-
Notifications
You must be signed in to change notification settings - Fork 214
/
RequestLoggingFilter.java
111 lines (100 loc) · 3.84 KB
/
RequestLoggingFilter.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
/*
* Copyright (c) 2021 Contributors to the Eclipse Foundation
*
* See the NOTICE file(s) distributed with this work for additional
* information regarding copyright ownership.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.ditto.gateway.service.endpoints.directives;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.stream.StreamSupport;
import org.apache.pekko.http.javadsl.model.HttpHeader;
import org.apache.pekko.http.javadsl.model.Query;
import org.apache.pekko.http.javadsl.model.Uri;
/**
* Provides methods to redact sensitive parameter/header values from (raw) URIs and headers e.g. for logging purposes.
*/
final class RequestLoggingFilter {
private static final Set<String> FILTERED_PARAMETERS = Set.of("access_token");
private static final Set<String> FILTERED_HEADERS = Set.of("authorization");
private static final String REDACTED_VALUE = "***";
private RequestLoggingFilter() {}
/**
* Determines whether a {@link org.apache.pekko.http.javadsl.model.Query} contains parameters that need filtering.
*
* @param query the query to check
* @return {@code true} if the given Query requires filtering
*/
static boolean requiresFiltering(final Query query) {
return FILTERED_PARAMETERS.stream().anyMatch(param -> query.get(param).isPresent());
}
/**
* Redacts unwanted parameter values with {@code ***} in a raw string uri.
*
* @param rawUri the raw uri to redact.
* @return the redacted raw uri
*/
static String filterRawUri(final String rawUri) {
final int startFrom = rawUri.indexOf("?");
if (startFrom >= 0) { // contains parameters
String filteredRawUri = rawUri;
for (final String parameter : FILTERED_PARAMETERS) {
final int indexOfParameter = filteredRawUri.indexOf(parameter + "=");
if (indexOfParameter >= 0) {
filteredRawUri = filteredRawUri.replaceAll(parameter + "=[^&]*", parameter + "=***");
}
}
return filteredRawUri;
} else {
return rawUri;
}
}
/**
* Redacts unwanted parameter values with {@code ***} in a Uri.
*
* @param uri the uri to redact.
* @return the redacted uri
*/
static Uri filterUri(final Uri uri) {
return requiresFiltering(uri.query()) ? uri.query(filterQuery(uri.query())) : uri;
}
/**
* Redacts unwanted parameter values with {@code ***} in a Query object.
*
* @param query the query to redact.
* @return the redacted query
*/
static Query filterQuery(final Query query) {
if (requiresFiltering(query)) {
final Map<String, String> queryMap = new HashMap<>(query.toMap());
FILTERED_PARAMETERS.forEach(param -> queryMap.put(param, REDACTED_VALUE));
return Query.create(queryMap);
} else {
return query;
}
}
/**
* Redacts unwanted header values with {@code ***} in an iterable of {@link org.apache.pekko.http.javadsl.model.HttpHeader}s.
*
* @param headers the headers to redact
* @return the redacted headers
*/
static Iterable<HttpHeader> filterHeaders(final Iterable<HttpHeader> headers) {
return StreamSupport.stream(headers.spliterator(), false)
.map(header -> {
if (FILTERED_HEADERS.contains(header.lowercaseName())) {
return HttpHeader.parse(header.name(), REDACTED_VALUE);
} else {
return header;
}
})
.toList();
}
}