Revert "Sanitize sensitive fields in request header and body in logger (#5279)"
This reverts commit 2ae4678da4.
This commit is contained in:
Ilango
GitHub
parent
2ae4678da4
commit
96e64f4df5
|
|
@ -38,8 +38,6 @@ PORT=3000
|
|||
# DEBUG=true
|
||||
# LOG_PATH=/your_log_path/.flowise/logs
|
||||
# LOG_LEVEL=info #(error | warn | info | verbose | debug)
|
||||
# LOG_SANITIZE_BODY_FIELDS=password,pwd,pass,secret,token,apikey,api_key,accesstoken,access_token,refreshtoken,refresh_token,clientsecret,client_secret,privatekey,private_key,secretkey,secret_key,auth,authorization,credential,credentials
|
||||
# LOG_SANITIZE_HEADER_FIELDS=authorization,x-api-key,x-auth-token,cookie
|
||||
# TOOL_FUNCTION_BUILTIN_DEP=crypto,fs
|
||||
# TOOL_FUNCTION_EXTERNAL_DEP=moment,lodash
|
||||
# ALLOW_BUILTIN_DEP=false
|
||||
|
|
|
|||
|
|
@ -193,71 +193,28 @@ requestLogger = createLogger({
|
|||
]
|
||||
})
|
||||
|
||||
function getSensitiveBodyFields(): string[] {
|
||||
return (process.env.LOG_SANITIZE_BODY_FIELDS as string)
|
||||
.toLowerCase()
|
||||
.split(',')
|
||||
.map((f) => f.trim())
|
||||
}
|
||||
|
||||
function getSensitiveHeaderFields(): string[] {
|
||||
return (process.env.LOG_SANITIZE_HEADER_FIELDS as string)
|
||||
.toLowerCase()
|
||||
.split(',')
|
||||
.map((f) => f.trim())
|
||||
}
|
||||
|
||||
function sanitizeObject(obj: any): any {
|
||||
if (!obj || typeof obj !== 'object') return obj
|
||||
|
||||
const sensitiveFields = getSensitiveBodyFields()
|
||||
const sanitized = Array.isArray(obj) ? [...obj] : { ...obj }
|
||||
Object.keys(sanitized).forEach((key) => {
|
||||
const lowerKey = key.toLowerCase()
|
||||
if (sensitiveFields.includes(lowerKey)) {
|
||||
sanitized[key] = '********'
|
||||
} else if (typeof sanitized[key] === 'string') {
|
||||
if (sanitized[key].includes('@') && sanitized[key].includes('.')) {
|
||||
sanitized[key] = sanitized[key].replace(/([^@\s]+)@([^@\s]+)/g, '**********')
|
||||
}
|
||||
}
|
||||
})
|
||||
|
||||
return sanitized
|
||||
}
|
||||
|
||||
export function expressRequestLogger(req: Request, res: Response, next: NextFunction): void {
|
||||
const unwantedLogURLs = ['/api/v1/node-icon/', '/api/v1/components-credentials-icon/', '/api/v1/ping']
|
||||
|
||||
if (/\/api\/v1\//i.test(req.url) && !unwantedLogURLs.some((url) => new RegExp(url, 'i').test(req.url))) {
|
||||
const isDebugLevel = logger.level === 'debug' || process.env.DEBUG === 'true'
|
||||
// Create a sanitized copy of the request body
|
||||
const sanitizedBody = { ...req.body }
|
||||
if (sanitizedBody.password) {
|
||||
sanitizedBody.password = '********'
|
||||
}
|
||||
|
||||
const requestMetadata: any = {
|
||||
// Use the shared requestLogger with request-specific metadata
|
||||
const requestMetadata = {
|
||||
request: {
|
||||
method: req.method,
|
||||
url: req.url,
|
||||
params: req.params
|
||||
body: sanitizedBody, // Use sanitized body instead of raw body
|
||||
query: req.query,
|
||||
params: req.params,
|
||||
headers: req.headers
|
||||
}
|
||||
}
|
||||
|
||||
// Only include headers, body, and query if log level is debug
|
||||
if (isDebugLevel) {
|
||||
const sanitizedBody = sanitizeObject(req.body)
|
||||
const sanitizedQuery = sanitizeObject(req.query)
|
||||
const sanitizedHeaders = { ...req.headers }
|
||||
|
||||
const sensitiveHeaders = getSensitiveHeaderFields()
|
||||
sensitiveHeaders.forEach((header) => {
|
||||
if (sanitizedHeaders[header]) {
|
||||
sanitizedHeaders[header] = '********'
|
||||
}
|
||||
})
|
||||
|
||||
requestMetadata.request.body = sanitizedBody
|
||||
requestMetadata.request.query = sanitizedQuery
|
||||
requestMetadata.request.headers = sanitizedHeaders
|
||||
}
|
||||
|
||||
const getRequestEmoji = (method: string) => {
|
||||
const requetsEmojis: Record<string, string> = {
|
||||
GET: '⬇️',
|
||||
|
|
|
|||
Loading…
Reference in New Issue