[BUG] Redacting modifies the body before it hits the resolver

[rohaldb]

• I've read the docs of nestjs-pino
• I've read the docs of pino and pino-http
• I couldn't find the same open issue of nestjs-pino
• This bug is related only to current library or I've tested the same behaviour with the built-in logger and this is not a bug of NestJS.

What is the current behavior?

We are using graphql and as a result, we want to log the body of our request. For auth-related endpoints, we then redact passwod fields. We are seeing that in dockerised environments, the redact method is modifying our original body before it hits the resolver. So by the time we get the graphql parameters in the resolver, the password field has the value "[redacted]".

Per the pino http docs, we use this code snipped to give pino access to the body:

serializers: {
    req(req) {
      req.body = req.raw.body;
      return req;
    },
  },

If we instead deep copy the object, instead of assigning the variable directly (i.e req.body = structuredClone(req.raw.body)), the field is no longer redacted. This seems to be in direct opposition to the pinohttp docs, which says:

Logging of requests' bodies is disabled by default since it can cause security risks such as having private user information (password, other GDPR-protected data, etc.) logged (and persisted in most setups). However if enabled, sensitive information can be redacted as per redaction documentation.

I am unsure if this is a specific bug in the documentation, or a bug in the code, but this was working for us for over a year and suddenlyu stopped working without any package changes or anything like that.

For example, our resolver has this mutation similar to this, and input.password has the value "[redacted]"

  @Mutation(() => ClientTokensPermissionsResponse)
  login(
    @Args({ name: 'input', type: () => LoginInput }) input: LoginInput,
  ): Promise<ClientTokensPermissions> {
    return this.authService.login(input);
  }

What is the expected behavior?
Redacted fields shoud not be redacted when following

Please provide minimal example repo, not code snippet. Without example repo this issue will be closed.

We only experienced this issuue when running in a docker container with this base image node:18.17.0-alpine3.18, not on our local machines which run outside of docker. Given this brought down our entire system for several days, I am unable to dedicate time to building a fully working dockerised repo. But i have created this repo which shows the logger and serializer examples on a new nestjs project.

I appreciate this is difficult for debuggers to try reproduce the issue, but i thought better to raise the issue without a reproducible example than to not raise it all.

Please mention other relevant information such as Node.js version and Operating System.
node version 18.17.0

Another piece of information that is relevant to this is that the first invocation of the login endpoint does not include the redacted string, but subsequent invocations does have it redacted