feat(v2/httpserver): merge full access logger from v2/http into httpserver

Elliot Forbesrequested to merge
ef-v2-httpserver-access-logger into master

Summary

Merges the full-featured access logger developed on db-v2-http-access-logger into the httpserver package, eliminating the standalone v2/http package entirely.

Changes

  • v2/correlation — new package for correlation ID context propagation (InjectToContext / ExtractFromContext), replacing the previous v1 dependency
  • v2/httpserver/access_logger.go — full access logger promoted from v2/http, now exported as AccessLogger(next http.Handler, logger *slog.Logger) http.Handler for standalone use
  • v2/httpserver/mask.go — URL masking utilities (unexported), parity with v1 mask package and GitLab Rails sensitive param list
  • v2/httpserver/middleware.go — replaces the minimal loggingMiddleware (3 fields) with accessLoggerMiddleware wrapping the full AccessLogger
  • v2/httpserver/server_test.go — updates TestLoggingMiddleware_LogsRequest to match the new "access" message and "uri" field

Log fields emitted

correlation_id, method, uri, status, duration_s, system, host, proto, remote_addr, remote_ip, referrer, user_agent, written_bytes, content_type, ttfb_s

Sensitive query params (password, token, secret, key, etc.) and URL userinfo are masked with [FILTERED]. X-Forwarded-For is used when present to surface the real client IP.

Why merge into httpserver?

  • Avoids the v2/http package name clashing with "net/http" in every caller
  • Single canonical home for HTTP middleware alongside tracing
  • AccessLogger is usable both as the built-in middleware (via Config.Logger) and as a standalone handler wrapper for sub-routers or non-Server use

🤖 Generated with Claude Code

Merge request reports