fix: install react-object as dependency (#37)

philippemiguet · web-flow · commit 6e4fe6592c82 · 2024-10-23T23:07:14.000+02:00
* feat(security): use new version of bufflog in publish to automatically redact sensitive data

* clean up

* fully redact res/req

* redact req/res from pino-http
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,7 +1,10 @@
 # Changelog
 
-## [0.5.3] - 2024-09-11
-- Will redact sensitive information by default
+## [0.5.8] - 2024-10-23
+- Redact req, res, context.req and context.res from logs - req and res at root level are added by pinot-http middleware
+
+## [0.5.3 - 0.5.7] - 2024-10-23
+- Do not use
 
 ## [0.5.2] - 2024-09-11
 - Upgraded `dd-trace` to latest version
diff --git a/bufflog.ts b/bufflog.ts
@@ -15,9 +15,13 @@ const pinoLogger = require('pino')({
         error: 400,
         fatal: 500
       },
-      // necessary if we want to override the level "number"
-      useOnlyCustomLevels: true,
+    // necessary if we want to override the level "number"
+    useOnlyCustomLevels: true,
 
+    redact: {
+        paths: ['req', 'res', 'context.req', 'context.res'],
+        censor: '[ REDACTED ]',
+    },
 });
 
 import redact from 'redact-object'
@@ -60,13 +64,17 @@ export function getLogger() {
 }
 
 function sanitizeContext(context?: object): object | undefined {
-    if (!context) {
-        return
-    }
-
-    return redact(context, KEYS_TO_REDACT, '[ REDACTED ]', {
-        ignoreUnknown: true,
-    })
+    // For now, to keep the change limited, disabling this
+    return context
+
+    // Will re-enable this after Campsite decision
+    // if (!context) {
+    //     return
+    // }
+    //
+    // return redact(context, KEYS_TO_REDACT, '[ REDACTED ]', {
+    //     ignoreUnknown: true,
+    // })
 }
 
 export function debug(message: string, context?: object) {
diff --git a/index.ts b/index.ts
@@ -35,6 +35,7 @@ app.get('/', (req, res) =>  {
     BuffLog.warning('hello warning');
     BuffLog.error('hello error');
     BuffLog.critical('hello critical');
+    BuffLog.notice("Notice log via endpoint with req and res in context", {req ,res});
     res.send({'hello': 'world'})
 });
 
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,12 +1,11 @@
 {
   "name": "@bufferapp/bufflog",
-  "version": "0.5.3",
+  "version": "0.5.8",
   "description": "logger for all javascript and typescript Buffer services",
   "main": "dist/bufflog.js",
   "scripts": {
     "start": "./node_modules/typescript/bin/tsc --pretty && node ./dist/index.js",
-    "build": "tsc",
-    "pre-publish": "tsc",
+    "build": "./node_modules/typescript/bin/tsc",
     "test": "echo \"Error: no test specified\" && exit 1"
   },
   "repository": {
@@ -25,12 +24,12 @@
     "@types/pino": "^5.15.5",
     "dd-trace": "5.22.0",
     "express": "4.20.0",
-    "redact-object": "3.0.1",
     "typescript": "4.9.5"
   },
   "dependencies": {
     "pino": "^5.16.0",
-    "pino-http": "~5.0.0"
+    "pino-http": "~5.0.0",
+    "redact-object": "3.0.1"
   },
   "types": "dist/bufflog.d.ts",
   "prepublish": "./node_modules/typescript/bin/tsc"
