fix: Don't allow serialization of firestore settings (#1742)

* Dont allow serialization of firestore settings When logging any firestore object like WriteBatch,Transaction,etc the settings object also gets logged / exposed This can be seen by running JSON.stringify on any firestore object even a document reference Many developers log firestore objects to help them debug testing/prod issues, this leaking of entire firestore key via this._settings is a bad practice as per me We can also use Object.defineProperty to make it non-enumerable or any other technique that you like * Fix formatting. * Only redact credentials. Co-authored-by: Ehsan Nasiri <ehsannas@gmail.com>
googleapis · Aug 8, 2022 · fa0ad66 · fa0ad66
1 parent a67a124
commit fa0ad66
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/dev/src/index.ts b/dev/src/index.ts
@@ -652,6 +652,13 @@ export class Firestore implements firestore.Firestore {
     }
 
     this._settings = settings;
+    this._settings.toJson = function () {
+      const temp = Object.assign({}, this);
+      if (temp.credentials) {
+        temp.credentials = {private_key: '***', client_email: '***'};
+      }
+      return temp;
+    };
     this._serializer = new Serializer(this);
   }