Merge 0e2af496c7 into 5ae3c1819c

2 months ago · a0de5e7b03
parent 5ae3c1819c 0e2af496c7
commit a0de5e7b03
4 changed files with 18 additions and 6 deletions
--- a/README.md
+++ b/README.md
@ -291,6 +291,8 @@ GRIST_USER_ROOT     | an extra path to look for plugins in - Grist will scan for
 GRIST_UI_FEATURES | comma-separated list of UI features to enable. Allowed names of parts: `helpCenter,billing,templates,createSite,multiSite,multiAccounts,sendToDrive,tutorials,supportGrist`. If a part also exists in GRIST_HIDE_UI_ELEMENTS, it won't be enabled.
 GRIST_UNTRUSTED_PORT | if set, plugins will be served from the given port. This is an alternative to setting APP_UNTRUSTED_URL.
 GRIST_WIDGET_LIST_URL | a url pointing to a widget manifest, by default `https://github.com/gristlabs/grist-widget/releases/download/latest/manifest.json` is used
+GRIST_LOG_SKIP_HTTP | When set to `false`, log HTTP requests and responses information. Defaults to `true`.
+GRIST_LOG_HTTP_BODY | When set to `true` and `GRIST_LOG_SKIP_HTTP` is set to false, log the body along with the HTTP requests. :warning: Be aware it may leak confidential information in the logs.:warning: Defaults to `false`.
 COOKIE_MAX_AGE      | session cookie max age, defaults to 90 days; can be set to "none" to make it a session cookie
 HOME_PORT           | port number to listen on for REST API server; if set to "share", add API endpoints to regular grist port.
 PORT                | port number to listen on for Grist server
--- a/app/server/lib/FlexServer.ts
+++ b/app/server/lib/FlexServer.ts
@ -412,28 +412,37 @@ export class FlexServer implements GristServer {

  public addLogging() {
    if (this._check('logging')) { return; }
-    if (process.env.GRIST_LOG_SKIP_HTTP) { return; }
+    if (isAffirmative(process.env.GRIST_LOG_SKIP_HTTP)) { return; }
    // Add a timestamp token that matches exactly the formatting of non-morgan logs.
    morganLogger.token('logTime', (req: Request) => log.timestamp());
    // Add an optional gristInfo token that can replace the url, if the url is sensitive.
    morganLogger.token('gristInfo', (req: RequestWithGristInfo) =>
                       req.gristInfo || req.originalUrl || req.url);
    morganLogger.token('host', (req: express.Request) => req.get('host'));
-    const msg = ':logTime :host :method :gristInfo :status :response-time ms - :res[content-length]';
+    morganLogger.token('body', (req: express.Request) =>
+      req.is('application/json') ? JSON.stringify(req.body) : undefined
+    );
+
+    // For debugging, be careful not to enable logging in production (may log sensitive data)
+    const shouldLogBody = isAffirmative(process.env.GRIST_LOG_HTTP_BODY);
+
+    const msg = `:logTime :host :method :gristInfo ${shouldLogBody ? ':body ' : ''}` +
+      ":status :response-time ms - :res[content-length]";
    // In hosted Grist, render json so logs retain more organization.
    function outputJson(tokens: any, req: any, res: any) {
      return JSON.stringify({
        timestamp: tokens.logTime(req, res),
+        host: tokens.host(req, res),
        method: tokens.method(req, res),
        path: tokens.gristInfo(req, res),
+        ...(shouldLogBody ? { body: tokens.body(req, res) } : {}),
        status: tokens.status(req, res),
        timeMs: parseFloat(tokens['response-time'](req, res)) || undefined,
        contentLength: parseInt(tokens.res(req, res, 'content-length'), 10) || undefined,
-        host: tokens.host(req, res),
        altSessionId: req.altSessionId,
      });
    }
-    this.app.use(morganLogger(process.env.GRIST_HOSTED_VERSION ? outputJson : msg, {
+    this.app.use(morganLogger(isAffirmative(process.env.GRIST_HOSTED_VERSION) ? outputJson : msg, {
      skip: this._shouldSkipRequestLogging.bind(this)
    }));
  }
--- a/app/server/lib/log.ts
+++ b/app/server/lib/log.ts
@ -6,6 +6,7 @@
 *    log.info(...);
 */

+import { isAffirmative } from 'app/common/gutil';
 import {timeFormat} from 'app/common/timeFormat';
 import * as winston from 'winston';

@ -69,7 +70,7 @@ const fileTransportOptions = {
  level: process.env.GRIST_LOG_LEVEL || 'debug',
  timestamp: log.timestamp,
  colorize: true,
-  json: process.env.GRIST_HOSTED_VERSION ? true : false
+  json: isAffirmative(process.env.GRIST_HOSTED_VERSION)
 };

 // Configure logging to use console and simple timestamps.
--- a/app/server/lib/requestUtils.ts
+++ b/app/server/lib/requestUtils.ts
@ -13,7 +13,7 @@ import {Writable} from 'stream';
 import { TLSSocket } from 'tls';

 // log api details outside of dev environment (when GRIST_HOSTED_VERSION is set)
-const shouldLogApiDetails = Boolean(process.env.GRIST_HOSTED_VERSION);
+const shouldLogApiDetails = gutil.isAffirmative(process.env.GRIST_HOSTED_VERSION);

 // Offset to https ports in dev/testing environment.
 export const TEST_HTTPS_OFFSET = process.env.GRIST_TEST_HTTPS_OFFSET ?