Skip to Main Content

Properties

  • Source:src/packages/logger/index.js:111

    A boolean flag that determines whether or not the logger is enabled.

  • Source:src/packages/logger/index.js:40

    Hackers love logs. It's easy to get sensitive user information from log data if your server has been breached. To prevent leaking sensitive information in a potential attack, blacklist certain keys that should be filtered out of the logs.

    // config/environments/development.js
    export default {
      logging: {
        level: 'DEBUG',
        format: 'text',
        enabled: true,
        filter: {
          params: ['password']
        }
      }
    };
    

    Now that we've added password to the array of parameters we want to filter out of the logs, let's try to create a new user.

    POST /users HTTP/1.1
    Content-Type: application/vnd.api+json
    Host: 127.0.0.1:4000
    Connection: close
    User-Agent: Paw/3.0.14 (Macintosh; OS X/10.12.1) GCDHTTPRequest
    Content-Length: 188
    
    {
      "data": {
      "type": "users",
        "attributes": {
          "name": "Zachary Golba",
          "email": "[email protected]",
          "password": "vcZxniFYyfnFDcLn%nhe8Vrt"
        }
      }
    }
    

    The request above will yield the following log message.

    [2016-12-10T18:28:04.610Z] Processed POST "/users" from ::ffff:127.0.0.1
    with 201 Created by UsersController#create
    
    Params
    
    {
      "data": {
        "type": "users",
        "attributes": {
          "name": "Zachary Golba",
          "email": "[email protected]",
          "password": "[FILTERED]"
        }
      }
    }
    

    It worked! The password value did not leak into the log message.

  • Source:src/packages/logger/index.js:31

    The output format of log data (text or json).

  • Source:src/packages/logger/index.js:22

    The level your application should log (DEBUG, INFO, WARN, or ERROR).

Methods