact in Debug.

Config & output

  • New Config.log_level (RUST_LOG still takes precedence) and Config.log_format (pretty | json | journald); main.rs builds the subscriber accordingly.
  • Native systemd journald via tracing-journald (proper PRIORITY and indexed fields), falling back to stdout when there's no journal socket.

Notable behavior changes

  • AuthResult gains an Error variant so a server-side auth fault is no longer audited as a "login failed".
  • Account-creation audit is centralized in the user actor, covering both the open-signup and authenticated-creation paths.
  • gate_room's Ok(None) | Err(_) arms are split so a real DB fault logs at error! while an existence-hidden "no room" stays debug!.
  • reap() logs a per-run summary with per-table delete counts.

Retention

Logs go to stdout/journald, never the database, so they are not subject to the reaper; retention is a platform concern (documented in src/logging.rs).

Testing

  • 174 integration tests pass, 0 failures.
  • cargo clippy and cargo fmt --check clean.

Fill in all ~148 logging TODOs and the stray println!s with `tracing`, completing the server-side half of the generic-error design: the client still gets a generic event while the discarded error becomes the log payload.

Conventions (src/logging.rs is the single source of truth):
- Levels: server faults -> error!; security denials & failed logins -> warn!; lifecycle, admin actions & reaper summaries -> info!; client-caused noise (bad JSON, undersized frames) -> debug!.
- Client-input constraint violations (duplicate username/room name, empty content, malformed attachment, empty emoji) -> warn!, not error!.
- Dedicated `relay::audit` target for security events: authn outcomes, authz/owner-gated denials, admin actions (promote/demote/delete/reset, account/room creation, ownership, invites, server control).
- Per-connection span ("conn") carrying `who` and, post-auth, `user_id`, so dispatch-side events are attributable; actors run as separate tasks and carry the relevant ids explicitly.
- Never log secrets: Password/PasswordHash already redact in Debug.

Config & output:
- Add Config.log_level (RUST_LOG still wins) and Config.log_format (pretty | json | journald); main.rs builds the subscriber accordingly.
- Native systemd journald via tracing-journald (proper PRIORITY + indexed fields), falling back to stdout when no journal socket.

Other changes:
- AuthResult gains an Error variant so a server-side auth fault is no longer audited as a "login failed".
- Account-creation audit is centralized in the user actor (covers both the open-signup and authenticated paths).
- gate_room's `Ok(None) | Err(_)` arms are split so a real DB fault logs at error! while an existence-hidden "no room" stays debug!.
- reap() logs a per-run summary with per-table delete counts.

Logs go to stdout/journald, never the DB, so they are not subject to the reaper; retention is a platform concern (see src/logging.rs).

Tests: 174 pass, 0 failures; clippy + fmt clean.
@RagingRedRiot RagingRedRiot merged commit e17eb3a into main Jun 3, 2026
4 checks passed
@RagingRedRiot RagingRedRiot deleted the feat/logging branch June 3, 2026 01:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant