WIP

Author: itssimon

src/main/java/io/apitally/common/RequestLogger.java

@@ -8,7 +8,6 @@
 import java.util.Arrays;
 import java.util.Deque;
 import java.util.List;
-import java.util.UUID;
 import java.util.concurrent.ConcurrentLinkedDeque;
 import java.util.concurrent.Executors;
 import java.util.concurrent.ScheduledExecutorService;
@@ -21,12 +20,14 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.node.ObjectNode;
 
 import io.apitally.common.dto.ExceptionDto;
 import io.apitally.common.dto.Header;
 import io.apitally.common.dto.Request;
+import io.apitally.common.dto.RequestLogItem;
 import io.apitally.common.dto.Response;
 
 public class RequestLogger {
@@ -80,7 +81,7 @@ public class RequestLogger {
     private final RequestLoggingConfig config;
     private final ObjectMapper objectMapper;
     private final ReentrantLock lock;
-    private final Deque<String> pendingWrites;
+    private final Deque<RequestLogItem> pendingWrites;
     private final Deque<TempGzipFile> files;
     private TempGzipFile currentFile;
     private boolean enabled;
@@ -144,80 +145,27 @@ public void logRequest(Request request, Response response, Exception exception)
 
         try {
             String userAgent = findHeader(request.getHeaders(), "user-agent");
-            if (shouldExcludePath(request.getPath()) || shouldExcludeUserAgent(userAgent)
-                    || (config.getCallbacks() != null && config.getCallbacks().shouldExclude(request, response))) {
+            if (shouldExcludePath(request.getPath()) || shouldExcludeUserAgent(userAgent)) {
                 return;
             }
-
-            // Process query params and URL
-            if (request.getUrl() != null) {
-                try {
-                    URL url = new URL(request.getUrl());
-                    String query = url.getQuery();
-                    if (!config.isQueryParamsIncluded()) {
-                        query = null;
-                    } else if (query != null) {
-                        query = maskQueryParams(query);
-                    }
-                    request.setUrl(new java.net.URL(url.getProtocol(), url.getHost(), url.getPort(),
-                            url.getPath() + (query != null ? "?" + query : "")).toString());
-                } catch (MalformedURLException e) {
-                    return;
-                }
+            if (config.getCallbacks() != null && config.getCallbacks().shouldExclude(request, response)) {
+                return;
             }
 
-            // Process request body
             if (!config.isRequestBodyIncluded() || !hasSupportedContentType(request.getHeaders())) {
                 request.setBody(null);
-            } else if (request.getBody() != null) {
-                if (request.getBody().length > MAX_BODY_SIZE) {
-                    request.setBody(BODY_TOO_LARGE);
-                } else if (config.getCallbacks() != null) {
-                    byte[] maskedBody = config.getCallbacks().maskRequestBody(request);
-                    request.setBody(maskedBody != null ? maskedBody : BODY_MASKED);
-                    if (request.getBody().length > MAX_BODY_SIZE) {
-                        request.setBody(BODY_TOO_LARGE);
-                    }
-                }
             }
-
-            // Process response body
             if (!config.isResponseBodyIncluded() || !hasSupportedContentType(response.getHeaders())) {
                 response.setBody(null);
-            } else if (response.getBody() != null) {
-                if (response.getBody().length > MAX_BODY_SIZE) {
-                    response.setBody(BODY_TOO_LARGE);
-                } else if (config.getCallbacks() != null) {
-                    byte[] maskedBody = config.getCallbacks().maskResponseBody(request, response);
-                    response.setBody(maskedBody != null ? maskedBody : BODY_MASKED);
-                    if (response.getBody().length > MAX_BODY_SIZE) {
-                        response.setBody(BODY_TOO_LARGE);
-                    }
-                }
             }
 
-            // Process headers
-            request.setHeaders(
-                    config.isRequestHeadersIncluded()
-                            ? maskHeaders(request.getHeaders()).toArray(new Header[0])
-                            : new Header[0]);
-            response.setHeaders(
-                    config.isResponseHeadersIncluded()
-                            ? maskHeaders(response.getHeaders()).toArray(new Header[0])
-                            : new Header[0]);
-
-            // Create log item
-            ObjectNode item = objectMapper.createObjectNode();
-            item.put("uuid", UUID.randomUUID().toString());
-            item.set("request", skipEmptyValues(objectMapper.valueToTree(request)));
-            item.set("response", skipEmptyValues(objectMapper.valueToTree(response)));
+            ExceptionDto exceptionDto = null;
             if (exception != null && config.isExceptionIncluded()) {
-                ExceptionDto exceptionDto = new ExceptionDto(exception);
-                item.set("exception", objectMapper.valueToTree(exceptionDto));
+                exceptionDto = new ExceptionDto(exception);
             }
 
-            String serializedItem = objectMapper.writeValueAsString(item);
-            pendingWrites.add(serializedItem);
+            RequestLogItem item = new RequestLogItem(request, response, exceptionDto);
+            pendingWrites.add(item);
 
             if (pendingWrites.size() > MAX_PENDING_WRITES) {
                 pendingWrites.poll();
@@ -227,6 +175,74 @@ public void logRequest(Request request, Response response, Exception exception)
         }
     }
 
+    private void applyMasking(RequestLogItem item) {
+        Request request = item.getRequest();
+        Response response = item.getResponse();
+
+        if (request.getBody() != null) {
+            // Apply user-provided masking callback for request body
+            if (config.getCallbacks() != null) {
+                byte[] maskedBody = config.getCallbacks().maskRequestBody(request);
+                request.setBody(maskedBody != null ? maskedBody : BODY_MASKED);
+            }
+
+            if (request.getBody().length > MAX_BODY_SIZE) {
+                request.setBody(BODY_TOO_LARGE);
+            }
+
+            // Mask request body fields (if JSON)
+            if (!Arrays.equals(request.getBody(), BODY_TOO_LARGE) && !Arrays.equals(request.getBody(), BODY_MASKED)
+                    && hasJsonContentType(request.getHeaders())) {
+                request.setBody(maskJsonBody(request.getBody()));
+            }
+        }
+
+        if (response.getBody() != null) {
+            // Apply user-provided masking callback for response body
+            if (config.getCallbacks() != null) {
+                byte[] maskedBody = config.getCallbacks().maskResponseBody(request, response);
+                response.setBody(maskedBody != null ? maskedBody : BODY_MASKED);
+            }
+
+            if (response.getBody().length > MAX_BODY_SIZE) {
+                response.setBody(BODY_TOO_LARGE);
+            }
+
+            // Mask response body fields (if JSON)
+            if (!Arrays.equals(response.getBody(), BODY_TOO_LARGE) && !Arrays.equals(response.getBody(), BODY_MASKED)
+                    && hasJsonContentType(response.getHeaders())) {
+                response.setBody(maskJsonBody(response.getBody()));
+            }
+        }
+
+        // Process headers
+        request.setHeaders(
+                config.isRequestHeadersIncluded()
+                        ? maskHeaders(request.getHeaders()).toArray(new Header[0])
+                        : new Header[0]);
+        response.setHeaders(
+                config.isResponseHeadersIncluded()
+                        ? maskHeaders(response.getHeaders()).toArray(new Header[0])
+                        : new Header[0]);
+
+        // Process query params and URL
+        if (request.getUrl() != null) {
+            try {
+                URL url = new URL(request.getUrl());
+                String query = url.getQuery();
+                if (!config.isQueryParamsIncluded()) {
+                    query = null;
+                } else if (query != null) {
+                    query = maskQueryParams(query);
+                }
+                request.setUrl(new java.net.URL(url.getProtocol(), url.getHost(), url.getPort(),
+                        url.getPath() + (query != null ? "?" + query : "")).toString());
+            } catch (MalformedURLException e) {
+                // Keep original URL if malformed
+            }
+        }
+    }
+
     public void writeToFile() throws IOException {
         if (!enabled || pendingWrites.isEmpty()) {
             return;
@@ -236,9 +252,20 @@ public void writeToFile() throws IOException {
             if (currentFile == null) {
                 currentFile = new TempGzipFile();
             }
-            String item;
+            RequestLogItem item;
             while ((item = pendingWrites.poll()) != null) {
-                currentFile.writeLine(item.getBytes(StandardCharsets.UTF_8));
+                applyMasking(item);
+
+                ObjectNode itemNode = objectMapper.createObjectNode();
+                itemNode.put("uuid", item.getUuid());
+                itemNode.set("request", skipEmptyValues(objectMapper.valueToTree(item.getRequest())));
+                itemNode.set("response", skipEmptyValues(objectMapper.valueToTree(item.getResponse())));
+                if (item.getException() != null) {
+                    itemNode.set("exception", objectMapper.valueToTree(item.getException()));
+                }
+
+                String serializedItem = objectMapper.writeValueAsString(itemNode);
+                currentFile.writeLine(serializedItem.getBytes(StandardCharsets.UTF_8));
             }
         } finally {
             lock.unlock();
@@ -389,6 +416,32 @@ private List<Header> maskHeaders(Header[] headers) {
                 .collect(Collectors.toList());
     }
 
+    private byte[] maskJsonBody(byte[] body) {
+        try {
+            String json = new String(body, StandardCharsets.UTF_8);
+            JsonNode node = objectMapper.readTree(json);
+            maskJsonNode(node);
+            return objectMapper.writeValueAsString(node).getBytes(StandardCharsets.UTF_8);
+        } catch (Exception e) {
+            return body;
+        }
+    }
+
+    private void maskJsonNode(JsonNode node) {
+        if (node.isObject()) {
+            ObjectNode objectNode = (ObjectNode) node;
+            objectNode.properties().forEach(entry -> {
+                if (entry.getValue().isTextual() && shouldMaskBodyField(entry.getKey())) {
+                    objectNode.put(entry.getKey(), MASKED);
+                } else {
+                    maskJsonNode(entry.getValue());
+                }
+            });
+        } else if (node.isArray()) {
+            node.forEach(this::maskJsonNode);
+        }
+    }
+
     private boolean hasSupportedContentType(Header[] headers) {
         String contentType = findHeader(headers, "content-type");
         return contentType != null && ALLOWED_CONTENT_TYPES.stream()
@@ -410,7 +463,7 @@ private String findHeader(Header[] headers, String name) {
 
     private ObjectNode skipEmptyValues(ObjectNode node) {
         ObjectNode result = objectMapper.createObjectNode();
-        node.fields().forEachRemaining(entry -> {
+        node.properties().forEach(entry -> {
             if (entry.getValue().isNull()) {
                 return;
             }

src/main/java/io/apitally/common/dto/RequestLogItem.java

@@ -0,0 +1,39 @@
+package io.apitally.common.dto;
+
+import java.util.UUID;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+public class RequestLogItem extends BaseDto {
+    private final String uuid;
+    private final Request request;
+    private final Response response;
+    private final ExceptionDto exception;
+
+    public RequestLogItem(Request request, Response response, ExceptionDto exception) {
+        this.uuid = UUID.randomUUID().toString();
+        this.request = request;
+        this.response = response;
+        this.exception = exception;
+    }
+
+    @JsonProperty("uuid")
+    public String getUuid() {
+        return uuid;
+    }
+
+    @JsonProperty("request")
+    public Request getRequest() {
+        return request;
+    }
+
+    @JsonProperty("response")
+    public Response getResponse() {
+        return response;
+    }
+
+    @JsonProperty("exception")
+    public ExceptionDto getException() {
+        return exception;
+    }
+}