github-actions[bot]
commented
1 year ago Hello there fage88 👋
Thank you for opening your very first issue in this project.
We will try to get back to you as soon as we can.👀
Closed fage88 closed 1 year ago
github-actions[bot]
commented
1 year ago Hello there fage88 👋
Thank you for opening your very first issue in this project.
We will try to get back to you as soon as we can.👀
WoH
commented
1 year ago You can catch/rethrow, or adapt the templates to suit your needs. I think that is the most reasonable approach
fage88
commented
1 year ago sure that makes sense, we can do that.
For applications that need to adhere to PII regulations, the current request validation logic returns data that could be PII
Sorting
I'm submitting a ...
I confirm that I
Expected Behavior
There needs to be a way to tell TSOA not to log as much data for validation exceptions in routes
Current Behavior
The entire request body is logged
Possible Solution
If there could be an option to turn to add the entire error context, that would be acceptable.
I believe this is the code in question https://github.com/lukeautry/tsoa/blob/65f8422e0589ca2c1f7e6df8b24eb5b68a441e91/packages/cli/src/routeGeneration/templates/koa.hbs#L95 and a conditional that only logs the message and not the "value" would be great
Steps to Reproduce
Context (Environment)
Version of the library: 5.1.1 Version of NodeJS: v18.18.1
Detailed Description
We are using TSOA for some backend applications that deal with medical data.
We have some regulatory requirements around PII and protecting user data.
We noticed today that when our APIs throw errors around illegal format of response it logs the entire response/request body, and that can contain PII.
For example
Breaking change?
Should not require a breaking change