feat: Redact or remove paths

Pino has a limitation where you can either redact or remove specified `redact.paths` by setting `redact.remove` to `true` or `false`. A logger option has been added to allow you to redact some paths and remove other paths. Example: ```typescript const logger = createLogger({ name: 'my-app', redact: { paths: ['req.headers["x-redact-this"]'], removePaths: ['req.headers["x-remove-this"]'], }, }); ```
seek-oss · Aug 29, 2023 · a9f4d13 · a9f4d13
1 parent b40bfed
commit a9f4d13
Show file tree

Hide file tree

Showing 4 changed files with 108 additions and 11 deletions.
diff --git a/README.md b/README.md
@@ -101,6 +101,26 @@ logger.error<Fields>(
 
 Bearer tokens are redacted regardless of their placement in the log object.
 
+#### Pino Redaction
+
+To redact other properties, use the `redact` logger options as per [pino redaction] docs.
+
+Pino has a limitation where you can either redact or remove specified `redact.paths` by setting `redact.remove` to `true` or `false`.
+
+A logger option has been added to allow you to redact some paths and remove other paths.
+
+Example:
+
+```typescript
+const logger = createLogger({
+  name: 'my-app',
+  redact: {
+    paths: ['req.headers["x-redact-this"]'],
+    removePaths: ['req.headers["x-remove-this"]'],
+  },
+});
+```
+
 ### Trimming
 
 The following trimming rules apply to all logging data:
@@ -162,3 +182,4 @@ const logger = createLogger({
 [pino]: https://github.com/pinojs/pino
 [pino options]: https://github.com/pinojs/pino/blob/master/docs/api.md#options
 [pino-pretty]: https://github.com/pinojs/pino-pretty
+[pino redaction]: https://github.com/pinojs/pino/blob/master/docs/api.md#redact-array--object
diff --git a/src/index.test.ts b/src/index.test.ts
@@ -38,6 +38,7 @@ function testLog(
   output: any,
   method?: 'error' | 'info',
   loggerOptions?: LoggerOptions,
+  shouldNotHavePropertyPaths?: string[],
 ) {
   // eslint-disable-next-line jest/valid-title
   test(testName, async () => {
@@ -50,6 +51,9 @@ function testLog(
     expect(log).toMatchObject(output);
     expect(inputString).toEqual(JSON.stringify(input));
     expect(log).toHaveProperty('timestamp');
+    shouldNotHavePropertyPaths?.forEach((path) => {
+      expect(log).not.toHaveProperty(path);
+    });
   });
 }
 
@@ -422,6 +426,50 @@ testLog(
   },
 );
 
+testLog(
+  'should redact or remove specified paths',
+  {
+    msg: 'allowed',
+    req: {
+      headers: {
+        ['x-remove-me']: 'Should be removed',
+        secret: 'Should be redacted',
+      },
+    },
+  },
+  { msg: 'allowed', req: { headers: { secret: '[Redacted]' } } },
+  'info',
+  {
+    redact: {
+      paths: ['req.headers.secret'],
+      removePaths: ['req.headers["x-remove-me"]'],
+    },
+  },
+  ['req.headers.x-remove-me'],
+);
+
+testLog(
+  'should remove specified paths',
+  {
+    msg: 'allowed',
+    req: {
+      headers: {
+        ['x-remove-me']: 'Should be removed',
+        secret: 'Should be removed',
+      },
+    },
+  },
+  { msg: 'allowed', req: { headers: {} } },
+  'info',
+  {
+    redact: {
+      paths: [],
+      removePaths: ['req.headers.secret', 'req.headers["x-remove-me"]'],
+    },
+  },
+  ['req.headers.secret', 'req.headers.x-remove-me'],
+);
+
 interface ExampleMessageContext {
   activity: string;
   err?: {

diff --git a/src/index.ts b/src/index.ts
@@ -8,7 +8,8 @@ import serializers from './serializers';
 
 export { pino };
 
-export type LoggerOptions = pino.LoggerOptions & FormatterOptions;
+export type LoggerOptions = Omit<pino.LoggerOptions, 'redact'> &
+  FormatterOptions & { redact?: redact.ExtendedRedactOptions };
 export type Logger = pino.Logger;
 
 /**
@@ -25,6 +26,10 @@ export default (
   }),
 ): Logger => {
   opts.redact = redact.addDefaultRedactPathStrings(opts.redact);
+  opts.redact = redact.addRemovePathsCensor(
+    opts.redact,
+    opts.redact?.removePaths,
+  );
   opts.serializers = {
     ...serializers,
     ...opts.serializers,

diff --git a/src/redact/index.ts b/src/redact/index.ts
@@ -1,18 +1,21 @@
+import type * as pino from 'pino';
+
 // TODO: Redact cookies?
 export const defaultRedact = [];
 
-/**
- * Private interface vendored from `pino`
- */
-interface redactOptions {
-  paths: string[];
-  censor?: string | ((value: unknown, path: string[]) => unknown);
-  remove?: boolean;
-}
+export type ExtendedRedactOptions = pino.LoggerOptions['redact'] & {
+  /**
+   * A list of paths to remove from the logged object instead of redacting them.
+   * Note that if you are only removing, rather use the `paths` property and set `remove` to `true`.
+   */
+  removePaths?: string[];
+};
+
+type ExtendedRedact = string[] | ExtendedRedactOptions | undefined;
 
 export const addDefaultRedactPathStrings = (
-  redact: string[] | redactOptions | undefined,
-) => {
+  redact: ExtendedRedact,
+): ExtendedRedact => {
   if (!redact) {
     return defaultRedact;
   }
@@ -21,3 +24,23 @@ export const addDefaultRedactPathStrings = (
   }
   return redact;
 };
+
+export const addRemovePathsCensor = (
+  redact: ExtendedRedact,
+  removePaths?: string[],
+): ExtendedRedact => {
+  if (!removePaths || removePaths.length === 0) {
+    return redact;
+  }
+
+  const redactPaths =
+    redact && Array.isArray(redact) ? redact : redact?.paths ?? defaultRedact;
+
+  return redactPaths.length === 0
+    ? { paths: removePaths, remove: true }
+    : {
+        paths: [...redactPaths, ...removePaths],
+        censor: (_value, path) =>
+          redactPaths.includes(path.join('.')) ? '[Redacted]' : undefined,
+      };
+};