RI-7200 add request metadata to session metadata and exclude it from … (#4771)

* RI-7200 add request metadata to session metadata and exclude it from logs

* RI-7187 fix tests + add logs data -> plain transformer

Author: ArtemHoruzhenko

redisinsight/api/src/common/decorators/client-metadata/client-metadata.decorator.ts

@@ -46,6 +46,8 @@ export const clientMetadataParamFactory = (
     db: options?.ignoreDbIndex
       ? undefined
       : req?.headers?.[API_HEADER_DATABASE_INDEX],
+  }, {
+    groups: ['security'],
   });
 
   const errors = validator.validateSync(clientMetadata, {

redisinsight/api/src/common/decorators/session/session-metadata.decorator.ts

@@ -24,16 +24,17 @@ export const sessionMetadataFromRequest = (
     'correlationId',
   ]);
   const correlationId = request.res?.locals?.session?.correlationId || uuidv4();
+  const requestMetadata = request.res?.locals?.session?.requestMetadata;
 
   const requestSession = {
     userId,
     data,
     sessionId,
     correlationId,
+    requestMetadata,
   };
 
-  // todo: do not forget to deal with session vs sessionMetadata property
-  const session = plainToInstance(SessionMetadata, requestSession);
+  const session = plainToInstance(SessionMetadata, requestSession, { groups: ['security'] });
 
   const errors = validator.validateSync(session, {
     whitelist: false, // we need this to allow additional fields if needed for flexibility

redisinsight/api/src/common/logger/app-logger.spec.ts

@@ -25,7 +25,10 @@ const getSessionMetadata = () =>
   plainToInstance(SessionMetadata, {
     userId: '123',
     sessionId: 'test-session-id',
-  });
+    requestMetadata: {
+      any: 'data',
+    },
+  }, { groups: ['security' ] });
 
 const getClientMetadata = () =>
   plainToInstance(ClientMetadata, {
@@ -34,7 +37,7 @@ const getClientMetadata = () =>
     context: ClientContext.Browser,
     uniqueId: 'unique-id',
     db: 1,
-  });
+  }, { groups: ['security' ] });
 
 describe('AppLogger', () => {
   let logger: AppLogger;
@@ -115,7 +118,10 @@ describe('AppLogger', () => {
           ...clientMetadata,
           sessionMetadata: undefined,
         },
-        sessionMetadata: clientMetadata.sessionMetadata,
+        sessionMetadata: {
+          ...clientMetadata.sessionMetadata,
+          requestMetadata: undefined,
+        },
         data: [{ foo: 'bar' }],
         error: undefined,
       });
@@ -137,7 +143,10 @@ describe('AppLogger', () => {
       expect(mockWinstonLogger[level]).toHaveBeenCalledWith({
         message: 'Test message',
         context: 'Test context',
-        sessionMetadata,
+        sessionMetadata: {
+          ...sessionMetadata,
+          requestMetadata: undefined,
+        },
         data: [{ foo: 'bar' }],
         error: undefined,
       });
@@ -168,7 +177,10 @@ describe('AppLogger', () => {
           ...clientMetadata,
           sessionMetadata: undefined,
         },
-        sessionMetadata: clientMetadata.sessionMetadata,
+        sessionMetadata: {
+          ...clientMetadata.sessionMetadata,
+          requestMetadata: undefined,
+        },
         data: [{ foo: 'bar' }],
         error,
       });

redisinsight/api/src/common/logger/app-logger.ts

@@ -2,6 +2,8 @@ import { LoggerService, Injectable } from '@nestjs/common';
 import { WinstonModule, WinstonModuleOptions } from 'nest-winston';
 import { cloneDeep, isString } from 'lodash';
 import { ClientMetadata, SessionMetadata } from 'src/common/models';
+import { instanceToPlain } from 'class-transformer';
+import { logDataToPlain } from 'src/utils/logsFormatter';
 
 type LogMeta = object;
 
@@ -106,8 +108,8 @@ export class AppLogger implements LoggerService {
       message,
       context,
       error,
-      ...userMetadata,
-      data: optionalParamsCopy?.length ? optionalParamsCopy : undefined,
+      ...instanceToPlain(userMetadata),
+      data: optionalParamsCopy?.length ? logDataToPlain(optionalParamsCopy) : undefined,
     };
   }
 

redisinsight/api/src/common/models/client-metadata.ts

@@ -1,4 +1,4 @@
-import { Session, SessionMetadata } from 'src/common/models/session';
+import { SessionMetadata } from 'src/common/models/session';
 import { Type } from 'class-transformer';
 import {
   IsEnum,
@@ -23,7 +23,7 @@ export enum ClientContext {
 
 export class ClientMetadata {
   @IsNotEmpty()
-  @Type(() => Session)
+  @Type(() => SessionMetadata)
   sessionMetadata: SessionMetadata;
 
   @IsNotEmpty()

redisinsight/api/src/common/models/session.ts

@@ -1,6 +1,7 @@
 import { IsNotEmpty, IsObject, IsOptional, IsString } from 'class-validator';
 import { BadRequestException } from '@nestjs/common';
 import ERROR_MESSAGES from 'src/constants/error-messages';
+import { Expose } from 'class-transformer';
 
 export interface ISessionMetadata {
   userId: string;
@@ -9,21 +10,31 @@ export interface ISessionMetadata {
 }
 
 export class SessionMetadata implements ISessionMetadata {
+  @Expose()
   @IsNotEmpty()
   @IsString()
   userId: string;
 
+  @Expose()
   @IsObject()
   data?: Record<string, any> = {};
 
+  @Expose({ groups: ['security'] })
+  @IsObject()
+  @IsOptional()
+  requestMetadata?: Record<string, any> = {};
+
+  @Expose()
   @IsNotEmpty()
   @IsString()
   sessionId: string;
 
+  @Expose()
   @IsOptional()
   @IsString()
   uniqueId?: string;
 
+  @Expose()
   @IsOptional()
   @IsString()
   correlationId?: string;

redisinsight/api/src/utils/logsFormatter.spec.ts

@@ -2,13 +2,30 @@ import { BadRequestException, NotFoundException } from '@nestjs/common';
 import { CloudOauthMisconfigurationException } from 'src/modules/cloud/auth/exceptions';
 import { AxiosError, AxiosHeaders } from 'axios';
 import { mockSessionMetadata } from 'src/__mocks__';
-import { getOriginalErrorCause, sanitizeError, sanitizeErrors } from './logsFormatter';
+import {
+  ClientContext,
+  ClientMetadata,
+  SessionMetadata,
+} from 'src/common/models';
+import {
+  getOriginalErrorCause,
+  logDataToPlain,
+  sanitizeError,
+  sanitizeErrors,
+} from './logsFormatter';
 
 const simpleError = new Error('Original error');
 simpleError['some'] = 'field';
-const errorWithCause = new NotFoundException('Not found', { cause: simpleError });
-const errorWithCauseDepth2 = new BadRequestException('Bad req', { cause: errorWithCause });
-const errorWithCauseDepth3 = new CloudOauthMisconfigurationException('Misconfigured', { cause: errorWithCauseDepth2 });
+const errorWithCause = new NotFoundException('Not found', {
+  cause: simpleError,
+});
+const errorWithCauseDepth2 = new BadRequestException('Bad req', {
+  cause: errorWithCause,
+});
+const errorWithCauseDepth3 = new CloudOauthMisconfigurationException(
+  'Misconfigured',
+  { cause: errorWithCauseDepth2 },
+);
 const axiosError = new AxiosError(
   'Request failed with status code 404',
   'NOT_FOUND',
@@ -32,6 +49,30 @@ const axiosError = new AxiosError(
   },
 );
 
+const mockExtendedClientMetadata = Object.assign(new ClientMetadata(), {
+  databaseId: 'sdb-id',
+  context: ClientContext.Browser,
+  sessionMetadata: Object.assign(new SessionMetadata(), {
+    ...mockSessionMetadata,
+    data: {
+      some: 'data',
+    },
+    requestMetadata: {
+      some: 'meta',
+    },
+  }),
+});
+
+const mockExtendedSessionMetadata = Object.assign(new SessionMetadata(), {
+  ...mockSessionMetadata,
+  data: {
+    some: 'data 2',
+  },
+  requestMetadata: {
+    some: 'meta 2',
+  },
+});
+
 const mockLogData: any = {
   sessionMetadata: mockSessionMetadata,
   error: errorWithCauseDepth3,
@@ -57,6 +98,34 @@ const mockLogData: any = {
 };
 mockLogData.data.push({ circular: mockLogData.data });
 
+const mockUnsafeLog: any = {
+  clientMetadata: mockExtendedClientMetadata,
+  error: errorWithCauseDepth3,
+  data: [
+    errorWithCauseDepth2,
+    {
+      any: [
+        'other',
+        {
+          possible: 'data',
+          with: [
+            'nested',
+            'structure',
+            errorWithCause,
+            {
+              error: simpleError,
+            },
+          ],
+        },
+        mockExtendedSessionMetadata,
+      ],
+    },
+  ],
+};
+mockUnsafeLog.data.push(mockExtendedSessionMetadata);
+mockUnsafeLog.data[1].any[1].circular = mockExtendedClientMetadata;
+mockUnsafeLog.data.push(mockUnsafeLog.data);
+
 describe('logsFormatter', () => {
   describe('getOriginalErrorCause', () => {
     it('should return last cause in the chain', () => {
@@ -89,7 +158,9 @@ describe('logsFormatter', () => {
     });
 
     it('should return sanitized object with a single original cause for nested errors', () => {
-      expect(sanitizeError(errorWithCauseDepth3, { omitSensitiveData: true })).toEqual({
+      expect(
+        sanitizeError(errorWithCauseDepth3, { omitSensitiveData: true }),
+      ).toEqual({
         type: 'CloudOauthMisconfigurationException',
         message: errorWithCauseDepth3.message,
         cause: {
@@ -174,4 +245,54 @@ describe('logsFormatter', () => {
       });
     });
   });
+
+  describe('logDataToPlain', () => {
+    it('should sanitize all errors and replace circular dependencies after safeTransform of the data', () => {
+      const result: any = logDataToPlain(mockUnsafeLog);
+
+      // should return error instances untouched
+      expect(result.error).toBeInstanceOf(CloudOauthMisconfigurationException);
+      expect(result.data[0]).toBeInstanceOf(BadRequestException);
+      expect(result.data[1].any[1].with[2]).toBeInstanceOf(NotFoundException);
+      expect(result.data[1].any[1].with[3].error).toBeInstanceOf(Error);
+
+      // should sanitize sessionMetadata instances and convert them to plain objects
+      expect(result).toEqual({
+        clientMetadata: {
+          ...mockExtendedClientMetadata,
+          sessionMetadata: {
+            ...mockExtendedClientMetadata.sessionMetadata,
+            requestMetadata: undefined,
+          },
+        },
+        error: errorWithCauseDepth3,
+        data: [
+          errorWithCauseDepth2,
+          {
+            any: [
+              'other',
+              {
+                circular: '[Circular]',
+                possible: 'data',
+                with: [
+                  'nested',
+                  'structure',
+                  errorWithCause,
+                  {
+                    error: simpleError,
+                  },
+                ],
+              },
+              {
+                ...mockExtendedSessionMetadata,
+                requestMetadata: undefined,
+              },
+            ],
+          },
+          '[Circular]',
+          '[Circular]',
+        ],
+      });
+    });
+  });
 });