Merge pull request #67 from cantus-firmus/add_parameter_filtering

vishalanandl177 · web-flow · commit 1964a341b2a8 · 2023-01-18T23:04:39.000+05:30
Added logic to exclude parameters present in the APU URL string
diff --git a/drf_api_logger/middleware/api_logger_middleware.py b/drf_api_logger/middleware/api_logger_middleware.py
@@ -1,5 +1,6 @@
 import json
 import time
+import re
 from django.conf import settings
 from django.urls import resolve
 from django.utils import timezone
@@ -101,8 +102,11 @@ def __call__(self, request):
             if len(self.DRF_API_LOGGER_METHODS) > 0 and method not in self.DRF_API_LOGGER_METHODS:
                 return response
 
-            if response.get('content-type') in ('application/json', 'application/vnd.api+json',):
-                if getattr(response, 'streaming', False):
+            if response.get('content-type') in ('application/json', 'application/vnd.api+json', 'application/gzip'):
+                
+                if response.get('content-type') == 'application/gzip':
+                    response_body = '** GZIP Archive **'
+                elif getattr(response, 'streaming', False):
                     response_body = '** Streaming **'
                 else:
                     if type(response.content) == bytes:
@@ -119,7 +123,7 @@ def __call__(self, request):
                     api = request.build_absolute_uri()
 
                 data = dict(
-                    api=api,
+                    api=mask_sensitive_data(api, mask_api_parameters=True),
                     headers=mask_sensitive_data(headers),
                     body=mask_sensitive_data(request_data),
                     method=method,
diff --git a/drf_api_logger/utils.py b/drf_api_logger/utils.py
@@ -47,13 +47,20 @@ def database_log_enabled():
     return drf_api_logger_database
 
 
-def mask_sensitive_data(data):
+def mask_sensitive_data(data, mask_api_parameters=False):
     """
     Hides sensitive keys specified in sensitive_keys settings.
     Loops recursively over nested dictionaries.
+
+    When the mask_api_parameters parameter is set, the function will 
+    instead iterate over sensitive_keys and remove them from an api 
+    URL string.
     """
 
     if type(data) != dict:
+        if mask_api_parameters and type(data) == str:
+            for sensitive_key in SENSITIVE_KEYS:
+                data = re.sub('({}=)(.*?)($|&)'.format(sensitive_key), '\g<1>***FILTERED***\g<3>'.format(sensitive_key.upper()), data)
         return data
 
     for key, value in data.items():
