Skip to content

Commit 1f400b3

Browse files
moritzrahomoritzraho
authored
fix: hide authorization header from debug logs (#181)
1 parent a0c5d17 commit 1f400b3

File tree

2 files changed

+68
-18
lines changed

2 files changed

+68
-18
lines changed

lib/AdobeState.js

Lines changed: 30 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -127,6 +127,11 @@ async function handleResponse (response, params) {
127127
}
128128
}
129129

130+
/** @private */
131+
function logDebug (op, url, reqOptions) {
132+
logger.debug(`${op} ${JSON.stringify({ url, ...utils.withHiddenFields(reqOptions, ['headers.Authorization']) })}`)
133+
}
134+
130135
/**
131136
* @abstract
132137
* @class AdobeState
@@ -185,7 +190,6 @@ class AdobeState {
185190
createRequestUrl (containerURLPath = '', queryObject = {}) {
186191
const urlString = `${this.endpoint}/containers/${this.namespace}${containerURLPath}`
187192

188-
logger.debug('requestUrl string', urlString)
189193
const requestUrl = new url.URL(urlString)
190194
// add the query params
191195
requestUrl.search = (new url.URLSearchParams(queryObject)).toString()
@@ -263,8 +267,6 @@ class AdobeState {
263267
* @memberof AdobeState
264268
*/
265269
async get (key) {
266-
logger.debug(`get '${key}'`)
267-
268270
const schema = {
269271
type: 'object',
270272
properties: {
@@ -289,8 +291,11 @@ class AdobeState {
289291
...this.getAuthorizationHeaders()
290292
}
291293
}
292-
logger.debug('get', requestOptions)
293-
const promise = this.fetchRetry.exponentialBackoff(this.createRequestUrl(`/data/${key}`), requestOptions)
294+
295+
const url = this.createRequestUrl(`/data/${key}`)
296+
logDebug('get', url, requestOptions)
297+
298+
const promise = this.fetchRetry.exponentialBackoff(url, requestOptions)
294299
const response = await _wrap(promise, { key })
295300
if (response.ok) {
296301
// we only expect string values
@@ -356,10 +361,11 @@ class AdobeState {
356361
body: value
357362
}
358363

359-
logger.debug('put', requestOptions)
364+
const url = this.createRequestUrl(`/data/${key}`, queryParams)
360365

366+
logDebug('put', url, requestOptions)
361367
const promise = this.fetchRetry.exponentialBackoff(
362-
this.createRequestUrl(`/data/${key}`, queryParams),
368+
url,
363369
requestOptions
364370
)
365371
await _wrap(promise, { key, value, ...options }, true)
@@ -400,9 +406,10 @@ class AdobeState {
400406
}))
401407
}
402408

403-
logger.debug('delete', requestOptions)
409+
const url = this.createRequestUrl(`/data/${key}`)
404410

405-
const promise = this.fetchRetry.exponentialBackoff(this.createRequestUrl(`/data/${key}`), requestOptions)
411+
logDebug('delete', url, requestOptions)
412+
const promise = this.fetchRetry.exponentialBackoff(url, requestOptions)
406413
const response = await _wrap(promise, { key })
407414
if (response.status === 404) {
408415
return null
@@ -429,8 +436,6 @@ class AdobeState {
429436
}
430437
}
431438

432-
logger.debug('deleteAll', requestOptions)
433-
434439
const schema = {
435440
type: 'object',
436441
properties: {
@@ -447,9 +452,12 @@ class AdobeState {
447452
}
448453

449454
const queryParams = { matchData: options.match }
455+
const url = this.createRequestUrl('', queryParams)
456+
457+
logDebug('deleteAll', url, requestOptions)
450458

451459
// ! be extra cautious, if the `matchData` param is not specified the whole container will be deleted
452-
const promise = this.fetchRetry.exponentialBackoff(this.createRequestUrl('', queryParams), requestOptions)
460+
const promise = this.fetchRetry.exponentialBackoff(url, requestOptions)
453461
const response = await _wrap(promise, {})
454462

455463
if (response.status === 404) {
@@ -474,9 +482,10 @@ class AdobeState {
474482
}
475483
}
476484

477-
logger.debug('any', requestOptions)
485+
const url = this.createRequestUrl()
486+
logDebug('any', url, requestOptions)
478487

479-
const promise = this.fetchRetry.exponentialBackoff(this.createRequestUrl(), requestOptions)
488+
const promise = this.fetchRetry.exponentialBackoff(url, requestOptions)
480489
const response = await _wrap(promise, {})
481490
return (response.status !== 404)
482491
}
@@ -495,9 +504,10 @@ class AdobeState {
495504
}
496505
}
497506

498-
logger.debug('stats', requestOptions)
507+
const url = this.createRequestUrl()
508+
logDebug('stats', url, requestOptions)
499509

500-
const promise = this.fetchRetry.exponentialBackoff(this.createRequestUrl(), requestOptions)
510+
const promise = this.fetchRetry.exponentialBackoff(url, requestOptions)
501511
const response = await _wrap(promise, {})
502512
if (response.status === 404) {
503513
return { keys: 0, bytesKeys: 0, bytesValues: 0 }
@@ -531,7 +541,6 @@ class AdobeState {
531541
...this.getAuthorizationHeaders()
532542
}
533543
}
534-
logger.debug('list', requestOptions)
535544

536545
const queryParams = {}
537546
if (options.match) {
@@ -568,8 +577,11 @@ class AdobeState {
568577
let cursor = 0
569578

570579
do {
580+
const url = stateInstance.createRequestUrl('/data', { ...queryParams, cursor })
581+
logDebug('list', url, requestOptions)
582+
571583
const promise = stateInstance.fetchRetry.exponentialBackoff(
572-
stateInstance.createRequestUrl('/data', { ...queryParams, cursor }),
584+
url,
573585
requestOptions
574586
)
575587
const response = await _wrap(promise, { ...queryParams, cursor })

test/AdobeState.test.js

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -73,12 +73,23 @@ jest.mock('@adobe/aio-lib-env', () => {
7373
}
7474
})
7575

76+
const mockLogDebug = jest.fn()
77+
const mockLogError = jest.fn()
78+
jest.mock('@adobe/aio-lib-core-logging', () => () => {
79+
return {
80+
debug: (...args) => mockLogDebug(...args),
81+
error: (...args) => mockLogError(...args)
82+
}
83+
})
84+
7685
// jest globals //////////////////////////////////////////////////////////
7786

7887
beforeEach(() => {
7988
delete process.env.AIO_STATE_ENDPOINT
8089
mockCLIEnv.mockReturnValue(DEFAULT_ENV)
8190
mockExponentialBackoff.mockReset()
91+
mockLogDebug.mockReset()
92+
mockLogError.mockReset()
8293
})
8394

8495
// //////////////////////////////////////////////////////////
@@ -748,3 +759,30 @@ describe('private methods', () => {
748759
expect(url).toEqual(`https://custom.abc.com/containers/${fakeCredentials.namespace}`)
749760
})
750761
})
762+
763+
test('log debug hides authorization header', async () => {
764+
const store = await AdobeState.init(fakeCredentials)
765+
766+
// get
767+
const expiryHeaderValue = '1707445350000'
768+
const options = {
769+
headersGet: (header) => {
770+
if (header === HEADER_KEY_EXPIRES) {
771+
return expiryHeaderValue
772+
}
773+
}
774+
}
775+
mockExponentialBackoff.mockResolvedValue(wrapInFetchResponse('value', options))
776+
777+
await store.get('a')
778+
await store.put('a', '1')
779+
await store.delete('a')
780+
await store.any()
781+
782+
mockExponentialBackoff.mockResolvedValue(wrapInFetchResponse(JSON.stringify({ keys: 1 })))
783+
await store.list().next
784+
await store.deleteAll({ match: 'a' })
785+
await store.stats()
786+
787+
expect(mockLogDebug).not.toHaveBeenCalledWith(expect.stringContaining(fakeCredentials.apikey))
788+
})

0 commit comments

Comments
 (0)