added blacklist for authorization header

IABTechLab · Sep 18, 2024 · ae8a26d · ae8a26d
1 parent d4fbb6c
commit ae8a26d
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 2 deletions.
diff --git a/src/app.ts b/src/app.ts
@@ -10,7 +10,7 @@ import winston from 'winston';
 
 import makeMetricsApiMiddleware from './middleware/metrics';
 import indexRouter from './routes/index';
-import logger from './utils/logging';
+import logger, { getLoggingMiddleware } from './utils/logging';
 import {
   environment, ID_TYPE, LOCALE_FOLDER, VIEW_FOLDER, 
 } from './utils/process';
@@ -29,6 +29,8 @@ const layoutPath = path.join(viewPath, 'layouts');
 app.set('views', viewPath);
 app.set('view engine', 'hbs');
 
+app.use(getLoggingMiddleware());
+
 app.use(
   makeMetricsApiMiddleware({
     port: 9082,

diff --git a/src/routes/optout.ts b/src/routes/optout.ts
@@ -2,7 +2,7 @@ import axios from 'axios';
 import { Buffer } from 'buffer';
 import crypto from 'crypto';
 
-import { OPTOUT_API_SECRET, OPTOUT_ENDPOINT_URL } from '../utils/process';
+import { OPTOUT_API_KEY, OPTOUT_API_SECRET, OPTOUT_ENDPOINT_URL } from '../utils/process';
 
 interface Optout {
   phone?: string;
@@ -38,6 +38,7 @@ export async function optout(identityInput: string): Promise<any> {
   return axios.post(OPTOUT_ENDPOINT_URL, body,
     {
       headers: {
+        Authorization: `Bearer ${OPTOUT_API_KEY}`,
         'Content-Type': 'text/plain',
       },
     });

diff --git a/src/utils/logging.ts b/src/utils/logging.ts
@@ -1,4 +1,5 @@
 import winston, { createLogger } from 'winston';
+import expressWinston from 'express-winston';
 
 import { isProduction } from './process';
 
@@ -10,4 +11,12 @@ const logger = createLogger({
   ],
 });
 
+const headersToRedact = ['authorization'];
+
+export const getLoggingMiddleware = () =>
+  expressWinston.logger({
+    winstonInstance: logger,
+    headerBlacklist: headersToRedact,
+  });
+
 export default logger;