From 0cf64b292809654e182e2d2ffe2383ebf0d293b5 Mon Sep 17 00:00:00 2001 From: hsiegeln <37154749+hsiegeln@users.noreply.github.com> Date: Thu, 23 Apr 2026 17:35:44 +0200 Subject: [PATCH] fix(audit): exclude env-scoped executions/search from safety-net log MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The exclusion list still named the legacy flat `/api/v1/search/executions` URL, which no longer exists — the endpoint moved to env-scoped `/api/v1/environments/{envSlug}/executions/search`. Exact-match Set lookup never matched, so every UI search POST produced an audit row. Switch to AntPathMatcher over a pattern list so the dynamic envSlug is handled correctly. Co-Authored-By: Claude Opus 4.7 (1M context) --- .../server/app/interceptor/AuditInterceptor.java | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/cameleer-server-app/src/main/java/com/cameleer/server/app/interceptor/AuditInterceptor.java b/cameleer-server-app/src/main/java/com/cameleer/server/app/interceptor/AuditInterceptor.java index f1e574d8..46332b22 100644 --- a/cameleer-server-app/src/main/java/com/cameleer/server/app/interceptor/AuditInterceptor.java +++ b/cameleer-server-app/src/main/java/com/cameleer/server/app/interceptor/AuditInterceptor.java @@ -6,8 +6,10 @@ import com.cameleer.server.core.admin.AuditService; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import org.springframework.stereotype.Component; +import org.springframework.util.AntPathMatcher; import org.springframework.web.servlet.HandlerInterceptor; +import java.util.List; import java.util.Map; import java.util.Set; @@ -22,7 +24,9 @@ import java.util.Set; public class AuditInterceptor implements HandlerInterceptor { private static final Set AUDITABLE_METHODS = Set.of("POST", "PUT", "DELETE"); - private static final Set EXCLUDED_PATHS = Set.of("/api/v1/search/executions"); + private static final List EXCLUDED_PATH_PATTERNS = List.of( + "/api/v1/environments/*/executions/search"); + private static final AntPathMatcher PATH_MATCHER = new AntPathMatcher(); private final AuditService auditService; @@ -41,8 +45,10 @@ public class AuditInterceptor implements HandlerInterceptor { } String path = request.getRequestURI(); - if (EXCLUDED_PATHS.contains(path)) { - return; + for (String pattern : EXCLUDED_PATH_PATTERNS) { + if (PATH_MATCHER.match(pattern, path)) { + return; + } } AuditResult result = response.getStatus() < 400 ? AuditResult.SUCCESS : AuditResult.FAILURE;