Added a regex that will remove any excluded keys from the API string if they are included as GET parameters

Author: Cal Stroud

drf_api_logger/middleware/api_logger_middleware.py

@@ -1,5 +1,6 @@
 import json
 import time
+import re
 from django.conf import settings
 from django.urls import resolve
 from django.utils import timezone
@@ -122,7 +123,7 @@ def __call__(self, request):
                     api = request.build_absolute_uri()
 
                 data = dict(
-                    api=api,
+                    api=mask_sensitive_data(api, mask_api_parameters=True),
                     headers=mask_sensitive_data(headers),
                     body=mask_sensitive_data(request_data),
                     method=method,

drf_api_logger/utils.py

@@ -47,13 +47,20 @@ def database_log_enabled():
     return drf_api_logger_database
 
 
-def mask_sensitive_data(data):
+def mask_sensitive_data(data, mask_api_parameters=False):
     """
     Hides sensitive keys specified in sensitive_keys settings.
     Loops recursively over nested dictionaries.
+
+    When the mask_api_parameters parameter is set, the function will 
+    instead iterate over sensitive_keys and remove them from an api 
+    URL string.
     """
 
     if type(data) != dict:
+        if mask_api_parameters and type(data) == str:
+            for sensitive_key in SENSITIVE_KEYS:
+                data = re.sub('({}=)(.*?)($|&)'.format(sensitive_key), '\g<1>***FILTERED***\g<3>'.format(sensitive_key.upper()), data)
         return data
 
     for key, value in data.items():