🔒 security(api): remove client ID and IP from SSE connect/disconnect log lines

s-b-e-n-s-o-n · s-b-e-n-s-o-n · commit 9e236745254f · 2026-04-10T08:50:40.000-04:00
- SSE lifecycle logs no longer leak raw client identifiers or source IPs into the system log
- Per-IP connection limit warnings no longer echo the rate-limited address
diff --git a/app/api/sse.test.ts b/app/api/sse.test.ts
@@ -348,6 +348,29 @@ describe('SSE Router', () => {
       expect(sseRouter._clients.size).toBe(1);
     });
 
+    test('should log connection lifecycle without raw client identifiers', () => {
+      const handler = getHandler();
+      const req = createSSERequest('203.0.113.10');
+      const res = createSSEResponse();
+
+      handler(req, res);
+      const connectedPayload = parseSseEventPayload(res, 'dd:connected');
+
+      expect(mockLoggerDebug).toHaveBeenCalledWith('SSE client connected (1 total)');
+      expect(mockLoggerDebug).not.toHaveBeenCalledWith(
+        expect.stringContaining(connectedPayload.clientId),
+      );
+      expect(mockLoggerDebug).not.toHaveBeenCalledWith(expect.stringContaining('203.0.113.10'));
+
+      req._listeners.close();
+
+      expect(mockLoggerDebug).toHaveBeenCalledWith('SSE client disconnected (0 total)');
+      expect(mockLoggerDebug).not.toHaveBeenCalledWith(
+        expect.stringContaining(connectedPayload.clientId),
+      );
+      expect(mockLoggerDebug).not.toHaveBeenCalledWith(expect.stringContaining('203.0.113.10'));
+    });
+
     test('should remove client on connection close', () => {
       const handler = getHandler();
       const req = createSSERequest();
@@ -608,6 +631,8 @@ describe('SSE Router', () => {
 
       expect(rejectedRes.status).toHaveBeenCalledWith(429);
       expect(rejectedRes.json).toHaveBeenCalledWith({ error: 'Too many SSE connections' });
+      expect(mockLoggerWarn).toHaveBeenCalledWith('SSE per-IP connection limit reached (10)');
+      expect(mockLoggerWarn).not.toHaveBeenCalledWith(expect.stringContaining(ip));
     });
 
     test('should allow connections from different IPs independently', () => {
diff --git a/app/api/sse.ts b/app/api/sse.ts
@@ -150,7 +150,7 @@ function eventsHandler(req: Request, res: Response): void {
   const currentSessionCount = connectionsPerSession.get(sessionKey) ?? 0;
 
   if (currentIpCount >= MAX_CONNECTIONS_PER_IP) {
-    logger.warn(`SSE connection limit reached for ${ip} (${currentIpCount})`);
+    logger.warn(`SSE per-IP connection limit reached (${currentIpCount})`);
     sendErrorResponse(res, 429, 'Too many SSE connections');
     return;
   }
@@ -194,7 +194,7 @@ function eventsHandler(req: Request, res: Response): void {
   client.flush?.();
 
   clients.add(client);
-  logger.debug(`SSE client connected: ${activeClient.clientId} from ${ip} (${clients.size} total)`);
+  logger.debug(`SSE client connected (${clients.size} total)`);
   startSharedHeartbeatIntervalIfNeeded();
 
   let disconnected = false;
@@ -222,9 +222,7 @@ function eventsHandler(req: Request, res: Response): void {
     } else {
       connectionsPerSession.set(sessionKey, sessionCount - 1);
     }
-    logger.debug(
-      `SSE client disconnected: ${activeClient.clientId} from ${ip} (${clients.size} total)`,
-    );
+    logger.debug(`SSE client disconnected (${clients.size} total)`);
   };
 
   req.on('close', cleanup);
