Protect logger from trace and debug in production (#527)
* Protec logger from trace and debug in production * Better error message
This commit is contained in:
Lukasz Ostrowski
GitHub
parent
6a9da7ac38
commit
b75a66497b
2 changed files with 17 additions and 1 deletions
5
.changeset/wet-points-deny.md
Normal file
5
.changeset/wet-points-deny.md
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
"@saleor/apps-shared": minor
|
||||||
|
---
|
||||||
|
|
||||||
|
Disabled possibility to create logger if level is DEBUG or TRACE and NODE_ENV is production. This is an additional protection for logging sensitive data.
|
||||||
|
|
@ -1,10 +1,21 @@
|
||||||
import pino from "pino";
|
import pino from "pino";
|
||||||
|
|
||||||
|
const forbiddenProductionLevels = ["debug", "trace"];
|
||||||
|
|
||||||
|
const logLevel = process.env.APP_LOG_LEVEL ?? "silent";
|
||||||
|
|
||||||
|
if (process.env.NODE_ENV === "production" && forbiddenProductionLevels.includes(logLevel)) {
|
||||||
|
throw new Error(
|
||||||
|
`Production app can only log INFO or higher log level. "${logLevel}" is development only.`
|
||||||
|
);
|
||||||
|
process.exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* TODO Set up log drain etc
|
* TODO Set up log drain etc
|
||||||
*/
|
*/
|
||||||
export const logger = pino({
|
export const logger = pino({
|
||||||
level: process.env.APP_LOG_LEVEL ?? "silent",
|
level: logLevel,
|
||||||
redact: ["token", "apiKey"],
|
redact: ["token", "apiKey"],
|
||||||
transport:
|
transport:
|
||||||
process.env.NODE_ENV === "development"
|
process.env.NODE_ENV === "development"
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue