logging implemented

Author: Kuzma02

server/app.js

@@ -13,6 +13,14 @@ const orderProductRouter = require('./routes/customer_order_product');
 const wishlistRouter = require('./routes/wishlist');
 var cors = require("cors");
 
+// Import logging middleware
+const { 
+  addRequestId, 
+  requestLogger, 
+  errorLogger, 
+  securityLogger 
+} = require('./middleware/requestLogger');
+
 // Import rate limiting middleware
 const {
   generalLimiter,
@@ -33,6 +41,21 @@ const {
 
 const app = express();
 
+// Trust proxy for accurate IP addresses
+app.set('trust proxy', 1);
+
+// Add request ID to all requests
+app.use(addRequestId);
+
+// Security logging (check for suspicious patterns)
+app.use(securityLogger);
+
+// Standard request logging
+app.use(requestLogger);
+
+// Error logging (only logs 4xx and 5xx responses)
+app.use(errorLogger);
+
 const allowedOrigins = [
   'http://localhost:3000',
   'http://localhost:3001',
@@ -104,7 +127,8 @@ app.get('/health', (req, res) => {
   res.status(200).json({ 
     status: 'OK', 
     timestamp: new Date().toISOString(),
-    rateLimiting: 'enabled'
+    rateLimiting: 'enabled',
+    requestId: req.reqId
   });
 });
 
@@ -118,12 +142,31 @@ app.get('/rate-limit-info', (req, res) => {
     search: '30 searches per minute',
     orders: '15 order operations per 15 minutes',
     wishlist: '20 operations per 5 minutes',
-    products: '60 requests per minute'
+    products: '60 requests per minute',
+    requestId: req.reqId
+  });
+});
+
+// 404 handler
+app.use('*', (req, res) => {
+  res.status(404).json({
+    error: 'Route not found',
+    requestId: req.reqId
+  });
+});
+
+// Global error handler
+app.use((err, req, res, next) => {
+  console.error('Error:', err.message);
+  res.status(500).json({
+    error: 'Internal server error',
+    requestId: req.reqId
   });
 });
 
 const PORT = process.env.PORT || 3001;
 app.listen(PORT, () => {
   console.log(`Server running on port ${PORT}`);
-  console.log('Rate limiting enabled for all endpoints');
+  console.log('Rate limiting and request logging enabled for all endpoints');
+  console.log('Logs are being written to server/logs/ directory');
 });

server/logs/access.log

@@ -0,0 +1,92 @@
+const morgan = require('morgan');
+const fs = require('fs');
+const path = require('path');
+
+// Create logs directory if it doesn't exist
+const logsDir = path.join(__dirname, '..', 'logs');
+if (!fs.existsSync(logsDir)) {
+  fs.mkdirSync(logsDir, { recursive: true });
+  console.log('Created logs directory:', logsDir);
+}
+
+// Custom format for logging
+morgan.token('reqId', (req) => req.reqId || 'unknown');
+morgan.token('userId', (req) => req.user?.id || 'anonymous');
+
+// Create a simple log format
+const logFormat = ':remote-addr - :remote-user [:date[clf]] ":method :url HTTP/:http-version" :status :res[content-length] ":referrer" ":user-agent" reqId=:reqId userId=:userId';
+
+// Create write stream for combined logs
+const accessLogStream = fs.createWriteStream(
+  path.join(logsDir, 'access.log'), 
+  { flags: 'a' }
+);
+
+// Create write stream for error logs
+const errorLogStream = fs.createWriteStream(
+  path.join(logsDir, 'error.log'), 
+  { flags: 'a' }
+);
+
+// Middleware to add request ID
+const addRequestId = (req, res, next) => {
+  req.reqId = require('nanoid').nanoid(8);
+  res.setHeader('X-Request-ID', req.reqId);
+  next();
+};
+
+// Standard request logger
+const requestLogger = morgan(logFormat, {
+  stream: accessLogStream,
+  skip: (req, res) => req.url === '/health' // Skip health checks
+});
+
+// Error logger (only logs 4xx and 5xx responses)
+const errorLogger = morgan(logFormat, {
+  stream: errorLogStream,
+  skip: (req, res) => res.statusCode < 400
+});
+
+// Security logger for suspicious activity
+const securityLogger = (req, res, next) => {
+  // Log suspicious patterns
+  const suspiciousPatterns = [
+    /script.*alert/i,
+    /union.*select/i,
+    /drop.*table/i,
+    /<script/i,
+    /javascript:/i
+  ];
+  
+  const url = req.url.toLowerCase();
+  const userAgent = (req.get('User-Agent') || '').toLowerCase();
+  
+  for (const pattern of suspiciousPatterns) {
+    if (pattern.test(url) || pattern.test(userAgent)) {
+      const logEntry = {
+        timestamp: new Date().toISOString(),
+        type: 'SECURITY_ALERT',
+        ip: req.ip || req.connection.remoteAddress,
+        method: req.method,
+        url: req.url,
+        userAgent: req.get('User-Agent'),
+        reqId: req.reqId,
+        pattern: pattern.source
+      };
+      
+      fs.appendFileSync(
+        path.join(logsDir, 'security.log'), 
+        JSON.stringify(logEntry) + '\n'
+      );
+    }
+  }
+  
+  next();
+};
+
+module.exports = {
+  addRequestId,
+  requestLogger,
+  errorLogger,
+  securityLogger
+};

server/logs/error.log

@@ -4,7 +4,13 @@
   "description": "",
   "main": "index.js",
   "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1"
+    "test": "echo \"Error: no test specified\" && exit 1",
+    "start": "node app.js",
+    "logs": "node view-logs.js",
+    "logs:access": "node view-logs.js access",
+    "logs:error": "node view-logs.js error",
+    "logs:security": "node view-logs.js security",
+    "logs:analyze": "node view-logs.js analyze"
   },
   "keywords": [],
   "author": "",
@@ -15,6 +21,7 @@
     "bcryptjs": "^2.4.3",
     "cors": "^2.8.5",
     "express": "^4.18.3",
+    "morgan": "^1.10.0",
     "mysql": "^2.18.1",
     "nanoid": "^5.0.6",
     "prisma": "^5.12.1"

server/middleware/requestLogger.js

@@ -0,0 +1,27 @@
+const http = require('http');
+
+console.log('Testing logging system...\n');
+
+// Test health endpoint
+http.get('http://localhost:3001/health', (res) => {
+  console.log('✓ Health check completed');
+});
+
+// Test products endpoint
+http.get('http://localhost:3001/api/products', (res) => {
+  console.log('✓ Products endpoint completed');
+});
+
+// Test 404 endpoint
+http.get('http://localhost:3001/nonexistent', (res) => {
+  console.log('✓ 404 test completed');
+});
+
+// Test suspicious request
+http.get('http://localhost:3001/api/products?q=<script>alert("xss")</script>', (res) => {
+  console.log('✓ Security test completed');
+});
+
+setTimeout(() => {
+  console.log('\nTest completed. Check logs with: npm run logs');
+}, 2000);