From 83d733608a481888811fd40e6c603d53a084ad89 Mon Sep 17 00:00:00 2001 From: Sergei Tsoganov Date: Thu, 25 Jan 2024 14:26:07 +0200 Subject: [PATCH 1/2] Implemented URL sanitization for logger --- server/routes/apiRoute.js | 8 +++++++- server/utils/logger.js | 10 ++++++++-- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/server/routes/apiRoute.js b/server/routes/apiRoute.js index ed1e23c..df19d9f 100644 --- a/server/routes/apiRoute.js +++ b/server/routes/apiRoute.js @@ -246,7 +246,13 @@ export default { if (e && e.response && e.response.status) { return res.status(e.response.status).json({}); } - return res.status(408).json({}); + // return res.status(408).json({}); + if (!res.headersSent) { + return res.status(408).json({}); + } else { + // Log or handle the situation where a response was already sent + console.error('Response already sent.'); + } } }, diff --git a/server/utils/logger.js b/server/utils/logger.js index f67190c..a5c685c 100644 --- a/server/utils/logger.js +++ b/server/utils/logger.js @@ -17,16 +17,22 @@ const logger = { ignoreRoute, meta: false, msg: (req, res) => { - return `${req.method} ${req.protocol}://${req.get('host')}${req.originalUrl} (${ + return `${req.method} ${req.protocol}://${req.get('host')}${sanitizeUrl(req.originalUrl)} (${ res.statusCode }) ${Math.floor(res.responseTime / 1000)}, User-Agent: ${req.get( 'User-Agent' - )}, Referrer: ${req.get('Referrer')}, IP: ${ + )}, Referrer: ${sanitizeUrl(req.get('Referrer'))}, IP: ${ req.ip.indexOf(':') >= 0 ? req.ip.substring(req.ip.lastIndexOf(':') + 1) : req.i }`; }, }; +function sanitizeUrl(url) { + // Implement URL sanitization logic here + // For example, removing or encoding certain characters + return url.replace(/[{}]/g, encodeURIComponent); +} + export const accessLog = { ...logger, transports: [ From a648e676db87b7ee3e72db15df258ecbca501b6a Mon Sep 17 00:00:00 2001 From: Sergei Tsoganov Date: Thu, 25 Jan 2024 15:35:16 +0200 Subject: [PATCH 2/2] Fixed sanitizeUrl function --- server/utils/logger.js | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/server/utils/logger.js b/server/utils/logger.js index a5c685c..5d5814a 100644 --- a/server/utils/logger.js +++ b/server/utils/logger.js @@ -17,9 +17,9 @@ const logger = { ignoreRoute, meta: false, msg: (req, res) => { - return `${req.method} ${req.protocol}://${req.get('host')}${sanitizeUrl(req.originalUrl)} (${ - res.statusCode - }) ${Math.floor(res.responseTime / 1000)}, User-Agent: ${req.get( + return `${req.method} ${req.protocol}://${req.get('host')}${sanitizeUrl( + req.originalUrl + )} (${res.statusCode}) ${Math.floor(res.responseTime / 1000)}, User-Agent: ${req.get( 'User-Agent' )}, Referrer: ${sanitizeUrl(req.get('Referrer'))}, IP: ${ req.ip.indexOf(':') >= 0 ? req.ip.substring(req.ip.lastIndexOf(':') + 1) : req.i @@ -30,7 +30,11 @@ const logger = { function sanitizeUrl(url) { // Implement URL sanitization logic here // For example, removing or encoding certain characters - return url.replace(/[{}]/g, encodeURIComponent); + if (typeof url === 'string') { + return url.replace(/[{}]/g, match => encodeURIComponent(match)); + } else { + return ''; + } } export const accessLog = {