Marker-cookie pattern per docs/conventions/per-app-edge-identity-validation.md:
- New BbEdgeIdentityMiddleware compares `_bb_edge_sub` cookie to
`X-Auth-Request-User` header on every authenticated request. On mismatch,
flushes the Django session and replaces request.user with AnonymousUser
so DRF returns 401 / browser navigations land at the bridge handoff
redirect. Lazy-populates the cookie on legacy sessions; passes through
for anonymous requests and bearer-token-only callers.
- Trusted-JWT view sets `_bb_edge_sub` on the redirect response when
X-Auth-Request-User is present (single session-mint choke-point — the
Bucket-4 entry-point is the only path that creates Plane sessions in
this deployment).
- SignOutAuthEndpoint reads optional BB_LOGOUT_REDIRECT_URL env. When set,
the SPA's /auth/sign-out/ form-POST is 302'd to the platform bridge's
synced-logout endpoint (clears edge `_bb_oauth2` + back-channels Zitadel
end_session). Without this, the user's Zitadel session at the edge
outlives the Plane logout and silently re-logs them in via bridge handoff
→ trusted sign-in. Vanilla regression-safe: env unset → upstream behavior.
Net surface vs upstream-clean: 1 new middleware file, 1 line in MIDDLEWARE,
~20 lines added to trusted.py and signout.py. No new dependencies.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat: enhance APITokenLogMiddleware to support logging to MongoDB
- Added functionality to log external API requests to MongoDB, with a fallback to PostgreSQL if MongoDB is unavailable.
- Implemented error handling for MongoDB connection and logging operations.
- Introduced additional fields for MongoDB logs, including timestamps and user identifiers.
- Refactored request logging logic to streamline the process and improve maintainability.
* fix: improve MongoDB availability checks in APITokenLogMiddleware
- Enhanced the logic for determining MongoDB availability by checking if the collection is not None.
- Added a check for MongoDB configuration before attempting to retrieve the collection.
- Updated error handling to ensure the middleware correctly reflects the state of MongoDB connectivity.
* feat: implement logging functionality in logger_task for API activity
- Added a new logger_task module to handle logging of API activity to MongoDB and PostgreSQL.
- Introduced functions for safely decoding request/response bodies and processing logs based on MongoDB availability.
- Refactored APITokenLogMiddleware to utilize the new logging functions, improving code organization and maintainability.
* refactor: simplify MongoDB logging in logger_task and middleware
- Removed direct dependency on MongoDB collection in log_to_mongo function, now retrieving it internally.
- Updated process_logs to check MongoDB configuration before logging, enhancing error handling.
- Cleaned up logger.py by removing unused imports related to MongoDB.
* feat: add Celery task decorator to process_logs function in logger_task
- Introduced the @shared_task decorator to the process_logs function, enabling asynchronous processing of log data.
- Updated function signature to include a return type of None for clarity.
* chore: added middleware to handle body too large
* chore: added middleware to handle body too large
* chore: indentend the code
* chore: changed the response structure
* chore: changed the response structure
* chore: created a new file for middleware
* chore: added a standardized error key
