Jackie/rentall-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

backend logging

Browse Source
This commit is contained in:
jackiettran
2025-09-22 18:38:51 -04:00
parent 6199609a4d
commit 3e76769a3e
17 changed files with 1225 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
backend/middleware/security.js
View File

@@ -1,3 +1,5 @@
const logger = require('../utils/logger');
// HTTPS enforcement middleware
const enforceHTTPS = (req, res, next) => {
// Skip HTTPS enforcement in development
@@ -20,11 +22,13 @@ const enforceHTTPS = (req, res, next) => {
// Log the redirect for monitoring
if (req.headers.host !== allowedHost) {
console.warn("[SECURITY] Host header mismatch during HTTPS redirect:", {
const reqLogger = logger.withRequestId(req.id);
reqLogger.warn("Host header mismatch during HTTPS redirect", {
requestHost: req.headers.host,
allowedHost,
ip: req.ip,
url: req.url,
eventType: 'SECURITY_HOST_MISMATCH'
});
}
@@ -70,34 +74,21 @@ const addRequestId = (req, res, next) => {
// Log security events
const logSecurityEvent = (eventType, details, req) => {
const reqLogger = logger.withRequestId(req.id || "unknown");
const logEntry = {
timestamp: new Date().toISOString(),
eventType,
requestId: req.id || "unknown",
ip: req.ip || req.connection.remoteAddress,
userAgent: req.get("user-agent"),
userId: req.user?.id || "anonymous",
...details,
};
// In production, this should write to a secure log file or service
if (process.env.NODE_ENV === "production") {
console.log("[SECURITY]", JSON.stringify(logEntry));
} else {
console.log("[SECURITY]", eventType, details);
}
reqLogger.warn(`Security event: ${eventType}`, logEntry);
};
// Sanitize error messages to prevent information leakage
const sanitizeError = (err, req, res, next) => {
// Log the full error internally
console.error("Error:", {
requestId: req.id,
error: err.message,
stack: err.stack,
userId: req.user?.id,
});
// Send sanitized error to client
const isDevelopment =
process.env.NODE_ENV === "dev" || process.env.NODE_ENV === "development";