Merge pull request #76 from IABTechLab/ans-UID2-3670-prevent-tcportal…

…-logging-full-request-content Prevent tcportal logging full request content with authorization
IABTechLab · Sep 18, 2024 · 594e6b7 · 594e6b7
2 parents 4230765 + 2f10790
commit 594e6b7
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/src/app.ts b/src/app.ts
@@ -10,7 +10,7 @@ import winston from 'winston';
 
 import makeMetricsApiMiddleware from './middleware/metrics';
 import indexRouter from './routes/index';
-import logger from './utils/logging';
+import logger, { getLoggingMiddleware } from './utils/logging';
 import {
   environment, ID_TYPE, LOCALE_FOLDER, VIEW_FOLDER, 
 } from './utils/process';
@@ -29,6 +29,8 @@ const layoutPath = path.join(viewPath, 'layouts');
 app.set('views', viewPath);
 app.set('view engine', 'hbs');
 
+app.use(getLoggingMiddleware());
+
 app.use(
   makeMetricsApiMiddleware({
     port: 9082,

diff --git a/src/utils/logging.ts b/src/utils/logging.ts
@@ -1,3 +1,4 @@
+import expressWinston from 'express-winston';
 import winston, { createLogger } from 'winston';
 
 import { isProduction } from './process';
@@ -10,4 +11,11 @@ const logger = createLogger({
   ],
 });
 
+const headersToRedact = ['authorization'];
+
+export const getLoggingMiddleware = () => expressWinston.logger({
+  winstonInstance: logger,
+  headerBlacklist: headersToRedact,
+});
+
 export default logger;