Adjust missing API-key logging in injection middleware

2026-03-31 07:33:42 +05:30
3 changed files with 57 additions and 30 deletions
--- a/backend/middleware/api_key_injection_middleware.py
+++ b/backend/middleware/api_key_injection_middleware.py
@@ -8,6 +8,7 @@ IMPORTANT: This is a compatibility layer. For new code, use UserAPIKeyContext di
 """

 import os
+import time
 from fastapi import Request
 from loguru import logger
 from typing import Callable
@@ -20,8 +21,61 @@ class APIKeyInjectionMiddleware:
    for the duration of each request.
    """
    
+    # Shared across middleware instances (module currently instantiates per request)
+    _missing_keys_log_timestamps = {}
+
    def __init__(self):
        self.original_keys = {}
+
+    @staticmethod
+    def _should_skip_missing_key_warning(request: Request) -> bool:
+        """
+        Optionally suppress missing-key warnings for non-AI/internal routes.
+        Controlled by API_KEY_INJECTION_SKIP_NON_AI_WARNINGS (default: true).
+        """
+        skip_non_ai_warnings = os.getenv('API_KEY_INJECTION_SKIP_NON_AI_WARNINGS', 'true').lower() in ('1', 'true', 'yes')
+        if not skip_non_ai_warnings:
+            return False
+
+        path_lower = (request.url.path or '').lower()
+        return (
+            path_lower.startswith('/api/subscription/')
+            or path_lower.startswith('/api/onboarding/')
+            or path_lower.endswith('/status')
+            or path_lower.endswith('/health')
+            or path_lower == '/health'
+            or path_lower == '/status'
+        )
+
+    def _log_missing_keys_non_blocking(self, request: Request, user_id: str) -> None:
+        """
+        Log missing API keys without interrupting request flow.
+        - Defaults to debug-level logging.
+        - Optional warn once-per-user-per-interval via env:
+          API_KEY_INJECTION_MISSING_KEYS_LOG_MODE=warn_once
+          API_KEY_INJECTION_MISSING_KEYS_LOG_INTERVAL_SECONDS=900
+        """
+        try:
+            if self._should_skip_missing_key_warning(request):
+                logger.debug(f"[API Key Injection] Missing keys for user {user_id} on non-AI route; skipping warning")
+                return
+
+            log_mode = os.getenv('API_KEY_INJECTION_MISSING_KEYS_LOG_MODE', 'debug').lower()
+            if log_mode != 'warn_once':
+                logger.debug(f"No API keys found for user {user_id}")
+                return
+
+            interval_seconds = int(os.getenv('API_KEY_INJECTION_MISSING_KEYS_LOG_INTERVAL_SECONDS', '900'))
+            now = time.time()
+            last_logged_at = self._missing_keys_log_timestamps.get(user_id, 0)
+            if (now - last_logged_at) >= max(interval_seconds, 1):
+                logger.warning(f"No API keys found for user {user_id}")
+                self._missing_keys_log_timestamps[user_id] = now
+            else:
+                logger.debug(f"No API keys found for user {user_id} (warning suppressed by interval)")
+        except Exception as log_error:
+            # Logging should never block request processing
+            logger.debug(f"[API Key Injection] Failed to log missing keys state for user {user_id}: {log_error}")
    
    async def __call__(self, request: Request, call_next: Callable):
        """
@@ -68,7 +122,7 @@ class APIKeyInjectionMiddleware:
        # Get user-specific API keys from database
        with user_api_keys(user_id) as user_keys:
            if not user_keys:
-                logger.warning(f"No API keys found for user {user_id}")
+                self._log_missing_keys_non_blocking(request, user_id)
                return await call_next(request)
            
            # Save original environment values
@@ -120,4 +174,3 @@ async def api_key_injection_middleware(request: Request, call_next: Callable):
    """
    middleware = APIKeyInjectionMiddleware()
    return await middleware(request, call_next)
-
--- a/backend/services/subscription/stripe_service.py
+++ b/backend/services/subscription/stripe_service.py
@@ -16,10 +16,6 @@ REQUIRED_STRIPE_PLAN_KEYS = {
 }


-def _is_truthy_env(var_name: str) -> bool:
-    return os.getenv(var_name, "").strip().lower() in {"1", "true", "yes", "on"}
-
-
 def _detect_stripe_mode() -> str:
    configured_mode = os.getenv("STRIPE_MODE", "").strip().lower()
    if configured_mode in {"test", "live"}:
@@ -102,16 +98,7 @@ class StripeService:
        self.db = db
        self.api_key = os.getenv("STRIPE_SECRET_KEY")
        self.webhook_secret = os.getenv("STRIPE_WEBHOOK_SECRET")
-        self.require_stripe_checkout = _is_truthy_env("REQUIRE_STRIPE_CHECKOUT")
        if not self.api_key:
-            if self.require_stripe_checkout:
-                raise HTTPException(
-                    status_code=500,
-                    detail=(
-                        "REQUIRE_STRIPE_CHECKOUT=true but STRIPE_SECRET_KEY is missing. "
-                        "Configure STRIPE_SECRET_KEY to enable Stripe checkout."
-                    ),
-                )
            logger.warning("STRIPE_SECRET_KEY is not set. Stripe integration will not work.")
        else:
            stripe.api_key = self.api_key
--- a/frontend/src/components/Pricing/PricingPage.tsx
+++ b/frontend/src/components/Pricing/PricingPage.tsx
@@ -52,10 +52,6 @@ export interface SubscriptionPlan {
 }

 const PricingPage: React.FC = () => {
-  const requireStripeCheckout = ['1', 'true', 'yes', 'on'].includes(
-    (process.env.REACT_APP_REQUIRE_STRIPE_CHECKOUT || '').toLowerCase()
-  );
-  const stripePublishableKey = process.env.REACT_APP_STRIPE_PUBLISHABLE_KEY;
  const navigate = useNavigate();
  const [plans, setPlans] = useState<SubscriptionPlan[]>([]);
  const [loading, setLoading] = useState(true);
@@ -177,7 +173,7 @@ const PricingPage: React.FC = () => {
      const userId = localStorage.getItem('user_id') || 'anonymous';

      // Check if Stripe is configured
-      if (stripePublishableKey) {
+      if (process.env.REACT_APP_STRIPE_PUBLISHABLE_KEY) {
        console.log('[PricingPage] Initiating Stripe Checkout');

        const response = await apiClient.post('/api/subscription/create-checkout-session', {
@@ -191,14 +187,6 @@ const PricingPage: React.FC = () => {
          window.location.href = response.data.url;
          return;
        }
-
-        if (requireStripeCheckout) {
-          throw new Error('Stripe checkout is required but checkout URL was not returned.');
-        }
-      } else if (requireStripeCheckout) {
-        throw new Error(
-          'Stripe checkout is required but REACT_APP_STRIPE_PUBLISHABLE_KEY is not configured.'
-        );
      }

      console.log('[PricingPage] Making legacy subscription API call:', {
@@ -283,8 +271,7 @@ const PricingPage: React.FC = () => {
      }, 3000);
    } catch (err) {
      console.error('Error subscribing:', err);
-      const errorMessage = err instanceof Error ? err.message : 'Failed to process subscription';
-      setError(errorMessage);
+      setError('Failed to process subscription');
      setSuccessSnackbar({ open: false, message: '', countdown: 0 });
    } finally {
      setSubscribing(false);