refactor: refactored code duplicates + magic numbers

SantiagoDePolonia · SantiagoDePolonia · commit 26a13943f59e · 2026-01-16T00:45:16.000+01:00
diff --git a/internal/auditlog/constants.go b/internal/auditlog/constants.go
@@ -0,0 +1,36 @@
+package auditlog
+
+// Buffer and capture limits for audit logging.
+const (
+	// MaxBodyCapture is the maximum size of request/response bodies to capture (1MB).
+	// Prevents memory exhaustion from large payloads.
+	MaxBodyCapture int64 = 1024 * 1024
+
+	// MaxContentCapture is the maximum size of accumulated streaming content (1MB).
+	// Used by StreamLogWrapper to limit reconstructed response body size.
+	MaxContentCapture = 1024 * 1024
+
+	// SSEBufferSize is the rolling buffer size for extracting usage from SSE streams.
+	// Must be large enough to capture the final usage event containing token counts.
+	SSEBufferSize = 8192
+
+	// BatchFlushThreshold is the number of entries that triggers an immediate flush.
+	// When the batch reaches this size, it's written to storage without waiting for the timer.
+	BatchFlushThreshold = 100
+
+	// APIKeyHashPrefixLength is the number of hex characters from SHA256 hash.
+	// 16 hex chars = 64 bits of entropy for identification without exposure.
+	APIKeyHashPrefixLength = 16
+)
+
+// Context keys for storing audit log data in request context.
+type contextKey string
+
+const (
+	// LogEntryKey is the context key for storing the log entry.
+	LogEntryKey contextKey = "auditlog_entry"
+
+	// LogEntryStreamingKey is the context key for marking a request as streaming.
+	// When true, the middleware skips logging (StreamLogWrapper handles it instead).
+	LogEntryStreamingKey contextKey = "auditlog_entry_streaming"
+)
diff --git a/internal/auditlog/logger.go b/internal/auditlog/logger.go
@@ -99,23 +99,23 @@ func (l *Logger) flushLoop() {
 	ticker := time.NewTicker(l.flushInterval)
 	defer ticker.Stop()
 
-	batch := make([]*LogEntry, 0, 100)
+	batch := make([]*LogEntry, 0, BatchFlushThreshold)
 
 	for {
 		select {
 		case entry := <-l.buffer:
 			batch = append(batch, entry)
-			// Flush when batch reaches 100 entries
-			if len(batch) >= 100 {
+			// Flush when batch reaches threshold
+			if len(batch) >= BatchFlushThreshold {
 				l.flushBatch(batch)
-				batch = make([]*LogEntry, 0, 100)
+				batch = make([]*LogEntry, 0, BatchFlushThreshold)
 			}
 
 		case <-ticker.C:
 			// Periodic flush
 			if len(batch) > 0 {
 				l.flushBatch(batch)
-				batch = make([]*LogEntry, 0, 100)
+				batch = make([]*LogEntry, 0, BatchFlushThreshold)
 			}
 
 		case <-l.done:
diff --git a/internal/auditlog/middleware.go b/internal/auditlog/middleware.go
@@ -20,20 +20,8 @@ import (
 	"github.com/labstack/echo/v4"
 )
 
-// contextKey is a type for context keys to avoid collisions
-type contextKey string
-
-const (
-	// LogEntryKey is the context key for storing the log entry
-	LogEntryKey contextKey = "auditlog_entry"
-
-	// maxBodyCapture is the maximum size of request/response bodies to capture (1MB)
-	maxBodyCapture int64 = 1024 * 1024
-
-	// apiKeyHashPrefixLength is the number of hex characters to use from the SHA256 hash
-	// of API keys. 16 hex chars = 64 bits of entropy, reducing collision risk compared to 8.
-	apiKeyHashPrefixLength = 16
-)
+// Note: contextKey type and constants (LogEntryKey, LogEntryStreamingKey,
+// MaxBodyCapture, APIKeyHashPrefixLength) are defined in constants.go
 
 // Middleware creates an Echo middleware for audit logging.
 // It captures request metadata at the start and response metadata at the end,
@@ -88,7 +76,7 @@ func Middleware(logger LoggerInterface) echo.MiddlewareFunc {
 			// Capture request body if enabled
 			if cfg.LogBodies && req.Body != nil && req.ContentLength > 0 {
 				// Skip body capture if too large to prevent memory exhaustion
-				if req.ContentLength > maxBodyCapture {
+				if req.ContentLength > MaxBodyCapture {
 					entry.Data.RequestBodyTooBigToHandle = true
 				} else {
 					bodyBytes, err := io.ReadAll(req.Body)
@@ -180,11 +168,11 @@ type responseBodyCapture struct {
 }
 
 func (r *responseBodyCapture) Write(b []byte) (int, error) {
-	// Write to the capture buffer (limit to maxBodyCapture to avoid memory issues)
-	if r.body.Len() < int(maxBodyCapture) {
+	// Write to the capture buffer (limit to MaxBodyCapture to avoid memory issues)
+	if r.body.Len() < int(MaxBodyCapture) {
 		r.body.Write(b)
 		// Check if we just hit the limit
-		if r.body.Len() >= int(maxBodyCapture) {
+		if r.body.Len() >= int(MaxBodyCapture) {
 			r.truncated = true
 		}
 	}
@@ -224,7 +212,7 @@ func extractHeaders(headers map[string][]string) map[string]string {
 }
 
 // hashAPIKey creates a short hash of the API key for identification.
-// Returns first apiKeyHashPrefixLength hex characters of SHA256 hash.
+// Returns first APIKeyHashPrefixLength hex characters of SHA256 hash.
 func hashAPIKey(authHeader string) string {
 	// Extract token from "Bearer <token>"
 	token := strings.TrimPrefix(authHeader, "Bearer ")
@@ -234,7 +222,7 @@ func hashAPIKey(authHeader string) string {
 	}
 
 	hash := sha256.Sum256([]byte(token))
-	return hex.EncodeToString(hash[:])[:apiKeyHashPrefixLength]
+	return hex.EncodeToString(hash[:])[:APIKeyHashPrefixLength]
 }
 
 // EnrichEntry retrieves the log entry from context for enrichment by handlers.
diff --git a/internal/auditlog/stream_wrapper.go b/internal/auditlog/stream_wrapper.go
@@ -8,8 +8,8 @@ import (
 	"time"
 )
 
-// maxContentCapture is the maximum size of accumulated content (1MB)
-const maxContentCapture = 1024 * 1024
+// Note: MaxContentCapture, SSEBufferSize, and LogEntryStreamingKey
+// constants are defined in constants.go
 
 // streamResponseBuilder accumulates data from SSE events to reconstruct a response
 type streamResponseBuilder struct {
@@ -97,12 +97,12 @@ func (w *StreamLogWrapper) Read(p []byte) (n int, err error) {
 		if _, errBuf := w.buffer.Write(p[:n]); errBuf != nil {
 			return n, errBuf
 		}
-		// Keep only last 8KB to find "data: [DONE]" and usage
-		if w.buffer.Len() > 8192 {
+		// Keep only last SSEBufferSize bytes to find "data: [DONE]" and usage
+		if w.buffer.Len() > SSEBufferSize {
 			// Discard old data, keep recent
 			data := w.buffer.Bytes()
 			w.buffer.Reset()
-			if _, errBuf := w.buffer.Write(data[len(data)-8192:]); errBuf != nil {
+			if _, errBuf := w.buffer.Write(data[len(data)-SSEBufferSize:]); errBuf != nil {
 				return n, errBuf
 			}
 		}
@@ -201,8 +201,8 @@ func (w *StreamLogWrapper) parseChatCompletionEvent(event map[string]interface{}
 				}
 				// Extract and accumulate content
 				if content, ok := delta["content"].(string); ok && content != "" {
-					if !w.builder.truncated && w.builder.contentLen < maxContentCapture {
-						remaining := maxContentCapture - w.builder.contentLen
+					if !w.builder.truncated && w.builder.contentLen < MaxContentCapture {
+						remaining := MaxContentCapture - w.builder.contentLen
 						if len(content) > remaining {
 							content = content[:remaining]
 							w.builder.truncated = true
@@ -241,8 +241,8 @@ func (w *StreamLogWrapper) parseResponsesAPIEvent(event map[string]interface{})
 	case "response.output_text.delta":
 		// Accumulate text delta
 		if delta, ok := event["delta"].(string); ok && delta != "" {
-			if !w.builder.truncated && w.builder.contentLen < maxContentCapture {
-				remaining := maxContentCapture - w.builder.contentLen
+			if !w.builder.truncated && w.builder.contentLen < MaxContentCapture {
+				remaining := MaxContentCapture - w.builder.contentLen
 				if len(delta) > remaining {
 					delta = delta[:remaining]
 					w.builder.truncated = true
@@ -504,13 +504,12 @@ func GetStreamEntryFromContext(c interface{ Get(string) interface{} }) *LogEntry
 // MarkEntryAsStreaming marks the entry as a streaming request so the middleware
 // knows not to log it (the stream wrapper will handle logging).
 func MarkEntryAsStreaming(c interface{ Set(string, interface{}) }, isStreaming bool) {
-	// We use a simple marker in the context
-	c.Set(string(LogEntryKey)+"_streaming", isStreaming)
+	c.Set(string(LogEntryStreamingKey), isStreaming)
 }
 
 // IsEntryMarkedAsStreaming checks if the entry is marked as streaming.
 func IsEntryMarkedAsStreaming(c interface{ Get(string) interface{} }) bool {
-	val := c.Get(string(LogEntryKey) + "_streaming")
+	val := c.Get(string(LogEntryStreamingKey))
 	if val == nil {
 		return false
 	}
diff --git a/internal/server/handlers.go b/internal/server/handlers.go
@@ -26,6 +26,47 @@ func NewHandler(provider core.RoutableProvider, logger auditlog.LoggerInterface)
 	}
 }
 
+// handleStreamingResponse handles SSE streaming responses for both ChatCompletion and Responses endpoints.
+// It wraps the stream with audit logging and sets appropriate SSE headers.
+func (h *Handler) handleStreamingResponse(c echo.Context, streamFn func() (io.ReadCloser, error)) error {
+	// Mark as streaming so middleware doesn't log (StreamLogWrapper handles it)
+	auditlog.MarkEntryAsStreaming(c, true)
+	auditlog.EnrichEntryWithStream(c, true)
+
+	stream, err := streamFn()
+	if err != nil {
+		return handleError(c, err)
+	}
+
+	// Get entry from context and wrap stream for logging
+	entry := auditlog.GetStreamEntryFromContext(c)
+	streamEntry := auditlog.CreateStreamEntry(entry)
+	if streamEntry != nil {
+		streamEntry.StatusCode = http.StatusOK // Streaming always starts with 200 OK
+	}
+	wrappedStream := auditlog.WrapStreamForLogging(stream, h.logger, streamEntry, c.Request().URL.Path)
+	defer func() {
+		_ = wrappedStream.Close() //nolint:errcheck
+	}()
+
+	c.Response().Header().Set("Content-Type", "text/event-stream")
+	c.Response().Header().Set("Cache-Control", "no-cache")
+	c.Response().Header().Set("Connection", "keep-alive")
+
+	// Capture response headers on stream entry AFTER setting them
+	if streamEntry != nil && streamEntry.Data != nil {
+		streamEntry.Data.ResponseHeaders = map[string]string{
+			"Content-Type":  "text/event-stream",
+			"Cache-Control": "no-cache",
+			"Connection":    "keep-alive",
+		}
+	}
+
+	c.Response().WriteHeader(http.StatusOK)
+	_, _ = io.Copy(c.Response().Writer, wrappedStream)
+	return nil
+}
+
 // ChatCompletion handles POST /v1/chat/completions
 func (h *Handler) ChatCompletion(c echo.Context) error {
 	var req core.ChatRequest
@@ -42,43 +83,9 @@ func (h *Handler) ChatCompletion(c echo.Context) error {
 
 	// Handle streaming: proxy the raw SSE stream
 	if req.Stream {
-		// Mark as streaming so middleware doesn't log (StreamLogWrapper handles it)
-		auditlog.MarkEntryAsStreaming(c, true)
-		auditlog.EnrichEntryWithStream(c, true)
-
-		stream, err := h.provider.StreamChatCompletion(c.Request().Context(), &req)
-		if err != nil {
-			return handleError(c, err)
-		}
-
-		// Get entry from context and wrap stream for logging
-		entry := auditlog.GetStreamEntryFromContext(c)
-		streamEntry := auditlog.CreateStreamEntry(entry)
-		if streamEntry != nil {
-			streamEntry.StatusCode = http.StatusOK // Streaming always starts with 200 OK
-		}
-		wrappedStream := auditlog.WrapStreamForLogging(stream, h.logger, streamEntry, c.Request().URL.Path)
-		defer func() {
-			_ = wrappedStream.Close() //nolint:errcheck
-		}()
-
-		c.Response().Header().Set("Content-Type", "text/event-stream")
-		c.Response().Header().Set("Cache-Control", "no-cache")
-		c.Response().Header().Set("Connection", "keep-alive")
-
-		// Capture response headers on stream entry AFTER setting them
-		if streamEntry != nil && streamEntry.Data != nil {
-			streamEntry.Data.ResponseHeaders = map[string]string{
-				"Content-Type":  "text/event-stream",
-				"Cache-Control": "no-cache",
-				"Connection":    "keep-alive",
-			}
-		}
-
-		c.Response().WriteHeader(http.StatusOK)
-
-		_, _ = io.Copy(c.Response().Writer, wrappedStream)
-		return nil
+		return h.handleStreamingResponse(c, func() (io.ReadCloser, error) {
+			return h.provider.StreamChatCompletion(c.Request().Context(), &req)
+		})
 	}
 
 	// Non-streaming
@@ -125,43 +132,9 @@ func (h *Handler) Responses(c echo.Context) error {
 
 	// Handle streaming: proxy the raw SSE stream
 	if req.Stream {
-		// Mark as streaming so middleware doesn't log (StreamLogWrapper handles it)
-		auditlog.MarkEntryAsStreaming(c, true)
-		auditlog.EnrichEntryWithStream(c, true)
-
-		stream, err := h.provider.StreamResponses(c.Request().Context(), &req)
-		if err != nil {
-			return handleError(c, err)
-		}
-
-		// Get entry from context and wrap stream for logging
-		entry := auditlog.GetStreamEntryFromContext(c)
-		streamEntry := auditlog.CreateStreamEntry(entry)
-		if streamEntry != nil {
-			streamEntry.StatusCode = http.StatusOK // Streaming always starts with 200 OK
-		}
-		wrappedStream := auditlog.WrapStreamForLogging(stream, h.logger, streamEntry, c.Request().URL.Path)
-		defer func() {
-			_ = wrappedStream.Close() //nolint:errcheck
-		}()
-
-		c.Response().Header().Set("Content-Type", "text/event-stream")
-		c.Response().Header().Set("Cache-Control", "no-cache")
-		c.Response().Header().Set("Connection", "keep-alive")
-
-		// Capture response headers on stream entry AFTER setting them
-		if streamEntry != nil && streamEntry.Data != nil {
-			streamEntry.Data.ResponseHeaders = map[string]string{
-				"Content-Type":  "text/event-stream",
-				"Cache-Control": "no-cache",
-				"Connection":    "keep-alive",
-			}
-		}
-
-		c.Response().WriteHeader(http.StatusOK)
-
-		_, _ = io.Copy(c.Response().Writer, wrappedStream)
-		return nil
+		return h.handleStreamingResponse(c, func() (io.ReadCloser, error) {
+			return h.provider.StreamResponses(c.Request().Context(), &req)
+		})
 	}
 
 	// Non-streaming
