search

algoan / nestjs-components

A list of useful components for NestJS applications
https://www.algoan.com
253 stars 41 forks source link

mask specific parameter in payload #611

Closed rjeronedev closed 10 months ago

rjeronedev commented 1 year ago

Recently, I can see the password parameter as plain text when login in. So, If anyone can see the log file he can know the user's password. I'd like to mask specific parameter in payload for Incomming request log

ccoeurderoy commented 1 year ago

Hey @webidol, sorry for the late response! What I suggest, is to add a new parameter in the interceptor constructor to indicate which fields you want to mask. What do you think?

For instance:

@Module({
  providers: [
    {
      provide: APP_INTERCEPTOR,
      useClass: () => {
        return new LoggingInterceptor({
             // Will remove the "password" property in the request body (recursively?)
             globalBodyParamsToFilter: ["password"],
             // Will remove the "password" only for the POST /cats API 
             urlBodyParamsToFilter: [{
               "url": "POST /cats",
                "params": ["password"],
             }]
        });
      },
    },
  ],
})
rjeronedev commented 1 year ago

Hi, @ccoeurderoy Thanks for your suggestion. It looks good. I will try it, then will let you know my opinions.

rjeronedev commented 1 year ago

Hi. @ccoeurderoy I have tested your suggestion in my application. But I cannot define useClass like you. I have faced the Expected 0 arguments, but got 1 issue when creating the LoggingInterceptor object.

{
  provide: APP_INTERCEPTOR,
  useClass: () => {
    return new LoggingInterceptor({
      // Will remove the "password" property in the request body (recursively?)
      globalBodyParamsToFilter: ['password'],
      // Will remove the "password" only for the POST /cats API
      urlBodyParamsToFilter: [
        {
          url: 'POST /cats',
          params: ['password'],
        },
      ],
    });
  },
}

Also, I cannot find the globalBodyParamsToFilter and urlBodyParamsToFilter params definition part in the package source code.

ccoeurderoy commented 1 year ago

@webidol it is normal it has not been implemented yet 😄 I was just asking you this to know if you expect to configure the interceptor like this or you had another idea in mind

rjeronedev commented 1 year ago

@ccoeurderoy I am sorry for the misunderstanding. 😄 Your suggestion is similar to the solution which I thought. I will create PR for it.

rjeronedev commented 1 year ago

Hi, @ccoeurderoy I have implemented the feature then, and I have created the PR. https://github.com/algoan/nestjs-components/pull/675