Skip to content

feat: improved query logging #85

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 38 commits into from
Jul 4, 2023
Merged

feat: improved query logging #85

merged 38 commits into from
Jul 4, 2023

Conversation

@schwma
Copy link
Member

@schwma schwma commented May 22, 2023
edited
Loading

This PR contains the following changes

- Improved query logging:
  + Don't log queries that are `undefined`
  + Log `operationName`
  + Log `variables` when not in production
  + Sanitize arguments and their values in queries when in production

Explanation:

  • Requests that load the GraphiQL web client, i.e. GET /graphiql would log GET undefined which was confusing.
  • Without the operationName it was impossible to know which query was executed when the payload contains more than one query.
  • Variables were previously not logged (only literal values as they inline in the query). This made development less convenient.
  • Literal values (values specified inline for arguments) were previously logged, even in production. These values could contain sensitive information not meant for logs, such as values specified during create and update mutations. Arguments and their values are now sanitized in production for literal values as well as variables.

Example

Query:

query ListAllBooks {
  AdminService {
    Books {
      nodes {
        title
      }
    }
  }
}

query ListFilteredBooks ($filter: [AdminService_Books_filter]) {
  AdminService {
    Books(filter: $filter) {
      nodes {
        title
      }
    }
  }
}

with variables:

{ "filter": { "ID": { "ge": 250 } } }

and

"operationName": "ListFilteredBooks"

Previous log output

[graphql] - POST query ListAllBooks {
  AdminService {
    Books {
      nodes {
        title
      }
    }
  }
}

query ListFilteredBooks ($filter: [AdminService_Books_filter]) {
  AdminService {
    Books(filter: $filter) {
      nodes {
        title
      }
    }
  }
}

New log output

During development:

[graphql] - POST {
  operationName: 'ListFilteredBooks',
  variables: { filter: { ID: { ge: 250 } } }
} 
query ListAllBooks {
  AdminService {
    Books {
      nodes {
        title
      }
    }
  }
}

query ListFilteredBooks ($filter: [AdminService_Books_filter]) {
  AdminService {
    Books(filter: $filter) {
      nodes {
        title
      }
    }
  }
}

In production:

[graphql] - POST { operationName: 'ListFilteredBooks', variables: '***' } 
query ListAllBooks {
  AdminService {
    Books {
      nodes {
        title
      }
    }
  }
}

query ListFilteredBooks ( *** ) {
  AdminService {
    Books( *** ) {
      nodes {
        title
      }
    }
  }
}

schwma added 29 commits January 9, 2023 17:24
@schwma
Don't log 'GET undefined' when missing query
c91df0b
@schwma
Merge branch 'main' into don't-log-GET-undefined
df41694
@schwma
WIP improved request logger
def64fa
@schwma
Merge branch 'main' into don't-log-GET-undefined
c45e345
@schwma
Add operationName and variables to object
51a1b81
@schwma
Extract request logger to own module
144131e
@schwma
Add changelog entry
1a10437
@schwma
Reformat changelog entry
1da7670
@schwma
Remove outdated changelog entry
efcb5d3
@schwma
Remove padding after query
9dfcbf6
@schwma
Prettier format
e9f440d
@schwma
Log operationName and variables from URL query parameter
af5dc0e
@schwma
Parse variables JSON string if taken from req.query
283b4e1
@schwma
Add typeof object short-circuiting before Object.keys
5e30635
@schwma
Sanitize arguments and their values in production
8df47d7
@schwma
Reorder changelog entries
b5e39af
@schwma
Rename requestLogger to queryLogger
c7bfc36
@schwma
Add query logging tests
2341fe7
@schwma
Merge branch 'main' into don't-log-GET-undefined
a7d566d
@schwma
Rename logger.test.js to logger-dev.test.js
d1e414d
@schwma
Add test for log sanetization in production
bcb8899
@schwma
Prettier format
9512f6c
@schwma
Merge branch 'main' into don't-log-GET-undefined
a0045bc
@schwma
Fix logger module path
dd1a772
@schwma
Fix truncation of nested variables
f62ffb8
@schwma
Fix typo
7f58f6b
@schwma
Move object formatting to only affect query info object
e881919
@schwma
Add and improve comments
37e2e58
@schwma
Log variables object as '***' in production
0f795c7
@schwma schwma marked this pull request as ready for review June 30, 2023 10:43
@schwma schwma requested a review from a team as a code owner June 30, 2023 10:43
hm23
hm23 requested changes Jul 3, 2023
View reviewed changes
schwma
schwma commented Jul 3, 2023
View reviewed changes
test/tests/logger-prod.test.js
let _log

beforeAll(async () => {
await cds.deploy(path.join(PROJECT_PATH, 'srv'))
Copy link
Member Author

@schwma schwma Jul 3, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hm23 btw, since we were talking about this: This is a way to deploy to SQLite in-memory with cds.test, even if NODE_ENV=production is set.

@schwma schwma merged commit b46cbcc into main Jul 4, 2023
@schwma schwma deleted the don't-log-GET-undefined branch July 4, 2023 12:49
johannes-vogel added a commit that referenced this pull request Jul 5, 2023
@johannes-vogel @schwma
[rel] 0.6.1 hotfix (#103)
f2df620 
* refactor: move graphiql GET route registration into `graphiql.js` (#98)

* Move graphiql GET route registration into graphiql.js

* Remove underscore prefix since function isn't private

* chore: prepare next release (#99)

* adapt urls and references to repo name (#100)

* feat: improved query logging  (#85)

* Don't log 'GET undefined' when missing query

* WIP improved request logger

* Add operationName and variables to object

* Extract request logger to own module

* Add changelog entry

* Reformat changelog entry

* Remove outdated changelog entry

* Remove padding after query

* Prettier format

* Log `operationName` and `variables` from URL query parameter

* Parse variables JSON string if taken from `req.query`

* Add typeof object short-circuiting before Object.keys

* Sanitize arguments and their values in production

* Reorder changelog entries

* Rename requestLogger to queryLogger

* Add query logging tests

* Rename `logger.test.js` to `logger-dev.test.js`

* Add test for log sanetization in production

* Prettier format

* Fix logger module path

* Fix truncation of nested variables

* Fix typo

* Move object formatting to only affect query info object

* Add and improve comments

* Log variables object as '***' in production

* Fix typo

* Use mocked instead of dummy auth

* Add dev logging tests to prod to ensure no unwanted values are sanitized

* Add tests that ensures literal values are not sanitized in dev

* Use `{color:false,depth:null}` options for formatting everywhere

* Prettier format

* Fix property name typo `color`->`colors` and helper function call

* Move changelog entries from added to changed section

---------

Co-authored-by: Johannes Vogel <31311694+johannes-vogel@users.noreply.github.com>

* fix: GraphiQL Explorer Plugin CDN URL (#101)

* Fix GraphiQL explorer plugin CDN URL

* Add changelog entry

* prepare 0.6.1 hotfix (#102)

* prepare 0.6.1 hotfix

* 0.6.1 in package.json

---------

Co-authored-by: Marcel Schwarz <marcel.schwarz@sap.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hm23 hm23 hm23 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@schwma @hm23 @johannes-vogel