add support for obfuscated parameters

Now you may override the method 'sensitive_parameters' with a list of parameters that should be obfuscated on the log. If the lib is loaded on a Rails application, uses the 'filter_parameters' attribute as default value for 'sensitive_parameters'.
2026-03-25 08:55:47 +00:00 · 2015-05-29 18:35:13 -03:00 · 2015-05-29 18:35:13 -03:00 · 1b834e1dc1
commit 1b834e1dc1
parent 9e247e0909
1 changed files with 13 additions and 1 deletions
--- a/lib/grape_logging/middleware/request_logger.rb
+++ b/lib/grape_logging/middleware/request_logger.rb
@ -29,7 +29,7 @@ module GrapeLogging
      def parameters
        {
            path: request.path,
-            params: request.params.to_hash,
+            params: obfuscate_parameters(request.params),
            method: request.request_method,
            total: total_runtime,
            db: @db_duration.round(2),
@ -57,6 +57,18 @@ module GrapeLogging
      def stop_time
        @stop_time ||= Time.now
      end
+
+      def obfuscate_parameters(request_parameters)
+        filtered_parameters = request_parameters.clone.to_hash
+        sensitive_parameters.each do |param|
+          filtered_parameters[param.to_s] = '***'
+        end
+        filtered_parameters
+      end
+
+      def sensitive_parameters
+        defined?(Rails.application) ? Rails.application.config.filter_parameters : []
+      end
    end
  end
 end