From e7ac41644028bf45021837e69592670b3b63ab38 Mon Sep 17 00:00:00 2001
From: Dan Sosedoff <dan.sosedoff@gmail.com>
Date: Fri, 2 Dec 2022 12:20:58 -0600
Subject: [PATCH] Sanitize connect token in logging

---
 pkg/api/logger.go | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/pkg/api/logger.go b/pkg/api/logger.go
index 8673caf..71de97d 100644
--- a/pkg/api/logger.go
+++ b/pkg/api/logger.go
@@ -2,6 +2,7 @@ package api
 
 import (
 	"net/http"
+	"regexp"
 	"strings"
 	"time"
 
@@ -11,7 +12,11 @@ import (
 
 const loggerMessage = "http_request"
 
-var logger *logrus.Logger
+var (
+	logger *logrus.Logger
+
+	reConnectToken = regexp.MustCompile("/connect/(.*)")
+)
 
 func init() {
 	if logger == nil {
@@ -34,9 +39,13 @@ func RequestLogger(logger *logrus.Logger) gin.HandlerFunc {
 		// Process request
 		c.Next()
 
-		// Skip logging static assets
-		if strings.Contains(path, "/static/") && !debug {
-			return
+		if !debug {
+			// Skip static assets logging
+			if strings.Contains(path, "/static/") {
+				return
+			}
+
+			path = sanitizeLogPath(path)
 		}
 
 		status := c.Writer.Status()
@@ -72,3 +81,7 @@ func RequestLogger(logger *logrus.Logger) gin.HandlerFunc {
 		}
 	}
 }
+
+func sanitizeLogPath(str string) string {
+	return reConnectToken.ReplaceAllString(str, "/connect/REDACTED")
+}