Skip to content

Commit

Permalink
logging and eslint fixes. Prevent log injection and properly import a…
Browse files Browse the repository at this point in the history
…s types
  • Loading branch information
Mike Kao authored and lenaxia committed Nov 9, 2024
1 parent 9b7bd91 commit 0a5945a
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 7 deletions.
19 changes: 14 additions & 5 deletions server/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ import next from 'next';
import path from 'path';
import swaggerUi from 'swagger-ui-express';
import YAML from 'yamljs';
import xss from 'xss';
import validator from 'validator';

const API_SPEC_PATH = path.join(__dirname, '../overseerr-api.yml');

Expand All @@ -45,12 +47,19 @@ const handle = app.getRequestHandler();

const logMiddleware = (req: Request, res: Response, next: NextFunction) => {
// Log information about the incoming request
logger.debug(`Request Method: ${req.method}`);
logger.debug(`Request URL: ${req.url}`);
logger.debug(`Request Headers: ${JSON.stringify(req.headers)}`);
logger.debug(`Request Body: ${JSON.stringify(req.body)}`);
logger.debug(`Request Method: ${xss(req.method)}`);
logger.debug(`Request URL: ${xss(req.url)}`);

const sanitizedHeaders = JSON.stringify(req.headers, (key, value) =>
typeof value === 'string' ? validator.escape(value) : value
);
logger.debug(`Request Headers: ${sanitizedHeaders}`);

const sanitizedBody = JSON.stringify(req.body, (key, value) =>
typeof value === 'string' ? validator.escape(value) : value
);
logger.debug(`Request Body: ${sanitizedBody}`);

// Continue processing the request
next();
};

Expand Down
5 changes: 3 additions & 2 deletions server/routes/auth.ts
Original file line number Diff line number Diff line change
Expand Up @@ -6,14 +6,15 @@ import { Permission } from '@server/lib/permissions';
import { getSettings } from '@server/lib/settings';
import logger from '@server/logger';
import { isAuthenticated } from '@server/middleware/auth';
import { Router, Request } from 'express';
import { Router} from 'express';
import type { Request } from 'express';
/* eslint-disable @typescript-eslint/no-unused-vars */
import {
createJwtSchema,
getOIDCRedirectUrl,
getOIDCWellknownConfiguration,
OIDCJwtPayload,
} from '@server/utils/oidc';
import type { OIDCJwtPayload } from '@server/utils/oidc';
import { randomBytes } from 'crypto';
import gravatarUrl from 'gravatar-url';
import decodeJwt from 'jwt-decode';
Expand Down

0 comments on commit 0a5945a

Please sign in to comment.