Skip to content

Commit

Permalink
BC-7804 - prevent logging of headers (#3508)
Browse files Browse the repository at this point in the history
  • Loading branch information
@virgilchiriac
virgilchiriac authored Aug 26, 2024
1 parent eaf7992 commit 129820d
Show file tree
Hide file tree
Showing 4 changed files with 66 additions and 47 deletions.
22 changes: 17 additions & 5 deletions app.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -238,19 +238,25 @@ const isTimeoutError = (err) => err && err.message && (
|| err.message.includes('ETIMEDOUT')
);

app.use((err, req, res, next) => {
const errorHandler = (err) => {
const error = err.error || err;
const status = error.status || error.statusCode || 500;
error.statusCode = status;

if (!error.options) {
error.options = {};
// prevent logging jwts and x-api-keys
if (error.options && error.options.headers) {
delete error.options.headers;
}

return { error, status };
};

app.use((err, req, res, next) => {
const { error, status } = errorHandler(err);

if (!res.locals) {
res.locals = {};
}
// prevent logging jwts and x-api-keys
delete error.options.headers;

if (Configuration.get('FEATURE_LOG_REQUEST') === true) {
const reqInfo = {
Expand Down Expand Up @@ -303,4 +309,10 @@ app.use((err, req, res, next) => {
});
});

process.on('unhandledRejection', (err) => {
const { error } = errorHandler(err);
error.message = `unhandledRejection: ${error.message}`;
logger.error(error);
});

module.exports = app;
87 changes: 46 additions & 41 deletions controllers/files.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -672,52 +672,57 @@ router.get('/courses/', (req, res, next) => {

router.get('/courses/:courseId/:folderId?', FileGetter, async (req, res, next) => {
const basePath = '/files/courses/';
const record = await api(req).get(`/courses/${req.params.courseId}`);
res.locals.files.files = res.locals.files.files.map(addThumbnails);
let canCreateFile = true;
try {
const record = await api(req).get(`/courses/${req.params.courseId}`);

let breadcrumbs = [{
title: res.$t('files.label.filesFromMyCourse'),
url: basePath,
dataTestId: 'navigate-to-my-courses-files',
}, {
title: record.name,
url: basePath + record._id,
dataTestId: 'navigate-to-my-files-in-course',
}];
res.locals.files.files = res.locals.files.files.map(addThumbnails);
let canCreateFile = true;

if (req.params.folderId) {
const folderBreadcrumbs = (await getBreadcrumbs(req, req.params.folderId)).map((crumb) => {
crumb.url = `${basePath}${record._id}/${crumb.id}`;
return crumb;
});
breadcrumbs = [...breadcrumbs, ...folderBreadcrumbs];
}
let breadcrumbs = [{
title: res.$t('files.label.filesFromMyCourse'),
url: basePath,
dataTestId: 'navigate-to-my-courses-files',
}, {
title: record.name,
url: basePath + record._id,
dataTestId: 'navigate-to-my-files-in-course',
}];

if (['Schüler'].includes(res.locals.currentRole)) {
canCreateFile = false;
}
if (req.params.folderId) {
const folderBreadcrumbs = (await getBreadcrumbs(req, req.params.folderId)).map((crumb) => {
crumb.url = `${basePath}${record._id}/${crumb.id}`;
return crumb;
});
breadcrumbs = [...breadcrumbs, ...folderBreadcrumbs];
}

res.locals.files.files = getFilesWithSaveName(res.locals.files.files);
if (['Schüler'].includes(res.locals.currentRole)) {
canCreateFile = false;
}

res.render('files/files', {
title: res.$t('files.headline.courseFiles'),
canUploadFile: true,
canCreateDir: true,
canCreateFile,
path: res.locals.files.path,
inline: req.query.inline || req.query.CKEditor,
CKEditor: req.query.CKEditor,
breadcrumbs,
showSearch: false,
courseId: req.params.courseId,
ownerId: req.params.courseId,
toCourseText: res.$t('global.button.toCourse'),
courseUrl: `/rooms/${req.params.courseId}`,
canEditPermissions: true,
parentId: req.params.folderId,
...res.locals.files,
});
res.locals.files.files = getFilesWithSaveName(res.locals.files.files);

res.render('files/files', {
title: res.$t('files.headline.courseFiles'),
canUploadFile: true,
canCreateDir: true,
canCreateFile,
path: res.locals.files.path,
inline: req.query.inline || req.query.CKEditor,
CKEditor: req.query.CKEditor,
breadcrumbs,
showSearch: false,
courseId: req.params.courseId,
ownerId: req.params.courseId,
toCourseText: res.$t('global.button.toCourse'),
courseUrl: `/rooms/${req.params.courseId}`,
canEditPermissions: true,
parentId: req.params.folderId,
...res.locals.files,
});
} catch (error) {
next(error);
}
});

router.get('/teams/', (req, res, next) => {
Expand Down
2 changes: 2 additions & 0 deletions controllers/homework.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -186,6 +186,8 @@ const getCreateHandler = (service) => (req, res, next) => {
req,
`${base}/${referrer}`,
);
}).catch((err) => {
next(err);
});
}

Expand Down
2 changes: 1 addition & 1 deletion helpers/logger.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ const logger = createLogger({
level: logLevel,
format: formatter,
handleExceptions: true,
handleRejections: true,
handleRejections: false,
}),
],
});
Expand Down

0 comments on commit 129820d

Please sign in to comment.