Lp-Francois · March 30, 2024 22:10
diff --git a/example.js b/example.js
 /*
 Run the following to get started:

 1. `mkdir example-dir && cd example-dir`
 2. `npm init -y`
 3. `npm i pino-http --save`
 4. `touch example.js`
 */

 'use strict'

 const pino = require('pino-http')
 const http = require('http')
 const server = http.createServer(handle)

 const logger = pino({
  base: undefined, // removes pid and hostname from the logs
  // UNCOMMENT to redact secrets out of the logs
  //   redact: [
  //     'req.headers.authorization',
  //   ]
 })

 function handle (req, res) {
  logger(req, res)
  req.log.info('my request')
  res.end('hello world')
 }

 server.listen(3000, () => console.log('[i] running on http://localhost:3000'))

 /*
 Now run the following:

 1. `node example.js`
 2. In another terminal: 
   `curl http://localhost:3000 -H "Authorization: bearer my-super-secret" -H "Content-Type: application/json"`
 3. Notice the logs leaking secrets:

 [i] running on http://localhost:3000
 {"level":30,"time":1711808000315,"req":{"id":1,"method":"GET","url":"/","headers":{"host":"localhost:3000","user-agent":"curl/8.4.0","authorization":"bearer my-super-secret","content-type":"application/json"},"remoteAddress":"::1","remotePort":63547},"msg":"my request"}
 {"level":30,"time":1711808000322,"req":{"id":1,"method":"GET","url":"/","headers":{"host":"localhost:3000","user-agent":"curl/8.4.0","authorization":"bearer my-super-secret","content-type":"application/json"},"remoteAddress":"::1","remotePort":63547},"res":{"statusCode":200,"headers":{}},"responseTime":7,"msg":"request completed"}

 4. Uncomment the redact option in the logger configuration and notice how the secret is now redacted.

 */
	/*
	Run the following to get started:

	1. `mkdir example-dir && cd example-dir`
	2. `npm init -y`
	3. `npm i pino-http --save`
	4. `touch example.js`
	*/

	'use strict'

	const pino = require('pino-http')
	const http = require('http')
	const server = http.createServer(handle)

	const logger = pino({
	base: undefined, // removes pid and hostname from the logs
	// UNCOMMENT to redact secrets out of the logs
	// redact: [
	// 'req.headers.authorization',
	// ]
	})

	function handle (req, res) {
	logger(req, res)
	req.log.info('my request')
	res.end('hello world')
	}

	server.listen(3000, () => console.log('[i] running on http://localhost:3000'))

	/*
	Now run the following:

	1. `node example.js`
	2. In another terminal:
	`curl http://localhost:3000 -H "Authorization: bearer my-super-secret" -H "Content-Type: application/json"`
	3. Notice the logs leaking secrets:

	[i] running on http://localhost:3000
	{"level":30,"time":1711808000315,"req":{"id":1,"method":"GET","url":"/","headers":{"host":"localhost:3000","user-agent":"curl/8.4.0","authorization":"bearer my-super-secret","content-type":"application/json"},"remoteAddress":"::1","remotePort":63547},"msg":"my request"}
	{"level":30,"time":1711808000322,"req":{"id":1,"method":"GET","url":"/","headers":{"host":"localhost:3000","user-agent":"curl/8.4.0","authorization":"bearer my-super-secret","content-type":"application/json"},"remoteAddress":"::1","remotePort":63547},"res":{"statusCode":200,"headers":{}},"responseTime":7,"msg":"request completed"}

	4. Uncomment the redact option in the logger configuration and notice how the secret is now redacted.

	*/
No results found