MPP-4012 - feat(glean): log API access as Glean server event

groovecoder · groovecoder · commit e14c6c3cb2d2 · 2025-04-11T17:13:20.000-05:00
Introduce a new `api.accessed` Glean event to capture accesses to Relay API
endpoints. This includes the HTTP method and endpoint path, and logs events
for all `/api/` prefixed routes via a new middleware component.

- Added `record_api_accessed()` to `EventsServerEventLogger`
- Extended `RelayGleanLogger` with `log_api_accessed()` for easier integration
- Registered `GleanApiAccessMiddleware` to log access for all API routes
- Added corresponding unit test for API access logging
- Updated `relay-server-metrics.yaml` to define the `api.accessed` metric
- Updated notification email for several existing metrics to use relay-team@mozilla.com
diff --git a/privaterelay/glean/server_events.py b/privaterelay/glean/server_events.py
@@ -90,6 +90,37 @@ def emit_record(self, now: datetime, ping: dict[str, Any]) -> None:
 
         print(ping_envelope_serialized)
 
+    def record_api_accessed(
+        self,
+        user_agent: str,
+        ip_address: str,
+        endpoint: str,
+        method: str,
+        fxa_id: str,
+    ) -> None:
+        """
+        Record and submit a api_accessed event:
+        An API endpoint was accessed.
+        Event is logged to STDOUT via `print`.
+
+        :param str user_agent: The user agent.
+        :param str ip_address: The IP address. Will be used to decode Geo information
+            and scrubbed at ingestion.
+        :param str endpoint: The name of the endpoint accessed
+        :param str method: HTTP method used
+        :param str fxa_id: Mozilla accounts user ID
+        """
+        event = {
+            "category": "api",
+            "name": "accessed",
+            "extra": {
+                "endpoint": str(endpoint),
+                "method": str(method),
+                "fxa_id": str(fxa_id),
+            },
+        }
+        self._record(user_agent, ip_address, event)
+
     def record_email_blocked(
         self,
         user_agent: str,
diff --git a/privaterelay/glean_interface.py b/privaterelay/glean_interface.py
@@ -298,3 +298,17 @@ def log_email_blocked(
             is_reply=is_reply,
             reason=reason,
         )
+
+    def log_api_accessed(self, request: HttpRequest) -> None:
+        """Log that any Relay API endpoint was accessed."""
+        if not request.user or not request.user.is_authenticated:
+            return
+        request_data = RequestData.from_request(request)
+        user_data = UserData.from_user(request.user)
+        self.record_api_accessed(
+            user_agent=_opt_str_to_glean(request_data.user_agent),
+            ip_address=_opt_str_to_glean(request_data.ip_address),
+            endpoint=request.path,
+            method=_opt_str_to_glean(request.method),
+            fxa_id=_opt_str_to_glean(user_data.fxa_id),
+        )
diff --git a/privaterelay/middleware.py b/privaterelay/middleware.py
@@ -13,6 +13,8 @@
 from csp.middleware import CSPMiddleware
 from whitenoise.middleware import WhiteNoiseMiddleware
 
+from privaterelay.utils import glean_logger
+
 metrics = markus.get_metrics()
 
 
@@ -197,3 +199,13 @@ def is_staticfile(self, path_info: str) -> bool:
         else:
             static_file = self.files.get(path_info)
         return static_file is not None
+
+
+class GleanApiAccessMiddleware:
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
+        if request.path.startswith("/api/"):
+            glean_logger().log_api_accessed(request)
+        return self.get_response(request)
diff --git a/privaterelay/settings.py b/privaterelay/settings.py
@@ -395,6 +395,7 @@
     "waffle.middleware.WaffleMiddleware",
     "privaterelay.middleware.AddDetectedCountryToRequestAndResponseHeaders",
     "privaterelay.middleware.StoreFirstVisit",
+    "privaterelay.middleware.GleanApiAccessMiddleware",
 ]
 
 ROOT_URLCONF = "privaterelay.urls"
diff --git a/privaterelay/tests/glean_tests.py b/privaterelay/tests/glean_tests.py
@@ -552,3 +552,33 @@ def test_log_email_blocked_with_opt_out(
 
     # Check the one glean-server-event log
     assert len(caplog.records) == 0
+
+
+@pytest.mark.django_db
+def test_log_api_accessed(
+    glean_logger: RelayGleanLogger,
+    caplog: pytest.LogCaptureFixture,
+    rf: RequestFactory,
+) -> None:
+    """Check that log_api_accessed emits a Glean server-side log."""
+    user_agent = "RelayBot/0.9"
+    path = "/api/v1/profiles/"
+    request = rf.get(path, HTTP_USER_AGENT=user_agent)
+    user = make_free_test_user()
+    request.user = user
+
+    glean_logger.log_api_accessed(request)
+
+    # Check the one glean-server-event log
+    assert len(caplog.records) == 1
+    record = caplog.records[0]
+    assert_glean_record(record, user_agent=user_agent)
+
+    # Check payload structure
+    payload = json.loads(getattr(record, "payload"))
+    payload_event = payload["events"][0]
+    assert payload_event["category"] == "api"
+    assert payload_event["name"] == "accessed"
+    assert payload_event["extra"]["endpoint"] == path
+    assert payload_event["extra"]["method"] == "GET"
+    assert payload_event["extra"]["fxa_id"] == user.profile.metrics_fxa_id
diff --git a/privaterelay/tests/utils.py b/privaterelay/tests/utils.py
@@ -24,12 +24,13 @@ def make_free_test_user(email: str = "") -> User:
         user = baker.make(User)
     user.profile.server_storage = True
     user.profile.save()
+    uid = str(uuid4())
     baker.make(
         SocialAccount,
         user=user,
-        uid=str(uuid4()),
+        uid=uid,
         provider="fxa",
-        extra_data={"avatar": "avatar.png"},
+        extra_data={"avatar": "avatar.png", "uid": uid},
     )
     return user
 
@@ -48,12 +49,17 @@ def upgrade_test_user_to_premium(user: User) -> None:
     """Create an FxA SocialAccount with an unlimited email masks plan."""
     if SocialAccount.objects.filter(user=user).exists():
         raise Exception("upgrade_test_user_to_premium does not (yet) handle this.")
+    uid = str(uuid4())
     baker.make(
         SocialAccount,
         user=user,
-        uid=str(uuid4()),
+        uid=uid,
         provider="fxa",
-        extra_data={"avatar": "avatar.png", "subscriptions": [premium_subscription()]},
+        extra_data={
+            "avatar": "avatar.png",
+            "subscriptions": [premium_subscription()],
+            "uid": uid,
+        },
     )
 
 
@@ -205,13 +211,20 @@ def get_glean_event(
     caplog: pytest.LogCaptureFixture | _LoggingWatcher,
     category: str | None = None,
     name: str | None = None,
+    exclude_api_access: bool = True,
 ) -> dict[str, Any] | None:
     """Return the event payload from a Glean server event log."""
     for record in caplog.records:
         if record.name == "glean-server-event":
             assert hasattr(record, "payload")
             event = json.loads(record.payload)["events"][0]
             assert isinstance(event, dict)
+            if (
+                exclude_api_access
+                and event["category"] == "api"
+                and event["name"] == "accessed"
+            ):
+                continue
             if (not category or event["category"] == category) and (
                 not name or event["name"] == name
             ):
diff --git a/telemetry/glean/relay-server-metrics.yaml b/telemetry/glean/relay-server-metrics.yaml
@@ -22,7 +22,7 @@ email_mask:
     data_reviews:
       - https://bugzilla.mozilla.org/show_bug.cgi?id=1882565
     notification_emails:
-      - jwhitlock@mozilla.com
+      - relay-team@mozilla.com
     data_sensitivity:
       - interaction
     extra_keys: &default_mask_extra_keys
@@ -72,7 +72,7 @@ email_mask:
     data_reviews:
       - https://bugzilla.mozilla.org/show_bug.cgi?id=1882565
     notification_emails:
-      - jwhitlock@mozilla.com
+      - relay-team@mozilla.com
     data_sensitivity:
       - interaction
     extra_keys:
@@ -93,7 +93,7 @@ email_mask:
     data_reviews:
       - https://bugzilla.mozilla.org/show_bug.cgi?id=1882565
     notification_emails:
-      - jwhitlock@mozilla.com
+      - relay-team@mozilla.com
     data_sensitivity:
       - interaction
     extra_keys: *default_mask_extra_keys
@@ -109,7 +109,7 @@ email:
     data_reviews:
       - https://bugzilla.mozilla.org/show_bug.cgi?id=1882565
     notification_emails:
-      - jwhitlock@mozilla.com
+      - relay-team@mozilla.com
     data_sensitivity:
       - interaction
     extra_keys: &default_email_extra_keys
@@ -127,11 +127,35 @@ email:
     data_reviews:
       - https://bugzilla.mozilla.org/show_bug.cgi?id=1882565
     notification_emails:
-      - jwhitlock@mozilla.com
+      - relay-team@mozilla.com
     data_sensitivity:
       - interaction
     extra_keys:
       <<: *default_email_extra_keys
       reason:
         description: Code describing why the email was blocked
         type: string
+
+api:
+  accessed:
+    type: event
+    description: An API endpoint was accessed.
+    expires: never
+    data_reviews:
+      - https://example.com/data-review
+    notification_emails:
+      - relay-team@mozilla.com
+    data_sensitivity:
+      - interaction
+    bugs:
+      - https://mozilla-hub.atlassian.net/browse/MPP-4012
+    extra_keys:
+      endpoint:
+        description: The name of the endpoint accessed
+        type: string
+      method:
+        description: HTTP method used
+        type: string
+      fxa_id:
+        description: Mozilla accounts user ID
+        type: string

Original file line number	Diff line number	Diff line change
`@@ -395,6 +395,7 @@`
`395`	`395`	`"waffle.middleware.WaffleMiddleware",`
`396`	`396`	`"privaterelay.middleware.AddDetectedCountryToRequestAndResponseHeaders",`
`397`	`397`	`"privaterelay.middleware.StoreFirstVisit",`
	`398`	`+ "privaterelay.middleware.GleanApiAccessMiddleware",`
`398`	`399`	`]`
`399`	`400`
`400`	`401`	`ROOT_URLCONF = "privaterelay.urls"`