🐛 Bug Report: LogDecorator mistakenly redacted function parameters when LoggingLevel = debug

tam-endue commented 3 months ago

📜 Description

When LOGGING_LEVEL set to debug, the @LogDecorator set methods parameters that are sensitive fields like email to REDACTED, which lead to issue with the api /widgets/session/initialize, which ever body param sent, it will always return "Email must be an email" error message.

👟 Reproduction steps

Set LOGGING_LEVEL to debug
Initialize session using /widgets/session/initialize

👍 Expected behavior

Initialize session successfully and return token

👎 Actual Behavior with Screenshots

InitializeSessionCommand {
  subscriberId: 'endue199381',
  applicationIdentifier: 'xxxxx',
  email: '[REDACTED]',
  firstName: '[REDACTED]',
  lastName: '[REDACTED]',
  phone: '[REDACTED]',
  hmacHash: 'xyz'
}

Novu version

0.24.2

npm version

No response

node version

No response

📃 Provide any additional context for the Bug.

No response

👀 Have you spent some time to check if this bug has been raised before?

[X] I checked and didn't find a similar issue

🏢 Have you read the Contributing Guidelines?

[X] I have read the Contributing Guidelines

Are you willing to submit PR?

None

linear[bot] commented 3 months ago

NV-3838 🐛 Bug Report:

tam-endue commented 3 months ago

@scopsy look like you knows the LogDecorator class well, maybe you want to take a look

rifont commented 3 months ago

Thanks for reporting this @tam-endue .

We've encountered this issue too (Linear ref: NV-3274) . We traced the root cause back to fast-redact as a 4th layer transitive dependency of nestjs-pino, which mutates the objects passed for redaction in place.

Unfortunately the fix hasn't yet arrived in our direct dependency. Our only option as of now is to specify an overrides in the monorepo root package.json to manually specify the fix version.

Would you be open to submitting a PR for this fix?

novuhq / novu