Closed rjeronedev closed 10 months ago
Hey @webidol, sorry for the late response! What I suggest, is to add a new parameter in the interceptor constructor to indicate which fields you want to mask. What do you think?
For instance:
@Module({
providers: [
{
provide: APP_INTERCEPTOR,
useClass: () => {
return new LoggingInterceptor({
// Will remove the "password" property in the request body (recursively?)
globalBodyParamsToFilter: ["password"],
// Will remove the "password" only for the POST /cats API
urlBodyParamsToFilter: [{
"url": "POST /cats",
"params": ["password"],
}]
});
},
},
],
})
Hi, @ccoeurderoy Thanks for your suggestion. It looks good. I will try it, then will let you know my opinions.
Hi. @ccoeurderoy I have tested your suggestion in my application.
But I cannot define useClass
like you. I have faced the Expected 0 arguments, but got 1
issue when creating the LoggingInterceptor
object.
{
provide: APP_INTERCEPTOR,
useClass: () => {
return new LoggingInterceptor({
// Will remove the "password" property in the request body (recursively?)
globalBodyParamsToFilter: ['password'],
// Will remove the "password" only for the POST /cats API
urlBodyParamsToFilter: [
{
url: 'POST /cats',
params: ['password'],
},
],
});
},
}
Also, I cannot find the globalBodyParamsToFilter
and urlBodyParamsToFilter
params definition part in the package source code.
@webidol it is normal it has not been implemented yet 😄 I was just asking you this to know if you expect to configure the interceptor like this or you had another idea in mind
@ccoeurderoy I am sorry for the misunderstanding. 😄 Your suggestion is similar to the solution which I thought. I will create PR for it.
Hi, @ccoeurderoy I have implemented the feature then, and I have created the PR. https://github.com/algoan/nestjs-components/pull/675
Recently, I can see the password parameter as plain text when login in. So, If anyone can see the log file he can know the user's password. I'd like to mask specific parameter in payload for Incomming request log