keep sensitive credentials out of logs

[websub-hub] / src / logger.js

diff --git a/src/logger.js b/src/logger.js
index 934c7dadd24868bd52ebd3826c022ea715a89365..00edfb8bcc0ceae419bd5e54a47bc0bb9b8684c9 100644 (file)
--- a/src/logger.js
+++ b/src/logger.js
@@ -66,6 +66,14 @@ class Logger {
   }
 
   payload(level, scope, message, data, ...other) {
+    // Try to keep credentials out of logs.
+    // This approach feels sort of jank, but it's better than nothing, for now.
+    if (data && data.ctx && data.ctx.parsedBody && data.ctx.parsedBody.credential) {
+      // Create copy of data
+      data = JSON.parse(JSON.stringify(data));
+      data.ctx.parsedBody.credential = '*'.repeat(data.ctx.parsedBody.credential.length);
+    }
+
     const now = new Date();
     return JSON.stringify({
       nodeId: this.nodeId,