Merge pull request #13 from blackbx/html-escape-and-auth-token

Update json encoding code to not escape HTML characters
blackbx · Feb 10, 2020 · 9999baa · 9999baa
2 parents 729ff4e + 6cd0149
commit 9999baa
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 4 deletions.
diff --git a/logging/log.go b/logging/log.go
@@ -24,6 +24,7 @@ var Service = dependency.Service{
 		set.String("app-version", "dev", "The version of the application being configured")
 		set.String("environment", "test", "The environment that the application is deployed in")
 		set.String("logger", "development", "Whether to log in development mode.")
+		set.StringSlice("excluded-headers", []string{"Authorization"}, "Which headers to hide from the request log")
 	},
 	Constructor: NewLoggerFactory().Logger,
 }

diff --git a/logging/middleware.go b/logging/middleware.go
@@ -4,6 +4,8 @@ import (
 	"fmt"
 	"net/http"
 
+	"github.com/BlackBX/service-framework/dependency"
+
 	"github.com/gorilla/mux"
 	"go.uber.org/zap"
 )
@@ -31,7 +33,7 @@ func (l *ResponseLogger) WriteHeader(statusCode int) {
 }
 
 // NewMiddleware returns you a new instance of the Logger middleware
-func NewMidlleware(logger *zap.Logger) mux.MiddlewareFunc {
+func NewMidlleware(logger *zap.Logger, config dependency.ConfigGetter) mux.MiddlewareFunc {
 	return func(handler http.Handler) http.Handler {
 		return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
 			fields := []zap.Field{
@@ -41,7 +43,7 @@ func NewMidlleware(logger *zap.Logger) mux.MiddlewareFunc {
 				zap.String("protocol", r.Proto),
 				zap.Int64("request.content-length", r.ContentLength),
 			}
-			fields = append(fields, requestHeaders(r)...)
+			fields = append(fields, requestHeaders(r, config.GetStringSlice("excluded-headers"))...)
 			fields = append(fields, queryParams(r)...)
 			responseLogger := NewResponseLogger(rw)
 			handler.ServeHTTP(responseLogger, r)
@@ -73,9 +75,17 @@ func responseHeaders(headers http.Header) []zap.Field {
 	return fields
 }
 
-func requestHeaders(r *http.Request) []zap.Field {
+func requestHeaders(r *http.Request, excludedHeaders []string) []zap.Field {
+	headers := map[string]struct{}{}
+	for _, header := range excludedHeaders {
+		headers[header] = struct{}{}
+	}
 	fields := make([]zap.Field, 0, len(r.Header))
 	for header := range r.Header {
+		_, ok := headers[header]
+		if ok {
+			continue
+		}
 		headerName := fmt.Sprintf("request.header.%s", header)
 		field := zap.String(headerName, r.Header.Get(header))
 		fields = append(fields, field)

diff --git a/response/json.go b/response/json.go
@@ -15,11 +15,13 @@ type JSONEncoder interface {
 // NewJSONResponder creates a new instance of the JSONResponder type
 // for the given request
 func NewJSONResponder(logger *zap.Logger, rw http.ResponseWriter, r *http.Request) Responder {
+	encoder := json.NewEncoder(rw)
+	encoder.SetEscapeHTML(false)
 	return JSONResponder{
 		logger:         logger,
 		responseWriter: rw,
 		request:        r,
-		Encoder:        json.NewEncoder(rw),
+		Encoder:        encoder,
 	}
 }