express-winston - npm Package Compare versions

Comparing version 3.2.1 to 3.3.0

CHANGELOG.md

@@ -0,1 +1,4 @@
+## 3.3.0
+* Added: options.headerBlacklist ([#217](https://github.com/bithavoc/express-winston/pull/217), @maxday)
+
 ## 3.2.1
@@ -2,0 +5,0 @@ * Added: options.skip ([#214](https://github.com/bithavoc/express-winston/pull/214), [#147](https://github.com/bithavoc/express-winston/pull/147), @ahnkee)

index.js

@@ -73,2 +73,8 @@ // Copyright (c) 2012-2014 Heapsource.com and Contributors - http://www.heapsource.com
 /**
+ * A default list of headers in the request object that are not allowed to be logged.
+ * @type {Array}
+ */
+exports.defaultHeaderBlacklist = [];
+
+/**
  * A default function to filter the properties of the res object.
@@ -91,3 +97,3 @@ * @param res
 
-function filterObject(originalObj, whiteList, initialFilter) {
+function filterObject(originalObj, whiteList, headerBlacklist, initialFilter) {
 
@@ -103,3 +109,12 @@ var obj = {};
             fieldsSet = true;
+            if(propName === 'headers') {
+                [].concat(headerBlacklist).forEach(function (headerName) {
+                    var lowerCaseHeaderName = headerName ? headerName.toLowerCase() : null;
+                    if(obj[propName].hasOwnProperty(lowerCaseHeaderName)) {
+                        delete obj[propName][lowerCaseHeaderName];
+                    }
+                })
+            }
         }
+
     });
@@ -154,2 +169,3 @@
     options.requestFilter = options.requestFilter || exports.defaultRequestFilter;
+    options.headerBlacklist = options.headerBlacklist || exports.defaultHeaderBlacklist;
     options.winstonInstance = options.winstonInstance || (winston.createLogger({
@@ -179,3 +195,3 @@ transports: options.transports,
         var exceptionMeta = _.omit(options.exceptionToMeta(err), options.blacklistedMetaFields);
-        exceptionMeta.req = filterObject(req, options.requestWhitelist, options.requestFilter);
+        exceptionMeta.req = filterObject(req, options.requestWhitelist, options.headerBlacklist, options.requestFilter);
 
@@ -232,2 +248,3 @@ if(options.dynamicMeta) {
     options.bodyBlacklist = options.bodyBlacklist || exports.bodyBlacklist;
+    options.headerBlacklist = options.headerBlacklist || exports.defaultHeaderBlacklist;
     options.responseWhitelist = options.responseWhitelist || exports.responseWhitelist;
@@ -305,4 +322,4 @@ options.requestFilter = options.requestFilter || exports.defaultRequestFilter;
 
-              logData.req = filterObject(req, requestWhitelist, options.requestFilter);
-              logData.res = filterObject(res, responseWhitelist, options.responseFilter);
+              logData.req = filterObject(req, requestWhitelist, options.headerBlacklist, options.requestFilter);
+              logData.res = filterObject(res, responseWhitelist, options.headerBlacklist, options.responseFilter);
 
@@ -317,3 +334,3 @@ var bodyWhitelist = _.union(options.bodyWhitelist, (req._routeWhitelists.body || []));
                     var whitelist = _.difference(Object.keys(req.body), blacklist);
-                    filteredBody = filterObject(req.body, whitelist, options.requestFilter);
+                    filteredBody = filterObject(req.body, whitelist, options.headerBlacklist, options.requestFilter);
                   } else if (
@@ -324,5 +341,5 @@ requestWhitelist.indexOf('body') !== -1 &&
                   ) {
-                    filteredBody = filterObject(req.body, Object.keys(req.body), options.requestFilter);
+                    filteredBody = filterObject(req.body, Object.keys(req.body), options.headerBlacklist, options.requestFilter);
                   } else {
-                    filteredBody = filterObject(req.body, bodyWhitelist, options.requestFilter);
+                    filteredBody = filterObject(req.body, bodyWhitelist, options.headerBlacklist, options.requestFilter);
                   }
@@ -329,0 +346,0 @@ }

package.json

@@ -20,3 +20,3 @@ {
   ],
-  "version": "3.2.1",
+  "version": "3.3.0",
   "repository": {
@@ -23,0 +23,0 @@ "type": "git",

Readme.md

@@ -91,2 +91,3 @@ # express-winston
     dynamicMeta: function(req, res) { return [Object]; } // Extract additional meta data from request or response (typically req.user data if using passport). meta must be true for this function to be activated
+    headerBlacklist: [String], // Array of headers to omit from logs. Applied after any previous filters.
 
@@ -127,2 +128,3 @@ ```
     requestWhitelist: [String] // Array of request properties to log. Overrides global requestWhitelist for this instance
+    headerBlacklist: [String], // Array of headers to omit from logs. Applied after any previous filters.
     level: String or function(req, res, err) { return String; }// custom log level for errors (default is 'error'). Assign a function to dynamically set the log level based on request, response, and the exact error.
@@ -129,0 +131,0 @@ dynamicMeta: function(req, res, err) { return [Object]; } // Extract additional meta data from request or response (typically req.user data if using passport). meta must be true for this function to be activated

test/test.js

@@ -35,3 +35,5 @@ var mocks = require('node-mocks-http');
     headers: {
-      'header-1': 'value 1'
+      'header-1': 'value 1',
+      'header-2': 'value 2',
+      'header-3': 'value 3'
     },
@@ -169,19 +171,2 @@ query: {
 
-    it('should use the exported defaultRequestFilter', function() {
-      var originalRequestFilter = expressWinston.defaultRequestFilter;
-      expressWinston.defaultRequestFilter = function() {
-        return 'foo';
-      };
-
-      var options = {
-        req: {foo: "bar"}
-      };
-      return errorLoggerTestHelper(options).then(function (result) {
-        // Return to the original value for later tests
-        expressWinston.defaultRequestFilter = originalRequestFilter;
-
-        result.log.meta.req.url.should.equal('foo');
-      });
-    });
-
     describe('when middleware function encounters an error in the pipeline', function () {
@@ -1179,2 +1164,52 @@ it('should invoke the transport', function () {
 
+    describe('headerBlacklist option', function () {
+      it('should default to global defaultHeaderBlackList', function () {
+        return loggerTestHelper().then(function (result) {
+          result.log.meta.req.headers.should.have.property('header-1');
+          result.log.meta.req.headers.should.have.property('header-2');
+          result.log.meta.req.headers.should.have.property('header-3');
+        });
+      });
+
+      it('should use specified headerBlackList', function () {
+        var options = {
+          loggerOptions: {
+            headerBlacklist: ['header-1', 'Header-3']
+          }
+        };
+        return loggerTestHelper(options).then(function (result) {
+          result.log.meta.req.headers.should.not.have.property('header-1');
+          result.log.meta.req.headers.should.have.property('header-2');
+          result.log.meta.req.headers.should.not.have.property('header-3');
+        });
+      });
+
+      it('should not use specified headerBlackList since the requestWhiteList is empty', function () {
+        var options = {
+          loggerOptions: {
+            requestWhitelist: ['url'],
+            headerBlacklist: ['header-1']
+          }
+        };
+        return loggerTestHelper(options).then(function (result) {
+          result.log.meta.req.should.not.have.property('headers');
+        });
+      });
+
+      it('should not headerBlackList but since a requestFilter is set', function () {
+        const customRequestFilter = (req, propName) => {
+          return (propName !== 'headers') ? req[propName] : undefined;
+        }
+        var options = {
+          loggerOptions: {
+            requestFilter: customRequestFilter,
+            headerBlacklist: ['header-1']
+          }
+        };
+        return loggerTestHelper(options).then(function (result) {
+          result.log.meta.req.should.not.have.property('headers');
+        });
+      });
+    });
+
     describe('requestWhitelist option', function () {
@@ -1364,2 +1399,8 @@ it('should default to global requestWhitelist', function () {
 
+  describe('.defaultHeaderBlacklist', function () {
+    it('should be an array with all the header which are prevented to be logged', function () {
+      expressWinston.defaultHeaderBlacklist.should.be.an.Array();
+    });
+  });
+
   describe('.defaultRequestFilter', function () {
@@ -1366,0 +1407,0 @@ it('should be a function', function () {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

93583

increased by3.19%

Lines of code

1612

increased by3.47%

Number of lines in readme file

483

increased by0.42%

No dependency changes