Naveen Karnam
Reputation: 493
Logging http request without authorization/token header express-winston on openapi-generator-cli server stub
I am trying to use express-winston to log on my nodejs-express-server app.
This app is an openapi API server stub created from openapi-generator-cli.
Was referring to this post about excluding params while logging the request.
My intention here is to detect authorization header ("api_token") in the request and mask its value.
When I log request as is, without any filtering I see a massive log entry of about 1000+ lines after I JSON format it. I could use some pointers on
- Masking selected headers (Using express-winston or any other library)
- Reducing the request size on the log
Here's a filter I am trying out. Code follows.
function maskTokenFilter(req, propName) {
if(propName !== "headers" || propName !== "rawHeaders") {
return req[propName];
}
if(propName == "headers" ){
const { api_token, ...rest } = req.headers;
if(api_token) {
return Object.assign({api_token: '*** masked ***'},rest);
}
}
if(propName == "rawHeaders" ){
const { api_token, ...rest } = req.rawHeaders;
if(api_token) {
return Object.assign({api_token: '*** masked ***'},rest);
}
}
}
The complete request entry on express-winston log is shared here. (Note: I JSON formatted it for readability)
Upvotes: 3
Views: 707
Answers (0)
Related Questions
- Authenticating the request header with Express
- Log requests to nodejs express
- logging expressJS json requests
- Logging all requests in Node.js/Express
- Nodejs / Express / Winston logger: how to elegantly put req.headers.username in log format?
- Logging axios request and response headers
- Logging the request information with each request in winston
- Why winston is not logging http request
- Log all HTTP responses in Express
- Express-Winston: Write Express Access Logs to File