I haven't touched Flask in a while, but I suspect django-guid is compatible with Flask, either out of the box, or with some simple modifications. I suggest we investigate what it would take to integrate with Flask, and add Flask-setup-docs.

Hi,

LICENSE contains a standard BSD license, but in pyproject.toml it says BSD-4-Clause, which confuses our automatic license checker.

If I submit a PR to fix it will it be merged?

Thanks,
Aur

Why we don't have the option of using the full UUID 776336d4-545e-43e1-bd3b-017794af48e9 instead of the hex output? 776336d4545e43e1bd3b017794af48e9

Celery tasks triggered by a request will not have the GUID (Correlation-ID) attached to it. Implement a solution to inject the GUID into the Celery logs.

For Celery tasks that are not triggered by a request, use the task-id instead as a GUID.

I would like an easy way to override the Django error page views so that the request guid is included as part of the HTML. This is useful so that customers can easily send the guid to a support team to get faster help.

Related to #2

Need read the docs documentation

The APM-docs describe how to add a transaction id to APM events.

I think this would be a good candidate for a new integration.

It would be great to add regex support for the IGNORE_URLS config.
For example, I would like to ignore UUID generation for requests for /static/* artifacts.

Describe the solution you'd like
Add the option to add the GUID/Correlation-ID to the response header.
Should be a setting.

Additional context
Allowing users or sites that are using the Django app to use the Correlation-ID to report issues.
Example:

• User sends a request
• django-guid adds a Correlation-ID to that request
• Somewhere in the request something unexpected goes wrong, the user gets a !2xx status code back.
• The front end prints the Correlation-ID to the user.
• The user can use that specific ID when contacting the developers.

• Make ID generator and validator generic, implement transformer (mirror asgi-correlation-id)
• Split celery functionality into a separate package
• Split sentry functionality into a separate package
• Create extras for both
• Update license
• Update test project to handle Django deprecation warnings
• Update to Poetry v1.2
• Update classifiers
• Rework docs (drop sphinx and just have readmes per module?)
• Remove get_guid and set_guid
• Create example projects for each feature

Essentially we want to de-bloat the core a little, making it possible to install the core middleware without anything else. It's possible to install the middleware today, without adding celery as a dependency, but the celery code is still contained in the wheel.

There's also some Sentry + Celery logic to consider @JonasKs. Do we put that in its own third package? Something to think about 🤔

Test everything

Add example project

I am running a django application using gunicorn server, and there are some child threads that will be created by the parent thread. I am getting the guid (contextvar) using get_guid method in the parent thread, passing it as an argument to the child threads, and setting the guid contextvar in the child threads using set_guid method (both of these methods are present in django_guid.api module). Only then the guid is visible in the log messages.

Is this the best way to pass on the correlation-ids to child threads? Or is there an alternate better way?

Implement black and flake8.

I tried bumping to Django 5 and am being told that django-guid does not support it.

django-guid (3.3.1) which depends on django (>=3.1.1,<5.0)

With ASGI being stable and more async support to Django is coming up, this package eventually have to change it's design to be ASGI compliant.

• ASGI by protocol can handle multiple requests on one thread. Every time await is used, the control of the loop will be handed back to the event loop, queuing the resumption of the function. The next function will run until it calls on an await, and then the entire thing repeats. This means that a thread will by design be able to handle multiple requests.

• Most of Django do not support awaitat the moment, so django-guid will work on ASGI today. The way it works right now is that when it gets an ASGI request on the event loop, it dispatches it to a thread pool where each thread again handles one request at the time.

Essentially this means that in the future, in order to keep this package living we have to find another ID to use. Luckily the Django people has been kind to us and implemented a replacement for us.

I will look into implementing this ASAP.

Thanks to knbk on #freenode.

• Celery Integration docs
• Release new version to PyPi

I have a few requests that I don't want to see in the logs

eg. a load balancer sends a "ping" once in a while to see the server is up
the logs are spammed with generated new GUID messages:

django_guid - Header `Correlation-ID` was not found in the incoming request. Generated new GUID: cf306e6e90bc42238f025d8d3fddc8ac

for this request I would prefer to opt out of the middleware - a decorator would work nicely

@no_guid
def ping(request):
    return HttpResponse("Ok\n")

Edit:
It turns out that to use a decorator for opt-out would require to use the process_view hook, which runs after all the middelwares __call__ methods have been run. If the GUID would only be added at that point, it wouldn't be useful for debugging of other middleware, which is not a good idea.
For that reason, instead of a decorator, the plan is to use a "black list" of URLs to ignore. I edited the Issue title to reflect this change.

Describe the bug
Putting the middleware on top of middleware list — as suggested by doc — doesn't allow next middlewares to potentially add/override HTTP headers through:

request.META['HTTP_CUSTOM_HEADER'] = "CUSTOM VALUE"

This is due to using django_guid.utils.get_id_from_header() in django_guid.middleware.process_incoming_request(), which triggers an earlier immutable HttpHeader object build, so any add/override headers intent has no impact.
Would be better to use request.META to get/set headers.

To Reproduce

1. Create a middleware

   def foo_middleware(get_response):
       def middleware(request):
           request.META["HTTP_X_FOO"] = "foo"
           return get_response(request)
   
       return middleware

2. Add middleware after django_guid

   MIDDLEWARE = [
       "django_guid.middleware.guid_middleware",
       "foo.foo_middleware",
   ]

3. Try to access the header in a view

   @api_view(["GET"])
   def test_view(request):
       assert request.headers.get("X-Foo") == "foo"

4. Now retry by removing "django_guid.middleware.guid_middleware" from MIDDLEWARE.

Thanks to @BBT#8008 at the Django Discord for reporting this.

Three issues of f'strings' in logging:

1. If interpolation fails, code will break because it's not handled by the logging module
2. Tools like Sentry aggregate logs based on the log template string, interpolating before that will make them show up as different errors/messages, while they are actually the same
3. Interpolation is done even if the message is not to be logged

So, changing from

logger.info(f'{given_guid} is not a valid GUID. New GUID is {new_guid}')

to

logger.info("%s is not a valid GUID. New GUID is %s", given_guid, new_guid)

Will ensure the opposites of the points above:

1. If the interpolation fails, code will not break because it's handled by the logging module
2. Tools like Sentry will behave correctly
3. Interpolation is only done if the message is to be logged

Describe the bug
It is sometimes necessary to modify the Access-Control-Expose-Headers within the request cycle. As an example, a developer might need to set the Content-Disposition and Content-Type when returning a file from an API so that it has a name, for e.g.:

Content-Disposition: attachment; filename="myfile.csv"
Content-Type:  text/csv; charset=utf-8
Correlation-ID: b038c7a8662f4d21962c80ef894d0946
Access-Control-Expose-Headers: Content-Type Content-Disposition Correlation-ID

We came across a bug in production with the way Django-GUID implements the EXPOSE_HEADER setting, in that on the outgoing request processing, it overrides any setting set by the user in the request flow, because it replaces the already set Access-Control-Expose-Headers rather than being additive.

To Reproduce

• Create a view in Django
• Set "Access-Control-Expose-Headers" to some value within the view
• Set Django GUID setting "EXPOSE_HEADER" to "True"
• Make an API request to the view, look at the request, and see that the developer set value has been overwritten.

Full stack trace
N/A

At the moment the Correlation-ID header is hardcoded. Should be a django setting.

Would it be possible to add integration with Dramatiq message queue?

If not, do you guys have any pointers how I can send a correlation ID into a dramatiq task so I can track how each task spawned by a given request is handled?

Describe the bug
setup.py includes a dependency on CHANGELOG.rst which is not included in the .tar.gz packages

To Reproduce
Retrieve django-guid-.tar.gz and try to run setup.py

I've tested this on 1.1.1, 2.0.0 2.1.0 & 2.20

Full stack trace
[root@dev-rhel7-acme-python-django2-guid django-guid-2.2.0]# /opt/acme/bin/python3 setup.py install
Traceback (most recent call last):
File "setup.py", line 7, in
with open('CHANGELOG.rst') as changelog_file:
FileNotFoundError: [Errno 2] No such file or directory: 'CHANGELOG.rst'