From 8ae4e309c39d4e03e02c7e4c6d565e2133ddb12e Mon Sep 17 00:00:00 2001 From: Moriz Wahl Date: Tue, 1 Jul 2025 14:41:45 +0200 Subject: [PATCH] fix(backend): mask jwt token in log (#8737) --- backend/src/plugins/apolloLogger.spec.ts | 4 ++-- backend/src/plugins/apolloLogger.ts | 9 ++++++++- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/backend/src/plugins/apolloLogger.spec.ts b/backend/src/plugins/apolloLogger.spec.ts index ea829ca82..878eb2c2e 100644 --- a/backend/src/plugins/apolloLogger.spec.ts +++ b/backend/src/plugins/apolloLogger.spec.ts @@ -61,7 +61,7 @@ describe('apollo logger', () => { }) describe('login mutation', () => { - it('logs the request and response', async () => { + it('logs the request and response, masking password and token', async () => { await mutate({ mutation: loginMutation, variables: { @@ -81,7 +81,7 @@ describe('apollo logger', () => { }), ) - expect(loggerSpy).toBeCalledWith('Apollo Response', expect.any(String), expect.any(String)) + expect(loggerSpy).toBeCalledWith('Apollo Response', expect.any(String), '{"login":"token"}') expect(consoleSpy).toBeCalledTimes(2) }) diff --git a/backend/src/plugins/apolloLogger.ts b/backend/src/plugins/apolloLogger.ts index d8bf0789a..cfd79b85a 100644 --- a/backend/src/plugins/apolloLogger.ts +++ b/backend/src/plugins/apolloLogger.ts @@ -30,7 +30,14 @@ export const loggerPlugin = { ocelotLogger.error(...logResponse, JSON.stringify(requestContext.errors)) return } - logResponse.push(JSON.stringify(requestContext.response.data)) + if (requestContext.response.data.login) { + // mask the token + const data = cloneDeep(requestContext.response.data) + data.login = 'token' + logResponse.push(JSON.stringify(data)) + } else { + logResponse.push(JSON.stringify(requestContext.response.data)) + } ocelotLogger.debug(...logResponse) } },