redact auth headers in logs

!restart
siddharthvp · Jun 1, 2024 · ec506ee · ec506ee
1 parent 5ac43bb
commit ec506ee
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 4 deletions.
diff --git a/botbase.ts b/botbase.ts
@@ -26,14 +26,20 @@ export function emailOnError(err: Error, taskname: string, isFatal = true) {
     // exit normally
 }
 export function logFullError(err: any, isFatal = true) {
-    if (err.request?.headers?.Authorization) {
-        err.request.headers.Authorization = '***';
-    }
+    redactSecretsInError(err);
     // datetime similar to what mwn log produces, but can't use that directly as mwn may not have loaded
     const dateTimeString = new Date().toISOString().slice(0, 19).replace('T', ' ');
     console.log(`[${dateTimeString}] ${isFatal ? '[E] Fatal error' : '[E] Error'}`);
     console.log(err);
 }
+export function redactSecretsInError(err: any) {
+    if (err.request?.headers?.Authorization) {
+        err.request.headers.Authorization = '***';
+    }
+    if (err.config?.headers?.Authorization) {
+        err.config.headers.Authorization = '***';
+    }
+}
 
 // Errors occurring inside async functions are caught by emailOnError(),
 // this is only for anything else, such as failing imports

diff --git a/utils.ts b/utils.ts
@@ -1,4 +1,4 @@
-import {bot, fs, log} from "./botbase";
+import {bot, fs, log, redactSecretsInError} from "./botbase";
 import {spawn} from "child_process";
 import {ENWIKI_DB_HOST, TOOLS_DB_HOST} from "./db";
 import {REDIS_HOST} from "./redis";
@@ -23,6 +23,9 @@ export function createLogStream(file: string) {
 	});
 
 	var logger = function (msg) {
+		if (typeof msg === 'object') {
+			redactSecretsInError(msg);
+		}
 		let ts = new bot.date().format('YYYY-MM-DD HH:mm:ss');
 		let stringified;
 		if (typeof msg === 'string') {