From 29ef2d363f3dac79d45ede03ad38b50536cb7987 Mon Sep 17 00:00:00 2001
From: Franziska Kunsmann <hi@kunsmann.eu>
Date: Wed, 27 Dec 2023 11:50:53 +0100
Subject: [PATCH] better logging when moderating asset

---
 frontend.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/frontend.py b/frontend.py
index d413ba9..bc7ee7f 100644
--- a/frontend.py
+++ b/frontend.py
@@ -315,20 +315,24 @@ def content_request_review(asset_id):
 @app.route("/content/moderate/<int:asset_id>-<sig>")
 def content_moderate(asset_id, sig):
     if sig != mk_sig(asset_id):
+        app.logger.info(f'request to moderate asset {asset_id} rejected because of missing or wrong signature')
         abort(404)
     if not g.user:
         session["redirect_after_login"] = request.url
         return redirect(url_for("login"))
     elif g.user.lower() not in CONFIG.get("ADMIN_USERS", set()):
+        app.logger.warning(f'request to moderate {asset_id} by non-admin user {g.user}')
         abort(401)
 
     try:
         asset = ib.get(f"asset/{asset_id}")
     except Exception:
+        app.logger.info(f'request to moderate asset {asset_id} failed because asset does not exist')
         abort(404)
 
     state = asset["userdata"].get("state", "new")
     if state == "deleted":
+        app.logger.info(f'request to moderate asset {asset_id} failed because asset was deleted by user')
         abort(404)
 
     return render_template(
@@ -350,16 +354,24 @@ def content_moderate(asset_id, sig):
 )
 def content_moderate_result(asset_id, sig, result):
     if sig != mk_sig(asset_id):
+        app.logger.info(f'request to moderate asset {asset_id} rejected because of missing or wrong signature')
         abort(404)
     if not g.user:
         session["redirect_after_login"] = request.url
         return redirect(url_for("login"))
     elif g.user.lower() not in CONFIG.get("ADMIN_USERS", set()):
+        app.logger.warning(f'request to moderate {asset_id} by non-admin user {g.user}')
         abort(401)
 
     try:
         asset = ib.get(f"asset/{asset_id}")
     except Exception:
+        app.logger.info(f'request to moderate asset {asset_id} failed because asset does not exist')
+        abort(404)
+
+    state = asset["userdata"].get("state", "new")
+    if state == "deleted":
+        app.logger.info(f'request to moderate asset {asset_id} failed because asset was deleted by user')
         abort(404)
 
     if result == "confirm":