}
payload(level, scope, message, data, ...other) {
+ // Try to keep credentials out of logs.
+ // This approach feels sort of jank, but it's better than nothing, for now.
+ if (data && data.ctx && data.ctx.parsedBody && data.ctx.parsedBody.credential) {
+ // Create copy of data
+ data = JSON.parse(JSON.stringify(data));
+ data.ctx.parsedBody.credential = '*'.repeat(data.ctx.parsedBody.credential.length);
+ }
+
const now = new Date();
return JSON.stringify({
nodeId: this.nodeId,
/**
- * Same as super.ingestBody, but if no body was sent, do not parse (and
+ * Similar to super.ingestBody, but if no body was sent, do not parse (and
* thus avoid possible unsupported media type error).
+ * Also removes raw body from context, to simplify scrubbing sensitive data from logs.
* @param {http.ClientRequest} req
* @param {http.ServerResponse} res
* @param {Object} ctx
const contentType = Dingus.getRequestContentType(req);
if (ctx.rawBody) {
this.parseBody(contentType, ctx);
+ delete ctx.rawBody;
}
}
logger = new Logger(config);
logger.info();
});
+
+ it('masks credentials', function () {
+ logger = new Logger(config);
+ logger.info('testScope', 'message', {
+ ctx: {
+ parsedBody: {
+ identity: 'username',
+ credential: 'password',
+ },
+ },
+ });
+ });
+
}); // Logger
projects / websub-hub / commitdiff