- solved #840

[jiachen1120]

issue: #840

• audit request if bodyHandler enabled
• audit query parameters if request contains it
• audit response on error

[codecov-io]

Codecov Report

Merging #849 (f2c1748) into 1.6.x (b9033a3) will increase coverage by 0.03%.
The diff coverage is 62.79%.

@@             Coverage Diff              @@
##              1.6.x     #849      +/-   ##
============================================
+ Coverage     48.96%   49.00%   +0.03%     
- Complexity     1941     1951      +10     
============================================
  Files           267      267              
  Lines         12081    12112      +31     
  Branches       1692     1704      +12     
============================================
+ Hits           5916     5936      +20     
- Misses         5462     5463       +1     
- Partials        703      713      +10     

Impacted Files	Coverage Δ	Complexity Δ
...rc/main/java/com/networknt/audit/AuditHandler.java	61.11% <60.97%> (+1.78%)	23.00 <9.00> (+10.00)
.../src/main/java/com/networknt/body/BodyHandler.java	73.77% <100.00%> (ø)	13.00 <0.00> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b9033a3...f2c1748. Read the comment docs.

[stevehu]

I have reviewed the PR and it looks good to me. @miklish Could you please review and approve it? Thanks.

[jaswalkiranavtar]

can we rename this to requestBody and responseBody? Just saying request sounds like it will audit the whole request including query params, path params, cookies etc

[jiachen1120]

Thanks for pointing out, I also think renaming would be better. But seems these names have been used in previous versions. If we change them now, it may cause backward compatibility. People who previously used these names to audit requests may not be able to continue auditing them if they don't change their configuration. @stevehu Do you think we can change it?

[stevehu]

I think it makes sense to rename it to clearly define what is the audited object. Regarding the backward compatibility in the config, we can mention that in the next release notes. It is not a coding issue but only the configuration file and it is easier for users to adjust. Thank you for pointing it out. We need to update the document to refect the change in this PR as well.

[jiachen1120]

I see. Will rename them.

[jaswalkiranavtar]

same comment as comment for request

[jaswalkiranavtar]

you added queryParams, what if somebody wants to audit path params and cookies?

[jiachen1120]

Thanks for pointing out.

Since my client now only needs audit query parameters, I was limited to audit query parameters before. I think we can try to cover more audit point.

[stevehu]

I have realized that serviceId is in the audit list but it is not implemented. It is only mentioned in the comment section at the beginning of the handler. When the audit log aggregated to a central location, the serviceId should be the key info. @jiachen1120 Could you please add this to this PR? It should be retrieved from the server.yml file. Let me know if you have questions or concerns.

[jiachen1120]

Sure. Will do