chore(devops): add Morgan request logger middleware for HTTP logging

[Copilot]

Overview

Implements comprehensive HTTP request logging for the Hawk API using Morgan, the industry-standard Express middleware logger.

Problem

API logs were not informative enough. There was no tracking of incoming requests, responses, timing, or other useful HTTP-level information needed for debugging, performance monitoring, and security analysis.

Solution

Added Morgan middleware to log all HTTP requests with the following information:

Development Mode (default)

Colored, concise output for easy debugging:

POST /graphql 200 45.123 ms - 5678
GET /static/logo.png 200 15.234 ms - 1234

Production Mode (NODE_ENV=production)

Apache Combined Log Format for comprehensive logging:

::1 - - [08/Oct/2024:16:45:24 +0000] "POST /graphql HTTP/1.1" 200 5678 "https://hawk.so" "Mozilla/5.0"

What Gets Logged

• ✅ HTTP method (GET, POST, etc.)
• ✅ Request URL/path
• ✅ Response status code
• ✅ Response time (in milliseconds)
• ✅ Response size (content-length in bytes)
• ✅ User agent (production mode)
• ✅ Referrer (production mode)
• ✅ Remote IP address (production mode)
• ✅ Timestamp (production mode)

Why Morgan?

• Industry standard: 33M+ weekly downloads on npm
• Battle-tested: Used in production by thousands of companies
• Zero configuration: Works out of the box
• Minimal overhead: Negligible performance impact
• Standard compliance: Follows Apache/W3C log formats

Implementation Details

• Positioned early in middleware chain (after CORS, before body parsers)
• Environment-aware configuration (dev vs production formats)
• Logs all endpoints: GraphQL, static files, billing webhooks, health checks
• No breaking changes, fully backward compatible

Benefits

1. Performance monitoring - Identify slow requests and bottlenecks
2. Debugging - See request flow and errors in real-time
3. Security - Track suspicious activity and unusual patterns
4. Compliance - Maintain audit trail for all API requests
5. Traffic analysis - Understand API usage patterns

Closes #[issue_number]

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• fastdl.mongodb.org
  • Triggering command: /usr/local/bin/node ./postinstall.js (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>chore(devops): setup request logger</issue_title>
<issue_description>Now API logs are not so informative they should be.

Add request logging via Express plugin.

We want to track incoming requests, responses, time, size and other useful information.

Use best practice and popular tools.</issue_description>

Comments on the Issue (you are @copilot in this section)

Fixes #534

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.