Qaxal sGTM Platform

Appearance

digital-identity-platform-docs

digital-identity-platform-docs / workers/logs-api/worker

workers/logs-api/worker

Cloudflare Worker serving the Logs API for the platform.

Role in the platform

  • Query Layer: Bridges the frontend/dashboard to the raw data sitting in Analytics Engine (AE) and R2.
  • Security Gate: Verifies Supabase Auth JWTs and enforces container membership checks.
  • Optimization: Uses efficient cursor-based pagination and R2 batch indexing.

Endpoints & Architecture

1. List View (/api/logs/list)

Queries Cloudflare Analytics Engine (SQL) for metadata and indexes.

  • Flow:
    1. Auth: Verifies JWT and checks userHasClientAccess (or Superadmin).
    2. Parallel Query: Runs 3 SQL queries concurrently:
      • listSql: The requested page of logs (LIMIT N).
      • countSql: Exact count of matches for the filter.
      • totalSql: Total volume in time window (ignoring filters).
    3. Format: Returns rows containing r2_object_key and r2_line pointers.

2. Detail View (/api/logs/detail)

Uses the pointer from the list view to fetch the exact raw log content.

  • Pointer Logic:
    • Input: object_key (R2 file path) + r2_line (Line number).
    • Action: Fetches the specific R2 object (usually an NDJSON batch).
    • Optimization: Streams the file but only parses/returns the requested line.
  • Failure Modes:
    • 404: Log batch deleted or moved (Retention expiry).
    • 409: Log ID mismatch (Integrity check failed).

Security & Trust Boundaries

  • Supabase Auth: All requests must bear a valid Authorization: Bearer <JWT>.
  • RBAC: Checks client_memberships table via Supabase REST API to ensure the user owns the container.
  • Superadmin Bypass: Users with is_superadmin status can access all containers and system-tier logs.

CORS & Browser Behavior

  • Explicit CORS handling allows calls from the dashboard domain.
  • Supports preflight (OPTIONS) requests.

Observability & Latency

  • Analytics Engine: Ingestion is sampled and asynchronous. Recent logs may appear with a slight delay.
  • R2 Consistency: Raw logs are batched; a crash before flush means data might exist in AE (if flushed) but not R2, or vice versa.

Variables

Released under proprietary license.

Copyright © 2024 Qaxal