margin.at
Write on the margins of the internet. Powered by the AT Protocol.
margin.at
extension
web
atproto
comments
Implement a privacy logger
scanash.com
+2
-1
backend/cmd/server/main.go
+2
-1
backend/cmd/server/main.go
···
19
19
"margin.at/internal/api"
20
20
"margin.at/internal/db"
21
21
"margin.at/internal/firehose"
22
+
internalMiddleware "margin.at/internal/middleware"
22
23
"margin.at/internal/oauth"
23
24
"margin.at/internal/sync"
24
25
)
···
55
56
56
57
r := chi.NewRouter()
57
58
58
-
r.Use(middleware.Logger)
59
+
r.Use(internalMiddleware.PrivacyLogger)
59
60
r.Use(middleware.Recoverer)
60
61
r.Use(middleware.RequestID)
61
62
r.Use(middleware.RealIP)
+46
backend/internal/middleware/logger.go
+46
backend/internal/middleware/logger.go
···
1
+
package middleware
2
+
3
+
import (
4
+
"log"
5
+
"net/http"
6
+
"net/url"
7
+
"time"
8
+
9
+
"github.com/go-chi/chi/v5/middleware"
10
+
)
11
+
12
+
func PrivacyLogger(next http.Handler) http.Handler {
13
+
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
14
+
ww := middleware.NewWrapResponseWriter(w, r.ProtoMajor)
15
+
t1 := time.Now()
16
+
17
+
defer func() {
18
+
safeURL := redactURL(r.URL)
19
+
20
+
log.Printf("[%d] %s %s %s",
21
+
ww.Status(),
22
+
r.Method,
23
+
safeURL,
24
+
time.Since(t1),
25
+
)
26
+
}()
27
+
28
+
next.ServeHTTP(ww, r)
29
+
})
30
+
}
31
+
32
+
func redactURL(u *url.URL) string {
33
+
redacted := *u
34
+
q := redacted.Query()
35
+
36
+
sensitiveKeys := []string{"source", "url", "target", "parent", "root", "uri"}
37
+
38
+
for _, key := range sensitiveKeys {
39
+
if q.Has(key) {
40
+
q.Set(key, "[REDACTED]")
41
+
}
42
+
}
43
+
44
+
redacted.RawQuery = q.Encode()
45
+
return redacted.String()
46
+
}