fix(logging): enhance debug logging for auth headers#540
fix(logging): enhance debug logging for auth headers#540
Conversation
d-klotz
added
release
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 234d64e3c0
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| acc[key] = key === 'x-frigg-api-key' ? `${value.substring(0, 4)}...` | ||
| : key === 'authorization' ? `${value.split(' ')[0]} ...` | ||
| : value; |
There was a problem hiding this comment.
This redaction logic only masks x-frigg-api-key, but it logs every other x-frigg* header value verbatim, which can leak credentials into logs on any handled 4xx path. The codebase already uses other secret headers (x-frigg-health-api-key in packages/core/handlers/routers/health.js and x-frigg-admin-api-key in packages/core/handlers/routers/db-migration.js), so those keys will now be exposed if present when an error reaches this handler.
Useful? React with 👍 / 👎.
![graphite-app[bot]](https://avatars.githubusercontent.com/in/158384?s=60&v=4){kind=small}
| console.log( | ||
| '[Frigg] No x-frigg-api-key header found, skipping shared secret authentication' | ||
| ); |
There was a problem hiding this comment.
This console.log is incorrectly placed outside the if (apiKey) block. It will execute unconditionally after the shared secret check, logging "No x-frigg-api-key header found" even when an API key is present and authentication succeeds.
To fix, move this log inside an else block:
if (apiKey) {
// ... authentication logic
} else {
console.log('[Frigg] No x-frigg-api-key header found, skipping shared secret authentication');
}| console.log( | |
| '[Frigg] No x-frigg-api-key header found, skipping shared secret authentication' | |
| ); | |
| if (apiKey) { | |
| // Authentication logic (existing code) | |
| } else { | |
| console.log( | |
| '[Frigg] No x-frigg-api-key header found, skipping shared secret authentication' | |
| ); | |
| } |
Spotted by Graphite Agent
Is this helpful? React 👍 or 👎 to let us know.
|
1 participant
📦 Published PR as canary version:
2.0.0--canary.540.d07ab53.0✨ Test out this PR locally via:
npm install @friggframework/core@2.0.0--canary.540.d07ab53.0 npm install @friggframework/devtools@2.0.0--canary.540.d07ab53.0 npm install @friggframework/eslint-config@2.0.0--canary.540.d07ab53.0 npm install @friggframework/prettier-config@2.0.0--canary.540.d07ab53.0 npm install @friggframework/schemas@2.0.0--canary.540.d07ab53.0 npm install @friggframework/serverless-plugin@2.0.0--canary.540.d07ab53.0 npm install @friggframework/test@2.0.0--canary.540.d07ab53.0 npm install @friggframework/ui@2.0.0--canary.540.d07ab53.0 # or yarn add @friggframework/core@2.0.0--canary.540.d07ab53.0 yarn add @friggframework/devtools@2.0.0--canary.540.d07ab53.0 yarn add @friggframework/eslint-config@2.0.0--canary.540.d07ab53.0 yarn add @friggframework/prettier-config@2.0.0--canary.540.d07ab53.0 yarn add @friggframework/schemas@2.0.0--canary.540.d07ab53.0 yarn add @friggframework/serverless-plugin@2.0.0--canary.540.d07ab53.0 yarn add @friggframework/test@2.0.0--canary.540.d07ab53.0 yarn add @friggframework/ui@2.0.0--canary.540.d07ab53.0