Open florianfelsing opened 1 month ago
Could you share your patch?
It can be tricky to have some generic solution: somebody may want to log messages with commands (/cmd some text
) others may want text of all messages because they don't have any sensitive information.
Sure:
module Telegram
module Bot
class UpdatesController
class LogSubscriber
FILTERED_PARAMS = %i[text].freeze
def start_processing(event)
info do
payload = event.payload
update = sanitize_sensitive_data(payload[:update])
"Processing by #{payload[:controller]}##{payload[:action]}\n " \
"Update: #{update.to_json}"
end
end
private
def sanitize_sensitive_data(update)
parameter_filter.filter(update)
end
def parameter_filter
@parameter_filter ||= ActiveSupport::ParameterFilter.new(FILTERED_PARAMS)
end
end
end
end
end
Maybe we could also leave the default as it is but provide a config option to enable filtering in logs?
Let me know if that makes sense to you / if you have any preferences regarding implementation and I'd be glad to work on this one some time during the week @printercu.
Right now the gem is basically logging the complete payload:
I think that especially in production settings it would be a good practice to at least obfuscate the text parts. As a default or via configuration.
For now I've monkey patched this in my app, but I think this would be a good thing to implement on the gem level? I'd be happy to help implement this.