fix: restrict log retrieval to superusers

[erichare]

Summary

• require superuser authentication for /logs and /logs-stream
• document that log retrieval requires a superuser API key or session
• add regression coverage for non-admin denial, superuser access, and route dependency wiring

Validation

• uv run pytest src/backend/tests/unit/api/test_log_router.py -q
• uv run pytest src/backend/tests/unit/test_chat_endpoint.py::test_private_job_id_blocked_on_public_events_endpoint src/backend/tests/unit/test_chat_endpoint.py::test_private_job_id_blocked_on_public_cancel_endpoint -q
• uv run ruff check src/backend/base/langflow/api/log_router.py src/backend/tests/unit/api/test_log_router.py
• git diff --check

Summary by CodeRabbit

• Bug Fixes

  • Access to log retrieval endpoints now requires a superuser API key or active superuser session, improving log security.
  • Updated the API documentation to clearly reflect the new access requirements for log endpoints.

• Tests

  • Added coverage to verify that non-superusers are blocked and superusers can successfully view logs.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: ab651844-a541-4e90-a5cc-cbf839890bb2

📥 Commits

Reviewing files that changed from the base of the PR and between c6dbca3 and 45d546c.

📒 Files selected for processing (3)

• docs/docs/API-Reference/api-logs.mdx
• src/backend/base/langflow/api/log_router.py
• src/backend/tests/unit/api/test_log_router.py

---

Walkthrough

The log endpoints now require a superuser dependency for both /logs and /logs-stream. The API docs state the new requirement, and unit tests cover authorization outcomes and route dependency wiring.

Changes

Log access superuser requirement

Layer / File(s)	Summary
Router auth update src/backend/base/langflow/api/log_router.py, docs/docs/API-Reference/api-logs.mdx	get_current_active_superuser replaces get_current_active_user on /logs-stream and /logs, and the API docs note the superuser authentication requirement.
Authorization tests src/backend/tests/unit/api/test_log_router.py	The new test module seeds a stable log buffer, mounts the router with dependency overrides, and checks rejection, success, and route dependency wiring for the log endpoints.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 9

✅ Passed checks (9 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: restricting log retrieval to superusers.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Test Coverage For New Implementations	✅ Passed	Added a properly named backend unit test module that exercises /logs auth, route dependencies, and real response behavior with assertions.
Test Quality And Coverage	✅ Passed	Tests use pytest/TestClient, verify 403 and 200 on /logs, assert no leakage, and check superuser dependency wiring for both /logs and /logs-stream.
Test File Naming And Structure	✅ Passed	New backend unit test follows test_*.py naming, uses pytest fixtures/helpers, and includes clear positive/negative coverage with descriptive names.
Excessive Mock Usage Warning	✅ Passed	No excessive mocks: the new tests use real FastAPI routing and log_buffer with simple dependency overrides, and the file contains no Mock/MagicMock/patch usage.

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/pvr0783902-job-control-auth

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[github-actions]

✅ Test Coverage Advisor

No source changes detected without accompanying tests. Thanks for keeping coverage up! 🎉

Advisory check only — never blocks merge.

[github-actions]

Build successful! ✅
Deploying docs draft.
Deploy successful! View draft

[coderabbitai]

Caution

Review failed

An error occurred during the review process. Please try again later.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/pvr0783902-job-control-auth

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (release-1.10.2@c6dbca3). Learn more about missing BASE report.

Additional details and impacted files

@@                Coverage Diff                @@
##             release-1.10.2   #13873   +/-   ##
=================================================
  Coverage                  ?   58.70%           
=================================================
  Files                     ?     2306           
  Lines                     ?   220278           
  Branches                  ?    33042           
=================================================
  Hits                      ?   129325           
  Misses                    ?    89473           
  Partials                  ?     1480           

Flag	Coverage Δ
backend	65.93% <100.00%> (?)
frontend	57.87% <ø> (?)
lfx	54.62% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
src/backend/base/langflow/api/log_router.py	35.00% <100.00%> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

Frontend Unit Test Coverage Report

Coverage Summary

Lines	Statements	Branches	Functions
	43.54% (58072/133362)	69.2% (7884/11392)	41.56% (1298/3123)

Unit Test Results

Tests	Skipped	Failures	Errors	Time
4978	0 💤	0 ❌	0 🔥	13m 50s ⏱️