fix(audit): address /code-review findings

- scheduler _run_changed: count a run as "changed" only on a truthy NUMERIC
  value — status-string no-op dicts like {"skipped":"disabled"} (Plex off, the
  default) or {"skipped":"no demo account"} were flooding the trail every interval.
- audit.record: truncate target_id to the column width (128) like summary[:255],
  so an over-long target (e.g. a 128+ char demo email) can't abort the mutation
  the audit row is committed alongside.
- config set/reset: redact URL userinfo (user:pass@) from logged non-secret
  values — a proxy setting can embed credentials that shouldn't land in the trail.
- config set: skip the audit row when a non-secret value didn't actually change
  (no-op re-save shouldn't add noise); secrets are write-only so always logged.
- audit page title (pageMeta): add the missing "audit" case so the browser tab
  reads "Audit log · Siftlode" instead of falling back to "Feed".
This commit is contained in:
npeter83 2026-07-12 07:47:07 +02:00
parent 318fdc4812
commit 32d8575f79
4 changed files with 34 additions and 12 deletions

View file

@ -64,7 +64,9 @@ def record(
actor_id=actor_id,
action=action,
target_type=target_type,
target_id=None if target_id is None else str(target_id),
# Truncate to the column widths so an over-long target/summary can never abort the
# mutation this row is committed alongside (an audit row must not break what it observes).
target_id=None if target_id is None else str(target_id)[:128],
summary=(summary or None) and summary[:255],
before=before,
after=after,