Sanitize connect token in logging

2022-12-02 12:20:58 -06:00 · 2022-12-02 12:20:58 -06:00 · e7ac416440
commit e7ac416440
parent f19f165afc
1 changed files with 17 additions and 4 deletions
--- a/pkg/api/logger.go
+++ b/pkg/api/logger.go
@ -2,6 +2,7 @@ package api

 import (
 	"net/http"
+	"regexp"
 	"strings"
 	"time"

@ -11,7 +12,11 @@ import (

 const loggerMessage = "http_request"

-var logger *logrus.Logger
+var (
+	logger *logrus.Logger
+
+	reConnectToken = regexp.MustCompile("/connect/(.*)")
+)

 func init() {
 	if logger == nil {
@ -34,9 +39,13 @@ func RequestLogger(logger *logrus.Logger) gin.HandlerFunc {
 		// Process request
 		c.Next()

-		// Skip logging static assets
-		if strings.Contains(path, "/static/") && !debug {
-			return
+		if !debug {
+			// Skip static assets logging
+			if strings.Contains(path, "/static/") {
+				return
+			}
+
+			path = sanitizeLogPath(path)
 		}

 		status := c.Writer.Status()
@ -72,3 +81,7 @@ func RequestLogger(logger *logrus.Logger) gin.HandlerFunc {
 		}
 	}
 }
+
+func sanitizeLogPath(str string) string {
+	return reConnectToken.ReplaceAllString(str, "/connect/REDACTED")
+}