Add safe logging utility for credential protection

- Created lib/safe-logging.ts with utilities for safe logging - logConfigSafely() automatically redacts credentials field - logSafely() redacts common sensitive fields (password, email, token, etc) - Updated enhanced-screenshot service to use safe logging utility - Provides reusable pattern for secure logging throughout codebase
2025-07-17 14:48:19 +02:00
parent 743bb6bc73
commit 28836c3e5b
2 changed files with 57 additions and 7 deletions
--- a/lib/enhanced-screenshot.ts
+++ b/lib/enhanced-screenshot.ts
@@ -4,6 +4,7 @@ import path from 'path'
 import puppeteer from 'puppeteer'
 import { Browser, Page } from 'puppeteer'
 import { progressTracker, ProgressStep } from './progress-tracker'
+import { logConfigSafely } from './safe-logging'

 export interface ScreenshotConfig {
  symbol: string
@@ -28,13 +29,7 @@ export class EnhancedScreenshotService {

  async captureWithLogin(config: ScreenshotConfig): Promise<string[]> {
    console.log('🚀 Enhanced Screenshot Service - Docker Environment (Dual Session)')
-    console.log('📋 Config:', {
-      symbol: config.symbol,
-      timeframe: config.timeframe,
-      layouts: config.layouts,
-      sessionId: config.sessionId,
-      credentials: '[REDACTED]'
-    })
+    logConfigSafely(config)
    
    const screenshotFiles: string[] = []
    const { sessionId } = config
--- a/lib/safe-logging.ts
+++ b/lib/safe-logging.ts
@@ -0,0 +1,55 @@
+/**
+ * Safe logging utilities to prevent credential exposure
+ */
+
+export interface ConfigWithCredentials {
+  credentials?: {
+    email?: string
+    password?: string
+  }
+  [key: string]: any
+}
+
+/**
+ * Safely log a config object, redacting sensitive credentials
+ */
+export function logConfigSafely(config: ConfigWithCredentials, label = 'Config'): void {
+  const safeConfig = {
+    ...config,
+    credentials: config.credentials ? '[REDACTED]' : undefined
+  }
+  
+  console.log(`📋 ${label}:`, safeConfig)
+}
+
+/**
+ * Safely log any object, redacting common sensitive fields
+ */
+export function logSafely(obj: any, label = 'Data'): void {
+  const sensitiveFields = ['password', 'email', 'credentials', 'token', 'key', 'secret']
+  
+  const safeObj = JSON.parse(JSON.stringify(obj, (key, value) => {
+    if (sensitiveFields.some(field => key.toLowerCase().includes(field))) {
+      return '[REDACTED]'
+    }
+    return value
+  }))
+  
+  console.log(`📋 ${label}:`, safeObj)
+}
+
+/**
+ * Create a safe string representation for logging
+ */
+export function createSafeLogString(obj: any): string {
+  const sensitiveFields = ['password', 'email', 'credentials', 'token', 'key', 'secret']
+  
+  const safeObj = JSON.parse(JSON.stringify(obj, (key, value) => {
+    if (sensitiveFields.some(field => key.toLowerCase().includes(field))) {
+      return '[REDACTED]'
+    }
+    return value
+  }))
+  
+  return JSON.stringify(safeObj, null, 2)
+}