Can't hide sensitive data

[jameskennedy]

The Slow Query output includes arguments passed into the GraphQL query.
Since our application requires the frontend to post passwords, we can't have sangria-slowlog logging metrics for that particular mutation.

There should be a way to ignore particular mutations/queries or disable the inclusion of arguments.

[yanns]

A possible solution:

class SafeMetricRenderer(override val unit: TimeUnit) extends DefaultMetricRenderer(unit) {
  override def renderLogMessage(durationNanos: Long, enrichedQuery: String) = {
    val enrichedQueryWithObfuscatedPasswords = enrichedQuery.replaceAll("([pP]assword\\s*:\\s*)\".*\"", "$1\"***\"")
    s"Slow GraphQL query [${renderDuration(durationNanos)}].\n\n$enrichedQueryWithObfuscatedPasswords"
  }
}

and use it like:

SlowLog(log.underlying, slowLogThreshold, addExtensions = profileExtension)(new SafeMetricRenderer(TimeUnit.MILLISECONDS))