lee/puter
1
0
Fork 0
mirror of https://github.com/HeyPuter/puter.git synced 2026-05-03 16:10:31 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Avoid logging sensitive query params

Browse Source
This commit is contained in:
KernelDeimos
2024-04-17 12:51:30 -04:00
parent c48c134869
commit e8ca6376be
1 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/backend/src/services/WebServerService.js
+18
View File
@@ -208,6 +208,24 @@ class WebServerService extends BaseService {
responseTime: parseFloat(responseTime),
};
if ( url.includes('android-icon') ) return;
// remove `puter.auth.*` query params
const safe_url = (u => {
// We need to prepend an arbitrary domain to the URL
const url = new URL('https://example.com' + u);
const search = url.searchParams;
for ( const key of search.keys() ) {
if ( key.startsWith('puter.auth.') ) search.delete(key);
}
return url.pathname + '?' + search.toString();
})(fields.url);
fields.url = safe_url;
// re-write message
message = [
fields.method, fields.url,
fields.status, fields.responseTime,
].join(' ');
const log = this.services.get('log-service').create('morgan');
log.info(message, fields);
}