From 83e20bf67e6422f37915f398340d879e346a511e Mon Sep 17 00:00:00 2001
From: Mohammad Sajad Pourajam <prj.sajad85@gmail.com>
Date: Thu, 9 Apr 2026 23:43:41 +0330
Subject: [PATCH] UPDATE

---
 README.md                                     |   9 ++++
 config/opa-config.DEVELOP.yaml                |  11 +++++
 config/opa-config.default.yaml                |   4 ++
 docker-compose.yaml                           |  26 ++++++++++-
 logs/.gitkeep                                 |   1 +
 logs/opa.log                                  |   4 ++
 .../opa_log_receiver.cpython-314.pyc          | Bin 0 -> 3164 bytes
 scripts/opa_log_receiver.py                   |  44 ++++++++++++++++++
 8 files changed, 97 insertions(+), 2 deletions(-)
 create mode 100644 config/opa-config.DEVELOP.yaml
 create mode 100644 config/opa-config.default.yaml
 create mode 100644 logs/.gitkeep
 create mode 100644 logs/opa.log
 create mode 100644 scripts/__pycache__/opa_log_receiver.cpython-314.pyc
 create mode 100644 scripts/opa_log_receiver.py

diff --git a/README.md b/README.md
index c965984..8168620 100644
--- a/README.md
+++ b/README.md
@@ -8,6 +8,15 @@ This service runs OPA as a standalone authorization engine for `backend/access_c
 docker compose -f accsess/docker-compose.yaml up -d
 ```
 
+If you want request logging only on development, start the stack with
+`APP_ENV=DEVELOP` and enable the `develop` profile. In that mode, OPA sends
+decision logs to a sidecar service, and the log file is written to
+`accsess/logs/opa.log` on the host through a Docker volume.
+
+```bash
+APP_ENV=DEVELOP COMPOSE_PROFILES=develop docker compose -f accsess/docker-compose.yaml up -d
+```
+
 ## Decision endpoints
 
 - Single feature: `POST /v1/data/croplogic/authz/decision`
diff --git a/config/opa-config.DEVELOP.yaml b/config/opa-config.DEVELOP.yaml
new file mode 100644
index 0000000..5c0bfb5
--- /dev/null
+++ b/config/opa-config.DEVELOP.yaml
@@ -0,0 +1,11 @@
+services:
+  requestlog:
+    url: http://opa-log-receiver:8282/logs
+labels:
+  app: croplogic-authz
+plugins: {}
+decision_logs:
+  service: requestlog
+  reporting:
+    min_delay_seconds: 1
+    max_delay_seconds: 5
diff --git a/config/opa-config.default.yaml b/config/opa-config.default.yaml
new file mode 100644
index 0000000..6ceb01f
--- /dev/null
+++ b/config/opa-config.default.yaml
@@ -0,0 +1,4 @@
+services: {}
+labels:
+  app: croplogic-authz
+plugins: {}
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 251a2ed..7b0b08a 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -6,16 +6,38 @@ services:
       - run
       - --server
       - --addr=0.0.0.0:8181
+      - --config-file=/config/opa-config.${APP_ENV:-default}.yaml
       - /policies
+    environment:
+      APP_ENV: ${APP_ENV:-}
     ports:
       - "8181:8181"
     volumes:
       - ./policies:/policies:ro
-      - ./config/opa-config.yaml:/config/opa-config.yaml:ro
+      - ./config/opa-config.default.yaml:/config/opa-config.default.yaml:ro
+      - ./config/opa-config.DEVELOP.yaml:/config/opa-config.DEVELOP.yaml:ro
     restart: unless-stopped
     
     networks:
       - crop_network
+
+  opa-log-receiver:
+    image: docker.iranserver.com/python:3.10
+    container_name: croplogic-accsess-opa-log-receiver
+    profiles:
+      - develop
+    command:
+      - python
+      - /app/scripts/opa_log_receiver.py
+    environment:
+      OPA_REQUEST_LOG_FILE: /logs/opa.log
+      OPA_REQUEST_LOG_PORT: "8282"
+    volumes:
+      - ./scripts/opa_log_receiver.py:/app/scripts/opa_log_receiver.py:ro
+      - ./logs:/logs
+    restart: unless-stopped
+    networks:
+      - crop_network
 networks:
   crop_network:
-    external: true
\ No newline at end of file
+    external: true
diff --git a/logs/.gitkeep b/logs/.gitkeep
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/logs/.gitkeep
@@ -0,0 +1 @@
+
diff --git a/logs/opa.log b/logs/opa.log
new file mode 100644
index 0000000..39853f6
--- /dev/null
+++ b/logs/opa.log
@@ -0,0 +1,4 @@
+{"timestamp": "2026-04-09T20:07:30.617741+00:00", "path": "/logs/logs", "headers": {"Host": "opa-log-receiver:8282", "User-Agent": "Open Policy Agent/1.15.2 (linux, amd64)", "Content-Length": "401", "Content-Encoding": "gzip", "Content-Type": "application/json", "Accept-Encoding": "gzip"}, "body": [{"labels": {"app": "croplogic-authz", "id": "c211530e-d6bb-4067-abed-57fe193b6e5b", "version": "1.15.2"}, "decision_id": "3ee2fa07-ce00-4c79-9782-76edae020652", "path": "croplogic/authz/batch_decision", "input": {"action": "view", "features": ["feature1", "feature2", "feature3"]}, "result": {"features": {"feature1": {"allow": true, "allow_rules": [], "deny_rules": [], "matched_rules": []}, "feature2": {"allow": true, "allow_rules": [], "deny_rules": [], "matched_rules": []}, "feature3": {"allow": true, "allow_rules": [], "deny_rules": [], "matched_rules": []}}}, "requested_by": "172.29.0.1:59682", "timestamp": "2026-04-09T20:07:29.762128957Z", "metrics": {"counter_server_query_cache_hit": 0, "timer_rego_input_parse_ns": 57527, "timer_rego_query_compile_ns": 93329, "timer_rego_query_eval_ns": 199196, "timer_server_handler_ns": 471175}, "req_id": 1}]}
+{"timestamp": "2026-04-09T20:08:21.624001+00:00", "path": "/logs/logs", "headers": {"Host": "opa-log-receiver:8282", "User-Agent": "Open Policy Agent/1.15.2 (linux, amd64)", "Content-Length": "544", "Content-Encoding": "gzip", "Content-Type": "application/json", "Accept-Encoding": "gzip"}, "body": [{"labels": {"app": "croplogic-authz", "id": "c211530e-d6bb-4067-abed-57fe193b6e5b", "version": "1.15.2"}, "decision_id": "b6ca9264-4576-4826-ac70-067ad6850019", "path": "croplogic/authz/batch_decision", "input": {"action": "view", "features": ["farm_management"], "resource": {"crop_types": [], "cultivation_types": [], "customization": [], "farm_id": null, "farm_types": [], "power_sensor": [], "sensor_codes": [], "subscription_plan_codes": []}, "route": "/api/farm-hub/", "user": {"email": "admin@example.com", "id": 1, "is_staff": true, "is_superuser": true, "phone_number": "0912345678", "role": "farmer", "username": "admin"}}, "result": {"features": {"farm_management": {"allow": true, "allow_rules": [], "deny_rules": [], "matched_rules": []}}}, "requested_by": "172.29.0.6:35524", "timestamp": "2026-04-09T20:08:19.762624801Z", "metrics": {"counter_server_query_cache_hit": 1, "timer_rego_input_parse_ns": 71833, "timer_rego_query_eval_ns": 127252, "timer_server_handler_ns": 231704}, "req_id": 2}]}
+{"timestamp": "2026-04-09T20:08:43.385941+00:00", "path": "/logs/logs", "headers": {"Host": "opa-log-receiver:8282", "User-Agent": "Open Policy Agent/1.15.2 (linux, amd64)", "Content-Length": "621", "Content-Encoding": "gzip", "Content-Type": "application/json", "Accept-Encoding": "gzip"}, "body": [{"labels": {"app": "croplogic-authz", "id": "c211530e-d6bb-4067-abed-57fe193b6e5b", "version": "1.15.2"}, "decision_id": "b52a1754-aaf8-4c7d-9bfb-1d25d803f007", "path": "croplogic/authz/batch_decision", "input": {"action": "view", "features": ["farm_dashboard"], "resource": {"crop_types": ["\u0630\u0631\u062a", "\u06af\u0646\u062f\u0645"], "cultivation_types": [], "customization": [], "farm_id": "11111111-1111-1111-1111-111111111111", "farm_types": ["\u0632\u0631\u0627\u0639\u06cc"], "power_sensor": ["solar"], "sensor_codes": ["sensor_7_soil_moisture_sensor_v1_2"], "subscription_plan_codes": []}, "route": "/api/farm-dashboard/", "user": {"email": "admin@example.com", "id": 1, "is_staff": true, "is_superuser": true, "phone_number": "0912345678", "role": "farmer", "username": "admin"}}, "result": {"features": {"farm_dashboard": {"allow": true, "allow_rules": [], "deny_rules": [], "matched_rules": []}}}, "requested_by": "172.29.0.6:41130", "timestamp": "2026-04-09T20:08:43.104063998Z", "metrics": {"counter_server_query_cache_hit": 1, "timer_rego_input_parse_ns": 83718, "timer_rego_query_eval_ns": 141627, "timer_server_handler_ns": 263982}, "req_id": 3}]}
+{"timestamp": "2026-04-09T20:12:48.961473+00:00", "path": "/logs/logs", "headers": {"Host": "opa-log-receiver:8282", "User-Agent": "Open Policy Agent/1.15.2 (linux, amd64)", "Content-Length": "625", "Content-Encoding": "gzip", "Content-Type": "application/json", "Accept-Encoding": "gzip"}, "body": [{"labels": {"app": "croplogic-authz", "id": "c211530e-d6bb-4067-abed-57fe193b6e5b", "version": "1.15.2"}, "decision_id": "98adca8f-68fb-47d6-8162-59c2cb83d18b", "path": "croplogic/authz/batch_decision", "input": {"action": "view", "features": ["farm_management"], "resource": {"crop_types": ["\u0630\u0631\u062a", "\u06af\u0646\u062f\u0645"], "cultivation_types": [], "customization": [], "farm_id": "11111111-1111-1111-1111-111111111111", "farm_types": ["\u0632\u0631\u0627\u0639\u06cc"], "power_sensor": ["solar"], "sensor_codes": ["sensor_7_soil_moisture_sensor_v1_2"], "subscription_plan_codes": []}, "route": "/api/farm-hub/11111111-1111-1111-1111-111111111111/", "user": {"email": "admin@example.com", "id": 1, "is_staff": true, "is_superuser": true, "phone_number": "0912345678", "role": "farmer", "username": "admin"}}, "result": {"features": {"farm_management": {"allow": true, "allow_rules": [], "deny_rules": [], "matched_rules": []}}}, "requested_by": "172.29.0.6:46450", "timestamp": "2026-04-09T20:12:47.941138139Z", "metrics": {"counter_server_query_cache_hit": 1, "timer_rego_input_parse_ns": 97369, "timer_rego_query_eval_ns": 181108, "timer_server_handler_ns": 317548}, "req_id": 4}]}
diff --git a/scripts/__pycache__/opa_log_receiver.cpython-314.pyc b/scripts/__pycache__/opa_log_receiver.cpython-314.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..9c408b487c057bc41810f71db40c0d6e7f8d9d61
GIT binary patch
literal 3164
zcmb6bO-viv`Hg4B9(!!_6B59NIBY0cmjx2SHiRYYHh}=U6s8kOd$4yjYfoSjGvl3k
z4h@%bE9r%>iUf&PB9&HZdfGkau!o#hIf6{q<ZYx>>Y?hTq9szQp8CD9Uj`*<rG1v)
z``-8WzMuELZ@S~L2!ipC;GX%dh|pi@hK*niIB4MzT0x&8m77Gkx^kHF_5mD#H89Cf
z@R*+vu#lp3eo~wW;^0IGhf*lZDfLXHzbZ$3m_e$biUWb_4o9+b$B&T>sv#yj0QS;>
zqeoE(Ql)03hO@x|zJ`ru<7#B^HwfjABh-enA>fg-(X)YUjA_7i**c}8%71tssBKaZ
zi<90z9sN7SO{W7y%Iny`=AuC)IxpLn0oY>~b=R1fomEuh^OE7>3Ej#U42K+<U2qIN
zZ(8$|c*SsT0J3RD`MIW!{qk31S7x=TnQ`s%<kZ-5tgm3tyM1<1?*-sZCS^vQCBk6;
zV1Mqgv9&0mgZBWdLk6=5b1H(2MKOO2*<gP&!h#xrSyXu(oI^OI3MWxoB#om+&U8)N
znzH9>7U!5gdIr5U5Krl#OQ3fn^NKcylv)NU8ygDTt=ESN=d*aTj1{>#?o^F2-$t_o
z`q(`@q(BKD+SI@~j%oP?rv{3FA7Kfv3d|Bkep55cdXb;wRnfaSDbKdRD_fiCJ`-iK
zN}NId+JWW*%tElvmu;--QW|_-2B|?N0X_*uK@DYqyE>F62Kj3T${b@mrG-KM%Csp-
zAIBi(r7A(>Aoi~hHJkyjtK)yf_W!&XcCs3o6JCqjJ4~z6$sm7)s0mCKVj%YkMKROG
z=*qhc@>hs~Pk)OaO1IC;pbUK?-e6~`Q8jk1c9T;m)5qvOry5s-YTdb7Rr!F^xKg0R
zYly|M7@P|#XPBJ7W_*A9eJq2(UlGo(XJ@MouS^3LW*yWYnf_Q!OVM}oKGWf^pFZ{_
zfa9D`VGy&{(=f=e{`xi#)J9*cDxX9rP&Z;ZorjpUAv2Id?I`8_rlvpO+mXqok1WS8
z*%me|+%siZ^LT-9rw`~!%k>ODX60;J5(y&0{IXeG7EAbQ&malYg6d*@u}FlX4w9h-
zsGWx665%sDe{*^^%@N7?t?6RTzD_vZ+tzde95pPr<QSUn=1h}t5tk;`zMgI;ylG*F
zwj#pM8<>dBRkL6afmUWB7VIU%acJ`*k-U+!7mJSJx+F+pIGkpl@Rq&gKn(<_gmWZp
zy7pDuS=6yZA1V>@W)9Sv*jNNxuer8G)#`bd1Z<Z`i~4mVZ-N^km@S>Q4p#MvU>6PG
zUUEQ~i22fD(Iqk0u<{yMQM4`BATr&tNQg_+_H>8{u2Hy3;<;+9wL&%4vZF6)Mg1l{
zozyd;!2%v)BoXrC+$0io8jUJ+L*Pf(32%_3n{&(}_Ii;<IUFNrn9#X;i#NdsTT^DP
z%#y^L&7-$Qi-9sX3*BM`J!@^-oZZUY%~aZZcG`Qkdq*De<@V8X>)2}i`T6nN`HgGq
z*EZ~R`@Xe%?ES}AR^`29YHRrJa3$HjlkDDpZ{$&+oV-*?PVOWp%gIl+rIx?Q$;}(P
z@=w0*ewH}C)pxJ&L3cUvv(-=jc4qi?ccrm&r?K<?uXh`J9=)>~+7F^w%a<)%ZTH%~
zTKH4pkA-sU*-Gn$oz@HG)(`ihjkiZPCf6tTqDSxG&C#u?yHl06-krAIa@*;0^BJIj
zeeTZa#>ZcLyt%a7bn2n79~K)TtKy3|3d?KqALKh1H^$e;H)hsnzM3dE^*j`wNEe>P
z8t%NidFjEaO054$tpA&Zy=c?g^sVVH2eyXp4c#{$cJ3xWeAM|Qd3iTF{*p)WvtVR6
zR*@1rQeyM$u9Vu7q7|uSM{3!X5&*A7Zbhp5&7<E-sh2W{fbRdev=MzL_e~)2F_I_h
z!?{`|12jUkS3^>z1KL<ukcyz=bJKrDY2Kj)i3F<`m<YNv@4EDscXj>LIZsJ4%{jb8
zSD!b?@wcS;5S<obm-hV?^i+yFv?DqfV46-#MA9^R+ck|uG;Pt&mkJb)YTD-|y-=gn
zX>k7>7Z*&+uxw3phNy;*U?N8~4T=FabDEB^V}4e`h70lynwBf*u1nus&L|W#4c>n2
z5E8_w^B;N6IJDDy6OEQjyXn7w561p0&@7&K+0Th}`v|70;gpwJy{Ma(rY(m~_j<o{
zgG1ePXdChhg;x}+^*~<0xY+A@A9fCngG1v@LWXt2bZpC^E!d&G$VpJVK)>RuHeICq
zU{#VndH6KcASVXAGcSTwle~mT!`0}GI5QwbopXN&(>~8}+z&|p0fk|Hj!r#Cm*6f%
z<7-2=hSo-Ijcg}Qf74f%FRn;WLy^_~!|1NEe7+nSS`l6ZlU&_)Yu^h5>;5njqN~fh
qeCyNLiTmjXv)dj0+XI)&vGJA5dqSilwCo5i-wTO<ibzO!2L2c7vW@5f

literal 0
HcmV?d00001

diff --git a/scripts/opa_log_receiver.py b/scripts/opa_log_receiver.py
new file mode 100644
index 0000000..da93533
--- /dev/null
+++ b/scripts/opa_log_receiver.py
@@ -0,0 +1,44 @@
+import json
+import os
+import gzip
+from datetime import datetime, timezone
+from http.server import BaseHTTPRequestHandler, ThreadingHTTPServer
+
+
+LOG_FILE = os.environ.get("OPA_REQUEST_LOG_FILE", "/logs/opa.log")
+PORT = int(os.environ.get("OPA_REQUEST_LOG_PORT", "8282"))
+
+
+class DecisionLogHandler(BaseHTTPRequestHandler):
+    def do_POST(self):
+        content_length = int(self.headers.get("Content-Length", "0"))
+        raw_payload = self.rfile.read(content_length) if content_length else b""
+        content_encoding = self.headers.get("Content-Encoding", "").lower()
+
+        if content_encoding == "gzip" and raw_payload:
+            raw_payload = gzip.decompress(raw_payload)
+
+        payload = raw_payload.decode("utf-8") if raw_payload else ""
+
+        entry = {
+            "timestamp": datetime.now(timezone.utc).isoformat(),
+            "path": self.path,
+            "headers": dict(self.headers.items()),
+            "body": json.loads(payload) if payload else None,
+        }
+
+        os.makedirs(os.path.dirname(LOG_FILE), exist_ok=True)
+        with open(LOG_FILE, "a", encoding="utf-8") as log_file:
+            log_file.write(json.dumps(entry, ensure_ascii=True) + "\n")
+
+        self.send_response(200)
+        self.end_headers()
+        self.wfile.write(b"ok")
+
+    def log_message(self, format, *args):
+        return
+
+
+if __name__ == "__main__":
+    server = ThreadingHTTPServer(("0.0.0.0", PORT), DecisionLogHandler)
+    server.serve_forever()