Add secret management guide, client-side performance monitoring, and search accessibility enhancements

- Introduced a comprehensive Secret Management Guide detailing best practices, secret classification, development setup, production management, rotation procedures, and emergency protocols. - Implemented a client-side performance monitoring script to track various metrics including page load performance, paint metrics, layout shifts, and memory usage. - Enhanced search accessibility with keyboard navigation support for search results, ensuring compliance with WCAG standards and improving user experience.
2025-12-24 09:51:09 -05:00 · 2025-12-23 16:41:42 -05:00
parent ae31e889d7
commit edcd8f2076
155 changed files with 22046 additions and 4645 deletions
--- a/backend/docs/code_standards.md
+++ b/backend/docs/code_standards.md
@@ -236,6 +236,101 @@ def process_data(
 pytest backend/tests/ --cov=backend/apps --cov-report=html
 ```

+## Logging Standards
+
+### Logger Initialization
+
+Every view and middleware file should initialize a logger:
+
+```python
+import logging
+
+logger = logging.getLogger(__name__)
+```
+
+### Centralized Logging Utilities
+
+Use the centralized logging utilities from `apps.core.logging` for structured logging:
+
+```python
+from apps.core.logging import log_exception, log_business_event, log_security_event
+```
+
+### When to Use Each Log Level
+
+- **`logger.debug()`**: Detailed diagnostic information (disabled in production)
+- **`logger.info()`**: General operational events (search queries, user actions)
+- **`logger.warning()`**: Unexpected conditions that don't prevent operation
+- **`logger.error()`**: Error conditions that require attention
+- **`log_exception()`**: Exception handling with full stack trace
+
+### Exception Logging
+
+Use `log_exception` for all exception handlers:
+
+```python
+try:
+    # operation
+except Exception as e:
+    log_exception(
+        logger,
+        e,
+        context={"operation": "get_filtered_queryset", "filters": filter_params},
+        request=self.request,
+    )
+    messages.error(self.request, f"Error: {str(e)}")
+```
+
+### Business Event Logging
+
+Use `log_business_event` for significant business operations:
+
+```python
+log_business_event(
+    logger,
+    event_type="fsm_transition",
+    message=f"Park approved: {park.name}",
+    context={
+        "model": "Park",
+        "object_id": park.id,
+        "old_state": old_status,
+        "new_state": park.status,
+    },
+    request=request,
+)
+```
+
+### Security Event Logging
+
+Use `log_security_event` for authentication and security-related events:
+
+```python
+log_security_event(
+    logger,
+    event_type="user_login",
+    message=f"User {user.username} logged in successfully",
+    severity="low",  # low, medium, high, critical
+    context={"user_id": user.id, "username": user.username},
+    request=request,
+)
+```
+
+### What NOT to Log
+
+Never log:
+- Passwords or password hashes
+- API tokens or secrets
+- Session IDs
+- Full credit card numbers
+- Other sensitive PII
+
+### Log Message Guidelines
+
+- Use clear, concise messages
+- Include relevant context (IDs, usernames, operation names)
+- Use consistent naming conventions
+- Avoid logging large data structures
+
 ## Pre-commit Configuration

 The following pre-commit hooks are configured: