fix: timestamp uses r->request_time; remove unparsed_uri, fragment from architecture

- FIX: timestamp JSON field now uses r->request_time (set at request reception by Apache) instead of apr_time_now() called during log processing - DOC: remove unparsed_uri and fragment fields from architecture.yml data model (these fields are not logged by the module) - DOC: update example_full and timestamp description in architecture.yml Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-03-05 14:42:00 +01:00
parent ae933fcf5a
commit 54d210978f
3 changed files with 10 additions and 18 deletions
--- a/architecture.yml
+++ b/architecture.yml
@ -98,7 +98,7 @@ module:
          description: >
            Wall-clock timestamp in microseconds since Unix epoch, expressed
            as nanoseconds for compatibility (multiplied by 1000).
-            Note: apr_time_now() returns microseconds with microsecond precision.
+            Uses r->request_time (set by Apache at request reception).
            The nanosecond representation is for API compatibility only.
          example: 1708948770000000000
        - name: scheme
@ -120,12 +120,6 @@ module:
        - name: method
          type: string
          example: "GET"
-        - name: unparsed_uri
-          type: string
-          description: >
-            Raw, uncleaned URI exactly as requested by the client (r->unparsed_uri).
-            Essential for detecting Path Traversal or bot anomalies before Apache normalizes it.
-          example: "//dossier/../api/users"
        - name: path
          type: string
          description: Cleaned and normalized path (r->parsed_uri.path).
@ -137,12 +131,6 @@ module:
            Does not include the leading '?'. Allows detection of payloads like
            SQLi or XSS passed in GET requests.
          example: "id=1%20UNION%20SELECT"
-        - name: fragment
-          type: string
-          description: >
-            Fragment component from the parsed URI (r->parsed_uri.fragment).
-            Does not include the leading '#'.
-          example: "section1"
        - name: host
          type: string
          example: "example.com"
@ -174,7 +162,7 @@ module:
            header_X-Request-Id: "abcd-1234"
            header_User-Agent: "curl/7.70.0"
      example_full: |
-        {"time":"2026-02-26T11:59:30Z","timestamp":1708948770000000000,"scheme":"https","src_ip":"192.0.2.10","src_port":45678,"dst_ip":"198.51.100.5","dst_port":443,"method":"GET","unparsed_uri":"//api/users?id=1#section","path":"/api/users","query":"id=1","fragment":"section","host":"example.com","http_version":"HTTP/1.1","keepalives":0,"content_length":0,"header_X-Request-Id":"abcd-1234","header_User-Agent":"curl/7.70.0"}
+        {"time":"2026-02-26T11:59:30Z","timestamp":1708948770000000000,"scheme":"https","src_ip":"192.0.2.10","src_port":45678,"dst_ip":"198.51.100.5","dst_port":443,"method":"GET","path":"/api/users","query":"id=1","host":"example.com","http_version":"HTTP/1.1","keepalives":0,"content_length":0,"header_X-Request-Id":"abcd-1234","header_User-Agent":"curl/7.70.0"}

 configuration:
  scope: global
--- a/mod_reqin_log.spec
+++ b/mod_reqin_log.spec
@ -1,4 +1,4 @@
-%global spec_version 1.0.14
+%global spec_version 1.0.15

 Name:           mod_reqin_log
 Version:        %{spec_version}
@ -37,6 +37,11 @@ install -m 644 %{_pkgroot}/%{_sysconfdir}/httpd/conf.d/mod_reqin_log.conf %{buil
 %doc %{_docdir}/%{name}

 %changelog
+* Thu Mar 05 2026 Developer <dev@example.com> - 1.0.15
+- FIX: timestamp field now uses r->request_time (request reception time) instead of apr_time_now()
+- DOC: Remove unparsed_uri and fragment fields from architecture.yml (not logged)
+- DOC: Update timestamp description and example_full in architecture.yml
+
 * Mon Mar 02 2026 Developer <dev@example.com> - 1.0.14
 - REFACTOR: Harmonize JSON field construction - all fields now end with comma
 - FIX: Remove duplicate comma between query and host fields
--- a/src/mod_reqin_log.c
+++ b/src/mod_reqin_log.c
@ -731,10 +731,9 @@ static void log_request(request_rec *r, reqin_log_config_t *cfg, reqin_log_child
    format_iso8601(&buf, r->request_time);
    dynbuf_append(&buf, "\",", 2);

-    /* timestamp (nanoseconds since epoch) */
+    /* timestamp (nanoseconds since epoch, from request reception time) */
    {
-        apr_time_t now = apr_time_now();
-        apr_uint64_t ns = ((apr_uint64_t)now) * APR_UINT64_C(1000);
+        apr_uint64_t ns = ((apr_uint64_t)r->request_time) * APR_UINT64_C(1000);
        char ts_buf[32];
        snprintf(ts_buf, sizeof(ts_buf), "%" APR_UINT64_T_FMT, ns);
        dynbuf_append(&buf, "\"timestamp\":", 12);