Merge pull request #95 from lidofinance/feature/we-713-introduce-logs…

…-sanitizer-for-lido-frontend-template Added sanitizer
lidofinance · Apr 8, 2024 · 8c5bbe7 · 8c5bbe7
2 parents 7d4813e + aba0135
commit 8c5bbe7
Show file tree

Hide file tree

Showing 9 changed files with 75 additions and 101 deletions.
diff --git a/next-logger.config.cjs b/next-logger.config.cjs
@@ -0,0 +1,38 @@
+/* eslint-disable import/no-extraneous-dependencies */
+// eslint-disable-next-line @typescript-eslint/no-var-requires
+const pino = require("pino"); // It's ok that pino is transit dependency, it's required by next-logger
+const { satanizer, commonPatterns } = require("@lidofinance/satanizer");
+const loadEnvConfig = require("@next/env").loadEnvConfig;
+/* eslint-enable import/no-extraneous-dependencies */
+
+// Must load env first
+const projectDir = process.cwd();
+loadEnvConfig(projectDir);
+
+const secretKeys = Object.keys(process.env).filter((key) => key.startsWith("SECRET_"));
+const secretValues = secretKeys.map((key) => process.env[key]);
+
+const patterns = [...commonPatterns, ...secretValues, 'qwe'];
+
+const mask = satanizer(patterns);
+
+const logger = (defaultConfig) =>
+  pino({
+    ...defaultConfig,
+    formatters: {
+      ...defaultConfig.formatters,
+      level(label, _number) {
+        // log level should be verbose as info or warning instead of numeric value
+        return { level: label };
+      },
+    },
+    hooks: {
+      logMethod(inputArgs, method) {
+        return method.apply(this, mask(inputArgs));
+      },
+    },
+  });
+
+module.exports = {
+  logger,
+};
diff --git a/package.json b/package.json
@@ -4,7 +4,7 @@
   "private": true,
   "scripts": {
     "dev": "next dev",
-    "build": "next build",
+    "build": "NODE_OPTIONS='-r next-logger' next build",
     "start": "NODE_OPTIONS='-r next-logger' next start",
     "lint": "eslint --ext ts,tsx .",
     "lint:fix": "yarn lint --fix",
@@ -13,7 +13,6 @@
     "postinstall": "husky install && yarn typechain"
   },
   "dependencies": {
-    "@darkobits/mask-string": "^2.0.1",
     "@ethersproject/abstract-signer": "^5.5.0",
     "@ethersproject/address": "^5.5.0",
     "@ethersproject/bignumber": "^5.5.0",
@@ -27,10 +26,12 @@
     "@lido-sdk/fetch": "^2.1.0",
     "@lido-sdk/helpers": "^1.4.3",
     "@lido-sdk/react": "^1.18.1",
-    "@lidofinance/analytics-matomo": "^0.9.0",
+    "@lidofinance/analytics-matomo": "^0.42.0",
+    "@lidofinance/api-metrics": "^0.42.0",
     "@lidofinance/lido-ui": "^3.0.0-next.17",
-    "@lidofinance/next-api-wrapper": "^0.16.0",
-    "@lidofinance/next-cache-files-middleware": "^0.16.0",
+    "@lidofinance/next-api-wrapper": "^0.42.0",
+    "@lidofinance/next-cache-files-middleware": "^0.42.0",
+    "@lidofinance/satanizer": "^0.42.0",
     "cookie": "^0.5.0",
     "copy-to-clipboard": "^3.3.1",
     "eslint-config-next": "^13.0.5",

diff --git a/pages/api/csp-report.ts b/pages/api/csp-report.ts
@@ -1,11 +1,10 @@
 import { NextApiRequest, NextApiResponse } from 'next';
-import { serverLogger } from 'utils/serverLogger';
 
 export default function cspReport(
   req: NextApiRequest,
   res: NextApiResponse,
 ): void {
-  serverLogger.warn({
+  console.warn({
     message: 'CSP Violation',
     report: JSON.parse(req.body),
   });

diff --git a/pages/api/oneinch-rate.ts b/pages/api/oneinch-rate.ts
@@ -5,7 +5,6 @@ import {
   defaultErrorHandler,
 } from '@lidofinance/next-api-wrapper';
 import { CHAINS, TOKENS, getTokenAddress } from '@lido-sdk/constants';
-import { serverLogger } from 'utils';
 
 // Proxy for third-party API.
 // Returns 1inch rate
@@ -28,7 +27,6 @@ const oneInchRate: API = async (req, res) => {
   res.json(rate);
 };
 
-export default wrapRequest([
-  cacheControl(),
-  defaultErrorHandler({ serverLogger }),
-])(oneInchRate);
+export default wrapRequest([cacheControl(), defaultErrorHandler()])(
+  oneInchRate,
+);
diff --git a/pages/api/rpc.ts b/pages/api/rpc.ts
@@ -7,7 +7,6 @@ import {
 } from '@lidofinance/next-api-wrapper';
 import getConfig from 'next/config';
 import { fetchWithFallbacks } from 'utils/fetchWithFallbacks';
-import { serverLogger } from 'utils/serverLogger';
 
 const { serverRuntimeConfig } = getConfig();
 const { infuraApiKey, alchemyApiKey, apiProviderUrls } =
@@ -16,7 +15,7 @@ const { infuraApiKey, alchemyApiKey, apiProviderUrls } =
 type Rpc = (req: NextApiRequest, res: NextApiResponse) => Promise<void>;
 
 const rpc: Rpc = async (req, res) => {
-  serverLogger.debug('Request to RPC');
+  console.debug('Request to RPC');
   const chainId = Number(req.query.chainId);
 
   if (!CHAINS[chainId]) {
@@ -48,6 +47,4 @@ const rpc: Rpc = async (req, res) => {
 };
 
 // Error handler wrapper
-export default wrapRequest([
-  defaultErrorHandler({ serverLogger: serverLogger }),
-])(rpc);
+export default wrapRequest([defaultErrorHandler()])(rpc);
diff --git a/utils/fetchWithFallbacks.ts b/utils/fetchWithFallbacks.ts
@@ -1,5 +1,4 @@
 import { rpcResponse } from './metrics/rpcResponse';
-import { serverLogger } from './serverLogger';
 
 type FetchWithFallbacks = (
   inputs: RequestInfo[],
@@ -14,20 +13,20 @@ export const fetchWithFallbacks: FetchWithFallbacks = async (inputs, init) => {
     const url = new URL(input as string);
     hostname = url.hostname;
 
-    serverLogger.debug('Sending request to ' + hostname, init);
+    console.debug('Sending request to ' + hostname, init);
     const end = rpcResponse.labels(hostname).startTimer();
     const response = await fetch(input, init);
     end();
 
     if (response.ok) {
-      serverLogger.debug(`Request to ${hostname} successful`, init);
+      console.debug(`Request to ${hostname} successful`, init);
       return response;
     }
 
     throw new Error('[fetchWithFallbacks] Response not ok');
   } catch (error) {
     if (!restInputs.length) {
-      serverLogger.error(`All requests failed`, init);
+      console.error(`All requests failed`, init);
       throw error;
     }
     return fetchWithFallbacks(restInputs, init);

diff --git a/utils/index.ts b/utils/index.ts
@@ -4,4 +4,3 @@ export * from './formatBalance';
 export * from './logger';
 export * from './stringToEther';
 export * from './standardFetcher';
-export * from './serverLogger';
diff --git a/utils/serverLogger.ts b/utils/serverLogger.ts
diff --git a/yarn.lock b/yarn.lock
@@ -1206,11 +1206,6 @@
   dependencies:
     "@jridgewell/trace-mapping" "0.3.9"
 
-"@darkobits/mask-string@^2.0.1":
-  version "2.0.1"
-  resolved "https://registry.yarnpkg.com/@darkobits/mask-string/-/mask-string-2.0.1.tgz#c70a078a2b29f37f0b75396d6408dcf39e35999d"
-  integrity sha512-jNboxfoD6zzVCfBnl4gg3ZWo+gXAhXYihc+RTgnYma+Ey1YEslYdLGuj/O4prkNFnC7UnLMDbZ3EoUUZV0hJpA==
-
 "@emotion/is-prop-valid@^0.8.1":
   version "0.8.8"
   resolved "https://registry.yarnpkg.com/@emotion/is-prop-valid/-/is-prop-valid-0.8.8.tgz#db28b1c4368a259b60a97311d6a952d4fd01ac1a"
@@ -1859,10 +1854,15 @@
     tiny-invariant "^1.1.0"
     tiny-warning "^1.0.3"
 
-"@lidofinance/analytics-matomo@^0.9.0":
-  version "0.9.0"
-  resolved "https://registry.yarnpkg.com/@lidofinance/analytics-matomo/-/analytics-matomo-0.9.0.tgz#94d19003fce72692f3947833fc7645dc28502cdf"
-  integrity sha512-k0Rj2uVU711MxkpSX/vVJJR4uDaZUIYUnCfCzaYNW0KC9J8lt/Q1D4BqwZ4xnA7I5CokAz8kKjKNpMGfxyxwBg==
+"@lidofinance/analytics-matomo@^0.42.0":
+  version "0.42.0"
+  resolved "https://registry.yarnpkg.com/@lidofinance/analytics-matomo/-/analytics-matomo-0.42.0.tgz#c2ac299948333bab245fdd9913feea64f3e4ea8b"
+  integrity sha512-s8EDwYe7/jlhtC4xUehJC3oI3G3PAGq9mXXtnhECqhpoda8bCYbtexVL4BDP43FKTJnWCO2kf/w6jjkZCIMv+g==
+
+"@lidofinance/api-metrics@^0.42.0":
+  version "0.42.0"
+  resolved "https://registry.yarnpkg.com/@lidofinance/api-metrics/-/api-metrics-0.42.0.tgz#aabde9ef8684c56c958521a9699e23dd95e762e1"
+  integrity sha512-UlXH1k5pSvTp/maNAJ1HjGmZO2nNvw0+544vTu0LPUmcuc1tA+ArbVlsIvG1lGXw6y+9KvcZVL5ifBFILRPBSQ==
 
 "@lidofinance/lido-ui@^3.0.0-next.17":
   version "3.0.0-next.17"
@@ -1880,15 +1880,20 @@
     ua-parser-js "^1.0.2"
     use-callback-ref "1.2.5"
 
-"@lidofinance/next-api-wrapper@^0.16.0":
-  version "0.16.0"
-  resolved "https://registry.yarnpkg.com/@lidofinance/next-api-wrapper/-/next-api-wrapper-0.16.0.tgz#8fa17eb5344f30256e8a4410c244ef3e35d24728"
-  integrity sha512-9MiGbd9862L6m0Y0Qk8otCowNvrIeUbSd0KuKAoMpLSQEHU5Z+ihoxKhu6fmNg7d5mduYXDkNUkUpcdk4tCT+A==
+"@lidofinance/next-api-wrapper@^0.42.0":
+  version "0.42.0"
+  resolved "https://registry.yarnpkg.com/@lidofinance/next-api-wrapper/-/next-api-wrapper-0.42.0.tgz#422348c2ba890aff9fe681905df3e4e6279f280b"
+  integrity sha512-Z+OtZn/AGtCMwsI+81cmrBiZXvfGi8+VdyLZw78OltPlX+hKz65OIUo0vk6QSh52H8RxaOEp77yS9KNcZKbOug==
+
+"@lidofinance/next-cache-files-middleware@^0.42.0":
+  version "0.42.0"
+  resolved "https://registry.yarnpkg.com/@lidofinance/next-cache-files-middleware/-/next-cache-files-middleware-0.42.0.tgz#7da14dd0678b943eb634a6a309aa4d6a0d53f5e8"
+  integrity sha512-3uEhkQqE/s6FufRplgGTRwfZFHrewbiExOAROAWJIX0djDMdLtv9z9lJ5ba5bkpsOYldYOnsoBeUsci7uPpDTA==
 
-"@lidofinance/next-cache-files-middleware@^0.16.0":
-  version "0.16.0"
-  resolved "https://registry.yarnpkg.com/@lidofinance/next-cache-files-middleware/-/next-cache-files-middleware-0.16.0.tgz#3a3b2873f8c35958751ff9b1296fcec415822bd1"
-  integrity sha512-9UeJMb0WVfNfPNRoO0i9VrF2wvfULqKW7iJprQ20ghJQY4slWD+xMuMmFYUuKnYDKFwr2VS2G73dX6iPFy9d8A==
+"@lidofinance/satanizer@^0.42.0":
+  version "0.42.0"
+  resolved "https://registry.yarnpkg.com/@lidofinance/satanizer/-/satanizer-0.42.0.tgz#535a58b0ec4a65fb5d32d4ebb7ee240c205a0b8f"
+  integrity sha512-r4BmbjYXahUuhYTX5YGqjqnedy+9J9gxSaJ/nVatp3xyY/Dp4VJe9xTCSWdNUjHNGc+yqMICRWNGOfqBLniFsA==
 
 "@metamask/[email protected]", "@metamask/safe-event-emitter@^2.0.0":
   version "2.0.0"