danbooru logger: fix request parameter filtering.

2019-12-22 13:55:56 -06:00
parent f586db97bc
commit 2320fad139
2 changed files with 3 additions and 2 deletions
--- a/app/logical/danbooru_logger.rb
+++ b/app/logical/danbooru_logger.rb
@@ -22,7 +22,7 @@ class DanbooruLogger
  end

  def self.add_session_attributes(request, session, user)
-    request_params = request.parameters.with_indifferent_access.except(*Rails.application.config.filter_parameters, :controller, :action)
+    request_params = request.parameters.with_indifferent_access.except(:controller, :action)
    session_params = session.to_h.with_indifferent_access.slice(:session_id, :started_at)
    user_params = { id: user&.id, name: user&.name, level: user&.level_string, ip: request.remote_ip, safe_mode: CurrentUser.safe_mode? }

@@ -35,6 +35,7 @@ class DanbooruLogger
    return unless defined?(::NewRelic)

    attributes = flatten_hash(hash).transform_keys { |key| "#{prefix}.#{key}" }
+    attributes.delete_if { |key, value| key.end_with?(*Rails.application.config.filter_parameters.map(&:to_s)) }
    ::NewRelic::Agent.add_custom_attributes(attributes)
  end

--- a/config/application.rb
+++ b/config/application.rb
@@ -26,7 +26,7 @@ module Danbooru
    config.load_defaults 6.0
    config.active_record.schema_format = :sql
    config.encoding = "utf-8"
-    config.filter_parameters += [:password, :password_hash, :api_key]
+    config.filter_parameters += [:password, :password_confirmation, :password_hash, :api_key]
    #config.assets.enabled = true
    #config.assets.version = '1.0'
    config.autoload_paths += %W(#{config.root}/app/presenters #{config.root}/app/logical #{config.root}/app/mailers)