From b7a36e7fd09d3093e6fabf19b3d2b13b4a88f8d2 Mon Sep 17 00:00:00 2001 From: Martin Edenhofer Date: Sun, 19 Oct 2014 09:52:09 +0200 Subject: [PATCH 1/3] Strip out passwords. Just log non ui track requests. --- .../javascripts/app/lib/app_init/track.js.coffee | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/app/assets/javascripts/app/lib/app_init/track.js.coffee b/app/assets/javascripts/app/lib/app_init/track.js.coffee index d38594b59..e350ab1b6 100644 --- a/app/assets/javascripts/app/lib/app_init/track.js.coffee +++ b/app/assets/javascripts/app/lib/app_init/track.js.coffee @@ -24,9 +24,9 @@ class _trackSingleton @trackId = 'track-' + new Date().getTime() + '-' + Math.floor( Math.random() * 99999 ) @browser = App.Browser.detection() @data = [] +# @url = 'http://localhost:3005/api/v1/ui' # @url = 'https://log.znuny.com/api/ui' @url = 'https://portal.znuny.com/api/v1/ui' -# @url = 'api/ui' @log( 'start', 'notice', {} ) @@ -60,13 +60,19 @@ class _trackSingleton # log ajax calls $(document).bind( 'ajaxComplete', ( e, request, settings ) => - length = @url.length - if settings.url.substr(0,length) isnt @url && settings.url.substr(0,6) isnt 'api/ui' + + # do not log ui requests + if settings.url && settings.url.substr(0,3) isnt '/ui' level = 'notice' responseText = '' if request.status >= 400 level = 'error' responseText = request.responseText + + # delete passwords form data + if settings.data && typeof settings.data is 'string' + settings.data = settings.data.replace(/"password":".+?"/gi, '"password":"xxx"') + @log( 'ajax.send', level, @@ -85,7 +91,7 @@ class _trackSingleton $(window).bind( 'beforeunload' => - @log( 'end', 'notice', {} ) + @log( 'good bye', 'notice', {} ) @send(false) return ) From 9c3a5d6bc506573804a64f53e42640663dfe8e05 Mon Sep 17 00:00:00 2001 From: Martin Edenhofer Date: Sun, 19 Oct 2014 10:32:23 +0200 Subject: [PATCH 2/3] Fixed url detection of no log of ui log request. --- app/assets/javascripts/app/lib/app_init/track.js.coffee | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/assets/javascripts/app/lib/app_init/track.js.coffee b/app/assets/javascripts/app/lib/app_init/track.js.coffee index e350ab1b6..ef8f49927 100644 --- a/app/assets/javascripts/app/lib/app_init/track.js.coffee +++ b/app/assets/javascripts/app/lib/app_init/track.js.coffee @@ -62,7 +62,7 @@ class _trackSingleton $(document).bind( 'ajaxComplete', ( e, request, settings ) => # do not log ui requests - if settings.url && settings.url.substr(0,3) isnt '/ui' + if settings.url && settings.url.substr(settings.url-3,3) isnt '/ui' level = 'notice' responseText = '' if request.status >= 400 From 7ab79e472894fe4e5d672ef4d98ad4d03cea7b8b Mon Sep 17 00:00:00 2001 From: Martin Edenhofer Date: Sun, 19 Oct 2014 11:08:01 +0200 Subject: [PATCH 3/3] Added length limitation of data (just send first 3000 chars of log messages). --- .../javascripts/app/lib/app_init/track.js.coffee | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/app/assets/javascripts/app/lib/app_init/track.js.coffee b/app/assets/javascripts/app/lib/app_init/track.js.coffee index ef8f49927..fb84278ba 100644 --- a/app/assets/javascripts/app/lib/app_init/track.js.coffee +++ b/app/assets/javascripts/app/lib/app_init/track.js.coffee @@ -62,16 +62,22 @@ class _trackSingleton $(document).bind( 'ajaxComplete', ( e, request, settings ) => # do not log ui requests - if settings.url && settings.url.substr(settings.url-3,3) isnt '/ui' + if settings.url && settings.url.substr(settings.url.length-3,3) isnt '/ui' level = 'notice' responseText = '' if request.status >= 400 level = 'error' responseText = request.responseText - # delete passwords form data - if settings.data && typeof settings.data is 'string' - settings.data = settings.data.replace(/"password":".+?"/gi, '"password":"xxx"') + if settings.data + + # add length limitation + if settings.data.length > 3000 + settings.data = settings.data.substr(0,3000) + + # delete passwords form data + if typeof settings.data is 'string' + settings.data = settings.data.replace(/"password":".+?"/gi, '"password":"xxx"') @log( 'ajax.send',