request body missing - Githubissues

bithavoc / express-winston

express.js middleware for winstonjs

https://www.npmjs.com/package/express-winston

MIT License

797 stars 187 forks source link

request body missing #44

Closed gotmikhail closed 9 years ago

gotmikhail commented 9 years ago

I haven't had luck in getting req.body to print out in the log.

Here's what I'm getting:

{
  "req": {
    "url": "/user/invite",
    "headers": {
      "host": "192.168.1.223:3000",
      "connection": "keep-alive",
      "content-length": "164",
      "cache-control": "no-cache",
      "origin": "chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop",
      "content-type": "application/json",
      "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2202.3 Safari/537.36",
      "postman-token": "d3e5d8db-4a65-d10f-02e9-2fa2c4692838",
      "accept": "*/*",
      "dnt": "1",
      "accept-encoding": "gzip, deflate",
      "accept-language": "en-US,en;q=0.8"
    },
    "method": "POST",
    "httpVersion": "1.1",
    "originalUrl": "/user/invite",
    "query": {}
  },
  "res": {
    "statusCode": 200
  },
  "responseTime": 82,
  "level": "info",
  "message": "HTTP POST /user/invite { product: 'TouchCare' }",
  "timestamp": "2014-10-28T20:49:40.212Z"
}

floatingLomas commented 9 years ago

req.body is by default not included because it will often contain things that shouldn't be logged like passwords, so be sure you want to do it before you do.

Since you have now been warned, you can add it by adding

expressWinston.requestWhitelist.push('body');

somewhere after loading expressWinston and before app.useing expressWinston.logger.

gotmikhail commented 9 years ago

Perfect!

Completely understand the danger of logging the req.body. We have different transports defined just to handle things like passwords, plus the logging behaves differently based on whether NODE_ENV is development or production.

gotmikhail commented 9 years ago

Actually, trying it out I still haven't gotten it to successfully print req.body.

Will the whitelist still work with the winstonInstance option? Here's a snippet of my code:

var expressWinston = require('express-winston');

Later in the code:

expressWinston.requestWhitelist.push('body');
app.use(expressWinston.logger({
    winstonInstance: logHandler.logger
}));

No req.body is sent to the log.

Logging out the req.body myself, you get:

{
    "user": {
      "email": "m1@2.3"
    }
}

floatingLomas commented 9 years ago

Honestly, I haven't used this library much since 2012, so I'm kinda winging it. :) Try doing expressWinston. bodyWhitelist.push('user'); with and without the requestWhitelist; that might solve it.

robbiet480 commented 9 years ago

I'm also experiencing this issue. I added these lines before adding in express-winston:

expressWinston.requestWhitelist.push('body');
expressWinston.requestWhitelist.push('session');
expressWinston.requestWhitelist.push('sessionID');
expressWinston.requestWhitelist.push('user');
expressWinston.bodyWhitelist.push('address');
expressWinston.bodyWhitelist.push('content');
expressWinston.bodyWhitelist.push('features');

bithavoc commented 9 years ago

Fixed now see #52 and #53