Module: PostHog::Rails::ParameterFilter

Included in:

ActiveJobExtensions, CaptureExceptions, ErrorSubscriber

Defined in:

lib/posthog/rails/parameter_filter.rb

Overview

Shared utility module for filtering sensitive parameters

This module provides consistent parameter filtering across all PostHog Rails components, leveraging Rails’ built-in parameter filtering when available. It automatically detects the correct Rails parameter filtering API based on the Rails version.

Examples:

Usage in a class

class MyClass
  include PostHog::Rails::ParameterFilter

  def my_method(params)
    filtered = filter_sensitive_params(params)
    PostHog.capture(event: 'something', properties: filtered)
  end
end

Constant Summary

EMPTY_HASH =

{}.freeze

MAX_STRING_LENGTH =

10_000

MAX_DEPTH =

10

Class Method Summary

• .backend ⇒ Object

Instance Method Summary

• #filter_sensitive_params(params) ⇒ Hash

  Filter sensitive parameters from a hash, respecting Rails configuration.

• #safe_serialize(value, seen = Set.new, depth = 0) ⇒ Object

  Safely serialize a value to a JSON-compatible format.

Class Method Details

.backend ⇒ Object

# File 'lib/posthog/rails/parameter_filter.rb', line 27

def self.backend
  ActiveSupport::ParameterFilter
end

Instance Method Details

#filter_sensitive_params(params) ⇒ Hash

Filter sensitive parameters from a hash, respecting Rails configuration.

Uses Rails’ configured filter_parameters (e.g., :password, :token, :api_key) to automatically filter sensitive data that the Rails app has configured.

Parameters:

• params (Hash) —

  The parameters to filter

Returns:

• (Hash) —

  Filtered parameters with sensitive data masked

# File 'lib/posthog/rails/parameter_filter.rb', line 43

def filter_sensitive_params(params)
  return EMPTY_HASH unless params.is_a?(Hash)
  return params unless ::Rails.application

  filter_parameters = ::Rails.application.config.filter_parameters
  parameter_filter = ParameterFilter.backend.new(filter_parameters)

  parameter_filter.filter(params)
end

#safe_serialize(value, seen = Set.new, depth = 0) ⇒ Object

Safely serialize a value to a JSON-compatible format.

Handles circular references and complex objects by converting them to simple primitives or string representations. This prevents SystemStackError when serializing objects with circular references (like ActiveRecord models).

Parameters:

• value (Object) —

  The value to serialize

• seen (Set) (defaults to: Set.new) —

  Set of object_ids already visited (for cycle detection)

• depth (Integer) (defaults to: 0) —

  Current recursion depth

Returns:

• (Object) —

  A JSON-safe value (String, Numeric, Boolean, nil, Array, or Hash)

# File 'lib/posthog/rails/parameter_filter.rb', line 63

def safe_serialize(value, seen = Set.new, depth = 0)
  return '[max depth exceeded]' if depth > MAX_DEPTH

  case value
  when nil, true, false, Integer, Float
    value
  when String
    truncate_string(value)
  when Symbol
    value.to_s
  when Time, DateTime
    value.iso8601(3)
  when Date
    value.iso8601
  when Array
    serialize_array(value, seen, depth)
  when Hash
    serialize_hash(value, seen, depth)
  else
    serialize_object(value, seen)
  end
rescue StandardError => e
  "[serialization error: #{e.class}]"
end