Class: Authlete::SensitiveLogger

Inherits:

Object

• Object
• Authlete::SensitiveLogger

Defined in:

lib/authlete/logging.rb

Constant Summary

SENSITIVE_FIELDS =

[
  # OAuth/OIDC related
  'client_secret',
  'access_token',
  'refresh_token',
  'authorization_code',
  'id_token',
  'code',
  # Device flow
  'user_code',              
  'client_notification_token', 

  # Authlete Credentials
  'service_api_key',
  'service_api_secret',
  'service_owner_api_key',
  'service_owner_api_secret',
  'sns_credentials',
  'developer_sns_credentials',
  'ticket',
  'subject',
  
  # Authentication & Authorization
  'password',
  'token',
  'authorization',
  'client_certificate',
  'client_certificate_path',
  
  # JWT/Crypto/Certificate related
  'jwks',
  'federation_jwks',
  'client_secret_expires_at',
  'trusted_root_certificates',
  'encryption_key_id',
  'signature_key_id',
  'access_token_signature_key_id',
  'refresh_token_signature_key_id',
  'id_token_signature_key_id'
].freeze

SENSITIVE_PATTERNS =

SENSITIVE_FIELDS.flat_map do |field|
  [
    # JSON format
    /("#{field}"\s*:\s*)"[^"]*"/,
    # URL-encoded format
    /#{field}=([^&\s]+)/
  ]
end.freeze

REDACTION_MARK =

'***** REDACTED *****'

Instance Method Summary

• #<<(msg) ⇒ Object
• #initialize(original_logger) ⇒ SensitiveLogger constructor

  A new instance of SensitiveLogger.

Constructor Details

#initialize(original_logger) ⇒ SensitiveLogger

Returns a new instance of SensitiveLogger.

# File 'lib/authlete/logging.rb', line 67

def initialize(original_logger)
  @original_logger = original_logger
end

Instance Method Details

#<<(msg) ⇒ Object

# File 'lib/authlete/logging.rb', line 71

def <<(msg)
  redacted_msg = redact_sensitive_data(msg)
  @original_logger << redacted_msg
end