Closed floridemai closed 7 years ago
Is this with Hapi? I've tried to redact req.headers.cookie
which seems to modify the actual outgoing request object, crashing Hapi.
Can you please provide an example to reproduce the issue?
@mcollina see https://github.com/novemberborn/_pino-noir-hapi-repro.
I think there the issues are unrelated. The example given for Hapi causes seemingly infinite log output (probably a circular recursion problem). Uncomment https://github.com/novemberborn/_pino-noir-hapi-repro/blob/b0a40659bb2e4a3046095690d88f9c30cfbda3a9/index.js#L42 to see.
Redacting cookies is tricky because asReqValue
needs to be copied out of hapi-pino
. But then if the cookie is present, it actually crashes Hapi. See: https://github.com/novemberborn/_pino-noir-hapi-repro/blob/b0a40659bb2e4a3046095690d88f9c30cfbda3a9/index.js#L46:L48
Clone the repo, run npm install
, and then node index.js
. It should start a server at http://localhost:8000/hello.
ok here's the problem (thanks @novemberborn for the example)
server.ext('onRequest')
hook creates a child logger of the request object as ({req: request})
Redacted
placeholder instance - important to note here that Redacted
objects retain a reference to the parent object - hence.. a circular referencethis.stringify
in pino - which is fast-safe-stringify
- the point of fast-safe-stringify
is to work around circular references (maybe we can see where this is going)Redacted
instance (https://github.com/davidmarkclements/fast-safe-stringify/pull/17) - this is to ensure that the original object (pre-redaction) is scoped out for circular references by fast-safe-stringify parent
property as a circular - and since at this moment req.headers.cookie.parent === req.headers
it marks it as a circular reference, replacing the parent key with a Circular
placeholder instance , and the val
is set to the Redacted
placeholder instanceCircular.prototype
replaces the parent with the value (as usual) - however the because the value is now Redacted
instance instead of the cookie string we've left the wrong value on the objectreplace
method on cookies
(which is header.cookie
) expecting it to be a string, and it isn't a string - server crashes. This is going to be a tricky fix, but here's what I reckon is best for minimum impact
forceDecircOnSingleKey
(better names welcome) parent.toJSON.forceDecircOnSingleKey === k
about... here https://github.com/davidmarkclements/fast-safe-stringify/blob/master/index.js#L32Redacted.prototype.toJSON.forceDecircOnSingleKey = 'val'
@mcollina I'd welcome less ugly ideas - bear in mind I still want to keep fast-safe-stringify legacy compatible (including older browsers etc) so using Symbols is out
@mcollina / @davidmarkclements , I'm facing the same exact issue on hapi.. what was the resolution for this ?
Versions i'm using :-
├─┬ hapi-pino@2.1.1 │ └─┬ pino@4.10.3 ├── pino-noir@2.0.0
Tried to use
pino-noir
in the following way:Server hangs. Note that the
created
property is redacted on the server start event and the bug seems to kick in when having to deal with the request headers.