Advanced setting: verboseApiLogsOnErrors.

2015-11-19 11:11:41 +01:00 · 2015-11-19 11:11:41 +01:00 · 1855f7829d
commit 1855f7829d
parent 456e8bd9c0
3 changed files with 44 additions and 17 deletions
--- a/config.json
+++ b/config.json
@ -15,5 +15,13 @@
  // Should users be created on first sign in?
  //
  // Necessary for external authentication providers.
-  "createUserOnFirstSignin": true
+  "createUserOnFirstSignin": true,
+
+  // Whether API logs should contains the full request/response on
+  // errors.
+  //
+  // This is disabled by default for performance (lots of data) and
+  // security concerns (avoiding sensitive data in the logs) but can
+  // be turned for investigation by the administrator.
+  "verboseApiLogsOnErrors": false
 }
--- a/src/api.js
+++ b/src/api.js
@ -80,6 +80,9 @@ function resolveParams (method, params) {

  const userId = user.get('id')

+  // Do not alter the original object.
+  params = { ...params }
+
  const permissions = []
  forEach(resolve, ([param, types, permission = 'administrate'], key) => {
    const id = params[param]
@ -161,8 +164,12 @@ methodSignature.description = 'returns the signature of an API method'
 // ===================================================================

 export default class Api {
-  constructor ({context} = {}) {
+  constructor ({
+    context,
+    verboseLogsOnErrors
+  } = {}) {
    this._methods = createRawObject()
+    this._verboseLogsOnErrors = verboseLogsOnErrors
    this.context = context

    this.addMethods({
@ -222,9 +229,9 @@ export default class Api {
      await checkPermission.call(context, method)
      checkParams(method, params)

-      await resolveParams.call(context, method, params)
+      const resolvedParams = await resolveParams.call(context, method, params)

-      let result = await method.call(context, params)
+      let result = await method.call(context, resolvedParams)

      // If nothing was returned, consider this operation a success
      // and return true.
@ -242,10 +249,12 @@ export default class Api {

      return result
    } catch (error) {
+      if (this._verboseLogsOnErrors) {
        debug(
-        '%s | %s(...) [%s] =!> %s',
+          '%s | %s(%j) [%s] =!> %s',
          userName,
          name,
+          params,
          ms(Date.now() - startTime),
          error
        )
@ -254,6 +263,15 @@ export default class Api {
        if (stack) {
          console.error(stack)
        }
+      } else {
+        debug(
+          '%s | %s(...) [%s] =!> %s',
+          userName,
+          name,
+          ms(Date.now() - startTime),
+          error
+        )
+      }

      throw error
    }
--- a/src/index.js
+++ b/src/index.js
@ -383,13 +383,14 @@ const apiHelpers = {
  }
 }

-const setUpApi = (webSocketServer, xo) => {
+const setUpApi = (webSocketServer, xo, verboseLogsOnErrors) => {
  // FIXME: it can cause issues if there any property assignments in
  // XO methods called from the API.
  const context = { __proto__: xo, ...apiHelpers }

  const api = new Api({
-    context
+    context,
+    verboseLogsOnErrors
  })
  api.addMethods(apiMethods)

@ -611,7 +612,7 @@ export default async function main (args) {

  // Must be set up before the static files.
  const webSocketServer = setUpWebSocketServer(webServer)
-  const api = setUpApi(webSocketServer, xo)
+  const api = setUpApi(webSocketServer, xo, config.verboseApiLogsOnErrors)

  const scheduler = setUpScheduler(api, xo)
  setUpRemoteHandler(xo)