I am trying to use express-winston to log on my nodejs-express-server app. This app is an openapi API server stub created from openapi-generator-cli.
Was referring to this post about excluding params while logging the request. My intention here is to detect authorization header ("api_token") in the request and mask its value. When I log request as is, without any filtering I see a massive log entry of about 1000+ lines after I JSON format it. I could use some pointers on
- Masking selected headers (Using express-winston or any other library)
- Reducing the request size on the log
Here's a filter I am trying out. Code follows.
function maskTokenFilter(req, propName) {
if(propName !== "headers" || propName !== "rawHeaders") {
return req[propName];
}
if(propName == "headers" ){
const { api_token, ...rest } = req.headers;
if(api_token) {
return Object.assign({api_token: '*** masked ***'},rest);
}
}
if(propName == "rawHeaders" ){
const { api_token, ...rest } = req.rawHeaders;
if(api_token) {
return Object.assign({api_token: '*** masked ***'},rest);
}
}
}
The complete request entry on express-winston log is shared here. (Note: I JSON formatted it for readability)
from Logging http request without authorization/token header express-winston on openapi-generator-cli server stub
No comments:
Post a Comment