Properties

• #enabled:Boolean

  Source:src/packages/logger/index.js:111

  A boolean flag that determines whether or not the logger is enabled.

• #filter:Object

  Source:src/packages/logger/index.js:40

  Hackers love logs. It's easy to get sensitive user information from log data if your server has been breached. To prevent leaking sensitive information in a potential attack, blacklist certain keys that should be filtered out of the logs.

  // config/environments/development.js
  export default {
    logging: {
      level: 'DEBUG',
      format: 'text',
      enabled: true,
      filter: {
        params: ['password']
      }
    }
  };
  

  Now that we've added password to the array of parameters we want to filter out of the logs, let's try to create a new user.

  POST /users HTTP/1.1
  Content-Type: application/vnd.api+json
  Host: 127.0.0.1:4000
  Connection: close
  User-Agent: Paw/3.0.14 (Macintosh; OS X/10.12.1) GCDHTTPRequest
  Content-Length: 188
  
  {
    "data": {
    "type": "users",
      "attributes": {
        "name": "Zachary Golba",
        "email": "[email protected]",
        "password": "vcZxniFYyfnFDcLn%nhe8Vrt"
      }
    }
  }
  

  The request above will yield the following log message.

  [2016-12-10T18:28:04.610Z] Processed POST "/users" from ::ffff:127.0.0.1
  with 201 Created by UsersController#create
  
  Params
  
  {
    "data": {
      "type": "users",
      "attributes": {
        "name": "Zachary Golba",
        "email": "[email protected]",
        "password": "[FILTERED]"
      }
    }
  }
  

  It worked! The password value did not leak into the log message.

• #format:String

  Source:src/packages/logger/index.js:31

  The output format of log data (text or json).

• #level:String

  Source:src/packages/logger/index.js:22

  The level your application should log (DEBUG, INFO, WARN, or ERROR).