only restart issue and logout issue debugging added

2025-12-15 07:14:06 +00:00
parent 9ec87ed932
commit 68942410ae
8 changed files with 317 additions and 2 deletions
--- a/backend/igny8_core/auth/middleware.py
+++ b/backend/igny8_core/auth/middleware.py
@@ -2,11 +2,14 @@
 Multi-Account Middleware
 Extracts account from JWT token and injects into request context
 """
+import logging
 from django.utils.deprecation import MiddlewareMixin
 from django.http import JsonResponse
 from django.contrib.auth import logout
 from rest_framework import status

+logger = logging.getLogger('auth.middleware')
+
 try:
    import jwt
    JWT_AVAILABLE = True
@@ -54,6 +57,11 @@ class AccountContextMiddleware(MiddlewareMixin):
                    stored_user_id = request.session.get('_user_id')
                    if stored_account_id and stored_account_id != request.account.id:
                        # Session contamination detected - force logout
+                        logger.warning(
+                            f"[AUTO-LOGOUT] Session contamination: account_id mismatch. "
+                            f"Session={stored_account_id}, Current={request.account.id}, "
+                            f"User={request.user.id}, Path={request.path}, IP={request.META.get('REMOTE_ADDR')}"
+                        )
                        logout(request)
                        return JsonResponse(
                            {'success': False, 'error': 'Session integrity violation detected. Please login again.'},
@@ -61,6 +69,12 @@ class AccountContextMiddleware(MiddlewareMixin):
                        )
                    if stored_user_id and stored_user_id != request.user.id:
                        # Session contamination detected - force logout
+                        logger.warning(
+                            f"[AUTO-LOGOUT] Session contamination: user_id mismatch. "
+                            f"Session={stored_user_id}, Current={request.user.id}, "
+                            f"Account={request.account.id if request.account else None}, "
+                            f"Path={request.path}, IP={request.META.get('REMOTE_ADDR')}"
+                        )
                        logout(request)
                        return JsonResponse(
                            {'success': False, 'error': 'Session integrity violation detected. Please login again.'},
@@ -173,9 +187,14 @@ class AccountContextMiddleware(MiddlewareMixin):
        """Logout session users (if any) and return a consistent JSON error."""
        try:
            if hasattr(request, 'user') and request.user and request.user.is_authenticated:
+                logger.warning(
+                    f"[AUTO-LOGOUT] Account/plan validation failed: {error}. "
+                    f"User={request.user.id}, Account={getattr(request, 'account', None)}, "
+                    f"Path={request.path}, IP={request.META.get('REMOTE_ADDR')}"
+                )
                logout(request)
-        except Exception:
-            pass
+        except Exception as e:
+            logger.error(f"[AUTO-LOGOUT] Error during logout: {e}")
        
        return JsonResponse(
            {
--- a/backend/igny8_core/settings.py
+++ b/backend/igny8_core/settings.py
@@ -604,6 +604,16 @@ LOGGING = {
            'level': 'INFO',
            'propagate': False,
        },
+        'auth.middleware': {
+            'handlers': ['console'],
+            'level': 'INFO',
+            'propagate': False,
+        },
+        'container.lifecycle': {
+            'handlers': ['console'],
+            'level': 'INFO',
+            'propagate': False,
+        },
    },
 }