Skip to content

refactor: migrate to Pino logging and harden server infrastructure#207

Merged
qhanson55 merged 8 commits intomainfrom
refactor/pino
Mar 19, 2026
Merged

refactor: migrate to Pino logging and harden server infrastructure#207
qhanson55 merged 8 commits intomainfrom
refactor/pino

Conversation

@jujaga
Copy link
Copy Markdown
Member

@jujaga jujaga commented Mar 18, 2026
edited
Loading

Description

This PR focuses on improving application observability, performance, and reliability. The primary change is the migration from Winston to Pino for structured logging, supplemented by significant hardening of the server's graceful shutdown sequence and various infrastructure optimizations.

Core Changes

Observability & Performance

  • Winston to Pino Migration: Replaced the Winston logger with Pino to leverage better performance and native JSON structured logging.
    • Implemented pino-http with custom serializers.
    • Added pino-pretty for development and redaction for sensitive fields (passwords, auth headers).
  • Performance Gains: Observed an approximate 12-13% increase in overall performance following the migration to Pino's low-overhead logging architecture.
  • Trust Proxy: Enabled trust proxy in Express to ensure accurate client IP logging when running behind a load balancer.

Reliability & Infrastructure

  • Hardened Shutdown Sequence: Improved the server teardown process to prevent hanging.
    • Added an 8-second safety timeout.
    • Switched to process.on for signals to ensure subsequent signals are captured.
    • Ensured log buffers are flushed before the process exits.
  • Database Optimization: Increased the PostgreSQL pool size to 20 to provide better headroom for traffic spikes and fixed a promise chaining issue in the database destruction logic.

Maintenance & Refactoring

  • Security: Patched the flatted dependency to address vulnerability GHSA-25h7-pfq9-p65f.
  • Types & Docs: Cleaned up .d.ts file imports and moved the getSpec helper out of the route layer for better architectural separation.
  • Testing: Increased unit test coverage for fringe edge cases encountered during the refactor.

Related Issues/Tickets

PADS-750

Type of Change

  • Bug fix (non-breaking change)
  • New feature (non-breaking change)
  • Breaking change (fix or feature that changes existing behavior)
  • Documentation update

Checklist

  • I have read the CONTRIBUTING guidelines
  • I have tested my changes locally
  • The code builds and passes all tests
  • I have updated documentation as needed

Instance Deployment

  • I require a cloud deployment for testing

Note

To request for a cloud deployment for testing purposes, add the deploy label to this PR.
Deployments will be removed when the PR is closed, merged, or the deploy label is removed.

Additional Notes

jujaga added 3 commits March 17, 2026 09:38
@jujaga
chore(security): patch flatted dependency (GHSA-25h7-pfq9-p65f)
acd0b7a 
Signed-off-by: Jeremy Ho <jujaga@gmail.com>
@jujaga
perf(db): increase default pgpool max size to 20
2cfac6a 
Increases available database connections to improve handling of spike and
sustained loads. While baseline throughput remains unchanged, this
utilizes existing database overhead to provide greater architectural
headroom.

Signed-off-by: Jeremy Ho <jujaga@gmail.com>
@jujaga
feat(server): enable trust proxy for accurate client IP detection
a5d2ace 
Configures Express to trust the 'X-Forwarded-For' header. This ensures
the logger captures the original client IP rather than the load
balancer address in containerized environments.

Signed-off-by: Jeremy Ho <jujaga@gmail.com>
@jujaga jujaga requested a review from a team as a code owner March 18, 2026 21:20
@jujaga jujaga added the enhancement New feature or request label Mar 18, 2026
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 18, 2026

Coverage Report

Totals Coverage
Statements: 95.63% ( 1205 / 1260 )
Methods: 98.89% ( 178 / 180 )
Lines: 99.85% ( 648 / 649 )
Branches: 87.94% ( 379 / 431 )

qhanson55
qhanson55 reviewed Mar 19, 2026
View reviewed changes
jujaga added 5 commits March 19, 2026 11:13
@jujaga
refactor(log): migrate from Winston to Pino for structured logging
44006d3 
Replaces Winston with Pino to improve application performance and
standardize on a nested JSON format for HTTP request/response metadata.

- Implements pino-http middleware with custom serializers for req/res.
- Configures pino-pretty for human-readable local development output.
- Adds sensitive data redaction for authorization headers and passwords.
- Integrates a child logger pattern (getLogger) for module-level context.

Signed-off-by: Jeremy Ho <jujaga@gmail.com>
@jujaga
refactor(server): harden graceful shutdown and database teardown
95cd27b 
Implements a more robust shutdown sequence to prevent hanging processes
and ensures logs are flushed before exit.

- Add a 8-second safety timeout to force exit if cleanup hangs.
- Prevent multiple shutdown triggers by checking state.shutdown.
- Switch from process.once to process.on for signal handling to capture
  subsequent signals during teardown.
- Refactor shutdownDatabase to properly chain the destruction promise.
- Ensure log buffers are flushed before the final process exit.

Signed-off-by: Jeremy Ho <jujaga@gmail.com>
@jujaga
refactor(docs): move getSpec helper function out of route layer
15df5a7 
Signed-off-by: Jeremy Ho <jujaga@gmail.com>
@jujaga
refactor(types): ensure file imports reflect actual .d.ts filenames
afd5df8 
Signed-off-by: Jeremy Ho <jujaga@gmail.com>
@jujaga
test(unit): improve code coverage on fringe edge cases
c1d8df5 
Signed-off-by: Jeremy Ho <jujaga@gmail.com>
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Mar 19, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
90.8% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@qhanson55 qhanson55 merged commit 6b7ec63 into main Mar 19, 2026
24 checks passed
@qhanson55 qhanson55 deleted the refactor/pino branch March 19, 2026 18:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@qhanson55 qhanson55 qhanson55 approved these changes

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jujaga @qhanson55