-
Notifications
You must be signed in to change notification settings - Fork 20
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Functionality to mask sensitive field(s) in request body and re…
…sponse body (#46) Co-authored-by: marselab <[email protected]>
- Loading branch information
1 parent
9b53e0d
commit 7637e35
Showing
5 changed files
with
599 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
// Copyright 2022 AccelByte Inc | ||
// | ||
// Licensed under the Apache License, Version 2.0 (the "License"); | ||
// you may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
|
||
package log | ||
|
||
import ( | ||
"github.com/emicklei/go-restful/v3" | ||
) | ||
|
||
const MaskedQueryParams = "MaskedQueryParams" | ||
const MaskedRequestFields = "MaskedRequestFields" | ||
const MaskedResponseFields = "MaskedResponseFields" | ||
|
||
// Option contains attribute options for log functionality | ||
type Option struct { | ||
// Query param that need to masked in url, separated with comma | ||
MaskedQueryParams string | ||
// Field that need to masked in request body, separated with comma | ||
MaskedRequestFields string | ||
// Field that need to masked in response body, separated with comma | ||
MaskedResponseFields string | ||
} | ||
|
||
// Attribute filter is used to define the log attribute for the endpoint. | ||
func Attribute(option Option) restful.FilterFunction { | ||
return func(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) { | ||
if option.MaskedQueryParams != "" { | ||
req.SetAttribute(MaskedQueryParams, option.MaskedQueryParams) | ||
} | ||
if option.MaskedRequestFields != "" { | ||
req.SetAttribute(MaskedRequestFields, option.MaskedRequestFields) | ||
} | ||
if option.MaskedResponseFields != "" { | ||
req.SetAttribute(MaskedResponseFields, option.MaskedResponseFields) | ||
} | ||
chain.ProcessFilter(req, resp) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,102 @@ | ||
// Copyright 2022 AccelByte Inc | ||
// | ||
// Licensed under the Apache License, Version 2.0 (the "License"); | ||
// you may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
|
||
package log | ||
|
||
import ( | ||
"fmt" | ||
"regexp" | ||
"strings" | ||
"sync" | ||
) | ||
|
||
var FieldRegexCache = sync.Map{} | ||
|
||
const ( | ||
MaskedValue = "******" | ||
) | ||
|
||
// FieldRegex contains regex patterns for field name in varied content-types. | ||
type FieldRegex struct { | ||
FieldName string | ||
JsonPattern *regexp.Regexp | ||
QueryStringPattern *regexp.Regexp | ||
} | ||
|
||
// InitFieldRegex initialize the FieldRegex along with its regex patterns. | ||
func (f *FieldRegex) InitFieldRegex(fieldName string) { | ||
f.FieldName = fieldName | ||
// "fieldName":"(.*?)" | ||
f.JsonPattern = regexp.MustCompile(fmt.Sprintf("\"%s\":\"(.*?)\"", fieldName)) | ||
// fieldName=(.*?[^&]*)|fieldName=(.*?)$ | ||
f.QueryStringPattern = regexp.MustCompile(fmt.Sprintf("%s=(.*?[^&]*)|%s=(.*?)$", fieldName, fieldName)) | ||
} | ||
|
||
// MaskFields will mask the field value on the content string based on the | ||
// provided field name(s) in "fields" parameter separated by comma. | ||
func MaskFields(contentType, content, fields string) string { | ||
if content == "" || fields == "" { | ||
return content | ||
} | ||
|
||
fieldNames := strings.Split(fields, ",") | ||
for _, fieldName := range fieldNames { | ||
var fieldRegex FieldRegex | ||
if val, ok := FieldRegexCache.Load(fieldName); ok { | ||
fieldRegex = val.(FieldRegex) | ||
} else { | ||
fieldRegex = FieldRegex{} | ||
fieldRegex.InitFieldRegex(fieldName) | ||
FieldRegexCache.Store(fieldName, fieldRegex) | ||
} | ||
|
||
if strings.Contains(contentType, "application/json") { | ||
content = fieldRegex.JsonPattern.ReplaceAllString(content, fmt.Sprintf("\"%s\":\"%s\"", fieldName, MaskedValue)) | ||
} else if strings.Contains(contentType, "application/x-www-form-urlencoded") { | ||
content = fieldRegex.QueryStringPattern.ReplaceAllString(content, fmt.Sprintf("%s=%s", fieldName, MaskedValue)) | ||
} else { | ||
// try json pattern and form-data pattern | ||
if fieldRegex.JsonPattern.MatchString(content) { | ||
content = fieldRegex.JsonPattern.ReplaceAllString(content, fmt.Sprintf("\"%s\":\"%s\"", fieldName, MaskedValue)) | ||
} else if fieldRegex.QueryStringPattern.MatchString(content) { | ||
content = fieldRegex.QueryStringPattern.ReplaceAllString(content, fmt.Sprintf("%s=%s", fieldName, MaskedValue)) | ||
} | ||
} | ||
} | ||
|
||
return content | ||
} | ||
|
||
// MaskQueryParams will mask the field value on the uri based on the | ||
// provided field name(s) in "fields" parameter separated by comma. | ||
func MaskQueryParams(uri string, fields string) string { | ||
if uri == "" || fields == "" { | ||
return uri | ||
} | ||
|
||
fieldNames := strings.Split(fields, ",") | ||
for _, fieldName := range fieldNames { | ||
var fieldRegex FieldRegex | ||
if val, ok := FieldRegexCache.Load(fieldName); ok { | ||
fieldRegex = val.(FieldRegex) | ||
} else { | ||
fieldRegex = FieldRegex{} | ||
fieldRegex.InitFieldRegex(fieldName) | ||
FieldRegexCache.Store(fieldName, fieldRegex) | ||
} | ||
|
||
uri = fieldRegex.QueryStringPattern.ReplaceAllString(uri, fmt.Sprintf("%s=%s", fieldName, MaskedValue)) | ||
} | ||
return uri | ||
} |
Oops, something went wrong.