Add ApiRequestLog observability stack and migrate User to UUID PK#223
Merged
Conversation
Backports the request-logging middleware, admin observability dashboards, and generic User improvements (UUID PK, name column) from the plantao backend, leaving plantao-specific business code (medical_shifts, locations, chat_messages, domain_events, app_versions, doctor/accountant roles, Firebase) behind. Existing boilerplate features (GraphQL, Chewy, Schools, HandleFile, demo_pack, oauth pack) are untouched. - Migrations: enable pgcrypto, convert users.id and devise_api_tokens to uuid, change versions.item_id to string for PaperTrail, add name to users, create api_request_logs (+ deleted_at, response_code). - Model: ApiRequestLog with summary helper; User gains has_many :api_request_logs. - Middleware: ApiRequestLoggerMiddleware records every /api/* request to api_request_logs and resolves the user via the Bearer token. - Admin: ApiRequestLog Administrate dashboard plus six dashboards (daily_overview, requests_dashboard, request_logs_by_payload, api_error_logs, user_analytics, user_lookup) under /admin, with the navigation partial wiring them up. Dashboards that originally referenced removed plantao entities have been adapted to track only User and ApiRequestLog data. - Routes: new admin resources for the seven dashboards above. - Specs: factory + middleware spec + six request specs (≥99 examples, 0 failures), all matching boilerplate's stricter RuboCop config. - CLAUDE.md: short note on the new middleware + dashboards. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
3 tasks
edimossilva
added a commit
that referenced
this pull request
May 7, 2026
* Fix UserDashboard id field type after UUID migration UserDashboard declared id: Field::Number, which calls Float() on the value. After the users.id migration to uuid in #223, visiting /admin raised "invalid value for Float(): \"<uuid>\"" before any rows could render. Switching to Field::String (matching ApiRequestLogDashboard) lets Administrate render the UUID as plain text. Verified end-to-end: GET /admin and every dashboard introduced in #223 (/admin/users, /admin/api_request_logs, /admin/daily_overview, /admin/requests_dashboard, /admin/api_error_logs, /admin/user_analytics, /admin/user_lookup, /admin/request_logs_by_payload) return 200. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Redirect admins to /admin after sign in Override after_sign_in_path_for in ApplicationController so that a User with admin? lands on admin_root_path. Non-admin users continue to use Devise's default (stored_location_for or root_path via super). Verified manually: signing in as admin@email.com returns 303 to http://localhost:3002/admin. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Backports the request-logging middleware, admin observability dashboards, and generic User improvements (UUID PK,
namecolumn) from the plantao backend into this boilerplate. Plantao-specific business code (medical_shifts, locations, chat_messages, domain_events, app_versions, doctor/accountant roles, Firebase auth, paying flag, mobile_platform, etc.) is intentionally not brought over. Existing boilerplate features (GraphQL, Chewy, Schools, HandleFile, demo_pack, oauth pack) are untouched.What's added
pgcrypto, convertusers.idanddevise_api_tokensto UUID, changeversions.item_idto string for PaperTrail compatibility with UUID records, addnameto users, createapi_request_logs(withdeleted_at+response_code).ApiRequestLogmodel withsummaryhelper;Usergainshas_many :api_request_logs.ApiRequestLoggerMiddlewarerecords every/api/*request toapi_request_logsand resolves the user via the Bearer access token./admin— Administrate CRUD for ApiRequestLog plus six custom dashboards: Daily Overview, Requests Dashboard, Non-2xx API Logs, User Analytics, User Lookup, Request Logs by Payload. Dashboards that originally referenced removed plantao entities have been adapted to track only User and ApiRequestLog data.adminresources for the seven dashboards above.Heads-up: UUID migration is destructive
Migrating
usersfrom bigint to UUID truncatesdevise_api_tokens(existing tokens become invalid) andversions(PaperTrail history is cleared). Any deployment with real data on a fork of this branch will need a coordinated re-auth + acceptance of the lost audit trail.Test plan
bin/rails db:drop db:create db:migrateruns cleanly;db/schema.rbshowsusers.id,devise_api_tokens.id+resource_owner_id,versions.idas UUID andversions.item_idas string.bundle exec bin/rspec -P './*/**/*_spec.rb'passes without any new regressions.bundle exec rubocopreports no new offenses.POST /api/v1/users, sign in viaPOST /api/v1/tokens, hitGET /api/v1/userswith the bearer token, and confirm a corresponding row appears inapi_request_logs./adminasadmin@email.com / password(afterbin/rails db:seed) and click through every nav entry — each dashboard should render without errors./api/v1/userswithout a token and verify the resulting 401 shows up under/admin/api_error_logs.🤖 Generated with Claude Code