diff --git a/server/src/server/middlewares/errorMiddleware.ts b/server/src/server/middlewares/errorMiddleware.ts index 6fcff68b2..059d3bff5 100644 --- a/server/src/server/middlewares/errorMiddleware.ts +++ b/server/src/server/middlewares/errorMiddleware.ts @@ -65,18 +65,60 @@ export function formatResponseError(rawError: FastifyError | Boom | Err return result; } +const withoutSensibleFields = (obj: unknown, seen: Set): unknown => { + if (obj == null) return obj; + + if (typeof obj === "object") { + if (seen.has(obj)) { + return "(ref)"; + } + + seen.add(obj); + + if (Array.isArray(obj)) { + return obj.map((v) => withoutSensibleFields(v, seen)); + } + + if (obj instanceof Set) { + return Array.from(obj).map((v) => withoutSensibleFields(v, seen)); + } + + if (obj instanceof Map) { + return withoutSensibleFields(Object.fromEntries(obj.entries()), seen); + } + + return Object.fromEntries( + Object.entries(obj).map(([key, value]) => { + const lower = key.toLowerCase(); + if ( + lower.indexOf("token") !== -1 || + ["authorization", "password", "pwd"].includes(lower) + ) { + return [key, "*****"]; + } + + return [key, withoutSensibleFields(value, seen)]; + }) + ); + } + + if (typeof obj === "string") { + // max 2Ko + return obj.length > 2000 ? obj.substring(0, 2_000) + "..." : obj; + } + + return obj; +}; + export function errorMiddleware(server: Server) { server.setErrorHandler | Error | ZodError, { Reply: IResError }>( (rawError, _request, reply) => { const logGenericInfo = { req: { url: _request.url, - params: _request.params, - body: _request.body, - user: _request.user ? { - email: _request.user.email, - id: _request.user.id - } : undefined + params: withoutSensibleFields(_request.params, new Set([])), + body: withoutSensibleFields(_request.body, new Set()), + user: _request.user ? withoutSensibleFields(_request.user, new Set([])) : undefined }, res: { statusCode: reply.statusCode