5
0
Fork 0
mirror of https://0xacab.org/sutty/sutty synced 2024-11-22 05:06:21 +00:00

fix: anonimizar encabezados

This commit is contained in:
f 2024-11-01 16:23:13 -03:00
parent 1f4b1b5fce
commit 12d515e2ac
No known key found for this signature in database

View file

@ -6,6 +6,8 @@
class RegistrationsController < Devise::RegistrationsController class RegistrationsController < Devise::RegistrationsController
class SpambotError < StandardError; end class SpambotError < StandardError; end
PRIVATE_HEADERS = /(cookie|secret|token)/i
prepend_before_action :anti_spambot_traps, only: %i[create] prepend_before_action :anti_spambot_traps, only: %i[create]
prepend_after_action :lock_spambots, only: %i[create] prepend_after_action :lock_spambots, only: %i[create]
@ -34,7 +36,7 @@ class RegistrationsController < Devise::RegistrationsController
def anti_spambot_traps def anti_spambot_traps
raise SpambotError if spambot? raise SpambotError if spambot?
rescue SpambotError => e rescue SpambotError => e
ExceptionNotifier.notify_exception(e, data: { params: anonymized_params, headers: request.headers.to_h }) ExceptionNotifier.notify_exception(e, data: { params: anonymized_params, headers: anonymized_headers })
nil nil
end end
@ -49,6 +51,18 @@ class RegistrationsController < Devise::RegistrationsController
end end
end end
# Devuelve los encabezados de la petición sin información sensible de
# Rails
#
# @return [Hash]
def anonymized_headers
request.headers.to_h.select do |_, v|
v.is_a? String
end.reject do |k, _|
k =~ PRIVATE_HEADERS
end
end
# Si le usuarie es considerade spambot, no enviamos el correo de # Si le usuarie es considerade spambot, no enviamos el correo de
# confirmación al crear la cuenta. # confirmación al crear la cuenta.
def sign_up_params def sign_up_params