commanded/commanded-audit-middleware

Filter specific fields from audited commands

Closed this issue · 1 comments

It seems that there is not a way to hide secrets, for example, when a command %CreateUser{email: foo@123, password: 123123, password_confirmation: 123123} is given:

This is what phoenix does, by default:

Parameters: %{"_csrf_token" => "URlELFdLASBAPzQzLD4IYDYrG1V1AAAA3s+B42ij0ngdDY1SBIc9Fw==", "_utf8" => "✓", "email" => "foo@123", "password" => "[FILTERED]", "password_confirmation" => "[FILTERED]"}

And this is what audit does:

[debug] QUERY OK db=5.9ms queue=0.1ms
INSERT INTO "command_audit" ("command_type","command_uuid","correlation_id","data","metadata","occurred_at") VALUES ($1,$2,$3,$4,$5,$6) ["Elixir.Accounts.User.Commands.CreateUser", "1918d8b1-dccb-4ae2-9a7b-2f37002dbb23", <<36, 209, 176, 66, 185, 241, 77, 1, 132, 82, 117, 247, 155, 104, 150, 135>>, "{\"password_confirmation\":\"123\",\"password\":\"123\",\"email\":\"foo@123\"}", "{}", {{2017, 12, 16}, {20, 27, 22, 68258}}]

The solution should be having some sensible defaults, and allow people to configure it further.

@imetallica That's a useful feature request, thanks.

We could replicate Phoenix's parameter filtering by allowing you to specify command fields to omit:

config :commanded_audit_middleware,
  :filter_fields, ["password", "password_confirmation", "secret"]

Any filtered fields would have their value replaced by "[FILTERED]".

The default filter could include "password", the same as Phoenix.

For reference here's the filter_values/2 function used by Phoenix Logger.