algoan / nestjs-components

A list of useful components for NestJS applications
https://www.algoan.com
254 stars 40 forks source link

[Logging] Masking authorization header #822

Closed amarlankri closed 11 months ago

amarlankri commented 11 months ago

Add option to LoggingInterceptor to mask sensitive data of header request from the log.

Description

The solution implemented is described in #818.

Motivation and Context

Currently, all the headers of the request are logged: https://github.com/algoan/nestjs-components/blob/c0b9a71f332d35d0a2e7f7fcc588d322bae6a95c/packages/logging-interceptor/src/logging.interceptor.ts#L72-L80

However, those headers may contain sensitive data. Especially, the authorization header may contain a JWT which can encode sensitive data, readable by anyone once decoded. So, the logging interceptor should provide a way to mask request headers.

Fix #818

Types of changes