@nest-omni/core 4.1.3-26 → 4.1.3-27

package/http-client/config/http-client.config.js

@@ -62,7 +62,7 @@ exports.DEFAULT_HTTP_CLIENT_CONFIG = {
         logHeaders: false, // 默认不记录头信息（安全考虑）
         logBody: true,
         maxBodyLength: 1000,
-        sanitizeHeaders: ['authorization', 'apikey', 'password', 'token', 'cookie'],
+        sanitize: ['password', 'secret', 'token', 'apiKey', 'authorization', 'cookie'],
         logLevel: 'info',
         databaseLogging: {
             enabled: false, // 默认不启用数据库日志

package/http-client/decorators/http-client.decorators.d.ts

@@ -40,7 +40,7 @@ export declare const HttpCircuitBreaker: (options?: {
 export declare const HttpLogRequest: (options?: {
     logHeaders?: boolean;
     logBody?: boolean;
-    sanitizeHeaders?: string[];
+    sanitize?: string[];
     databaseLog?: boolean;
     logLevel?: "debug" | "info" | "warn" | "error";
     serviceClass?: string;

package/http-client/decorators/http-client.decorators.js

@@ -125,7 +125,7 @@ const HttpLogRequest = (options = {}) => {
         const loggingOptions = {
             logHeaders: (_a = options.logHeaders) !== null && _a !== void 0 ? _a : true,
             logBody: (_b = options.logBody) !== null && _b !== void 0 ? _b : true,
-            sanitizeHeaders: options.sanitizeHeaders || [
+            sanitize: options.sanitize || [
                 'authorization',
                 'apikey',
                 'password',

package/http-client/examples/advanced-usage.example.js

@@ -158,7 +158,7 @@ __decorate([
         logHeaders: true,
         logBody: true,
         databaseLog: true,
-        sanitizeHeaders: ['authorization', 'x-api-key'],
+        sanitize: ['authorization', 'x-api-key'],
     }),
     __metadata("design:type", Function),
     __metadata("design:paramtypes", [Object, String]),
@@ -185,7 +185,7 @@ exports.GitHubHttpService = GitHubHttpService = __decorate([
             logHeaders: true,
             logBody: true,
             maxBodyLength: 1000,
-            sanitizeHeaders: ['authorization'],
+            sanitize: ['authorization'],
             logLevel: 'info',
         },
     }),
@@ -315,7 +315,7 @@ exports.PaymentHttpService = PaymentHttpService = __decorate([
             logHeaders: false, // 不记录敏感头信息
             logBody: false, // 不记录支付数据
             maxBodyLength: 1000,
-            sanitizeHeaders: ['authorization', 'x-api-key', 'x-client-secret'],
+            sanitize: ['authorization', 'x-api-key', 'x-client-secret'],
             logLevel: 'info',
         },
     }),

package/http-client/http-client.module.js

@@ -295,8 +295,8 @@ let HttpClientModule = HttpClientModule_1 = class HttpClientModule {
                 maxBodyLength: configService.get('HTTP_CLIENT_LOG_MAX_BODY_LENGTH')
                     ? parseInt(configService.get('HTTP_CLIENT_LOG_MAX_BODY_LENGTH'))
                     : undefined,
-                sanitizeHeaders: (_a = configService
-                    .get('HTTP_CLIENT_LOG_SANITIZE_HEADERS')) === null || _a === void 0 ? void 0 : _a.split(','),
+                sanitize: (_a = configService
+                    .get('HTTP_CLIENT_LOG_SANITIZE')) === null || _a === void 0 ? void 0 : _a.split(','),
                 logLevel: configService.get('HTTP_CLIENT_LOG_LEVEL'),
                 databaseLogging: {
                     enabled: configService.get('HTTP_CLIENT_DB_LOGGING_ENABLED') ===

package/http-client/interfaces/http-client-config.interface.d.ts

@@ -166,7 +166,12 @@ export interface LoggingConfig {
     logHeaders?: boolean;
     logBody?: boolean;
     maxBodyLength?: number;
-    sanitizeHeaders?: string[];
+    /**
+     * 脱敏配置
+     * 敏感字段列表，统一适用于 headers、body、query string
+     * 例如：['password', 'token', 'secret', 'apiKey']
+     */
+    sanitize?: string[];
     logLevel?: 'debug' | 'info' | 'warn' | 'error';
     databaseLogging?: {
         enabled?: boolean;

package/http-client/services/api-client-registry.service.js

@@ -47,7 +47,7 @@ let ApiClientRegistryService = ApiClientRegistryService_1 = class ApiClientRegis
                     logHeaders: true,
                     logBody: true,
                     maxBodyLength: 10000,
-                    sanitizeHeaders: ['authorization', 'api-key'],
+                    sanitize: ['authorization', 'api-key'],
                     logLevel: 'info',
                 },
                 timeout: 30000,

package/http-client/services/http-client.service.js

@@ -716,7 +716,7 @@ let HttpClientService = HttpClientService_1 = class HttpClientService {
                 logHeaders: true,
                 logBody: true,
                 maxBodyLength: 1000,
-                sanitizeHeaders: ['authorization', 'apikey', 'password', 'token'],
+                sanitize: ['password', 'secret', 'token', 'apiKey', 'authorization', 'cookie'],
                 logLevel: 'info',
                 databaseLogging: {
                     enabled: true,

package/http-client/services/logging.service.d.ts

@@ -33,7 +33,7 @@ export declare class HttpLoggingService implements OnModuleDestroy {
     private isProcessing;
     constructor();
     onModuleDestroy(): void;
-    initRepository(dataSource: string, tableName: string): Repository<HttpLogEntity>;
+    initRepository(dataSource: string, tableName: string): Repository<HttpLogEntity> | null;
     /**
      * 记录请求开始
      */
@@ -119,22 +119,6 @@ export declare class HttpLoggingService implements OnModuleDestroy {
      * 同步保存日志到数据库（用于异步模式内部）
      */
     private saveLogToDatabase;
-    /**
-     * 转换请求体为字符串
-     */
-    private sanitizeBodyAsString;
-    /**
-     * 清理敏感头信息
-     */
-    private sanitizeHeaders;
-    /**
-     * 清理敏感请求体信息
-     */
-    private sanitizeBody;
-    /**
-     * 递归清理对象中的敏感字段
-     */
-    private sanitizeObject;
     /**
      * 获取完整URL
      * @param config Axios请求配置

package/http-client/services/logging.service.js

@@ -25,6 +25,7 @@ const http_log_entity_1 = require("../entities/http-log.entity");
 const request_id_util_1 = require("../utils/request-id.util");
 const context_extractor_util_1 = require("../utils/context-extractor.util");
 const call_stack_extractor_util_1 = require("../utils/call-stack-extractor.util");
+const sanitize_util_1 = require("../utils/sanitize.util");
 const transaction_1 = require("@nest-omni/transaction");
 /**
  * HTTP日志服务
@@ -67,8 +68,9 @@ let HttpLoggingService = HttpLoggingService_1 = class HttpLoggingService {
             return this.logRepository;
         }
         catch (error) {
-            this.logger.error('Failed to initialize database logging', error);
-            throw error;
+            this.logger.warn('Database logging not available, continuing without it');
+            this.logRepository = null;
+            return null;
         }
     }
     /**
@@ -78,16 +80,16 @@ let HttpLoggingService = HttpLoggingService_1 = class HttpLoggingService {
         // 从ContextProvider获取上下文信息
         const context = context_extractor_util_1.ContextExtractor.getHttpContext();
         const actualRequestId = requestId || context.requestId || (0, request_id_util_1.generateRequestId)();
-        const { logHeaders = true, logBody = true, sanitizeHeaders = [], } = loggingOptions || {};
+        const { logHeaders = true, logBody = true, sanitize = [], } = loggingOptions || {};
         const logData = {
             requestId: actualRequestId,
             userId: context.userId,
-            method: config.method ? config.method.toUpperCase() : 'GET',
-            url: config.url,
-            headers: logHeaders
-                ? this.sanitizeHeaders(config.headers, sanitizeHeaders)
+            method: (config === null || config === void 0 ? void 0 : config.method) ? config.method.toUpperCase() : 'GET',
+            url: config ? sanitize_util_1.SanitizeUtil.sanitizeQueryString(config.url, sanitize) : '',
+            headers: logHeaders && config
+                ? sanitize_util_1.SanitizeUtil.sanitizeHeaders(config.headers, sanitize)
                 : undefined,
-            body: logBody ? this.sanitizeBody(config.data) : undefined,
+            body: logBody && config ? sanitize_util_1.SanitizeUtil.sanitizeBody(config.data, sanitize) : undefined,
             clientIp: context.clientIp,
             serviceName: context.appId,
         };
@@ -108,8 +110,8 @@ let HttpLoggingService = HttpLoggingService_1 = class HttpLoggingService {
      */
     logRequestSuccess(response_1, startTime_1, requestId_1, loggingOptions_1) {
         return __awaiter(this, arguments, void 0, function* (response, startTime, requestId, loggingOptions, databaseLogging = false, retryRecords, circuitBreakerState, decoratorContext, clientName, callingContext) {
-            var _a, _b, _c, _d;
-            const { logHeaders = true, logBody = true, sanitizeHeaders = [], } = loggingOptions || {};
+            var _a, _b, _c, _d, _e, _f;
+            const { logHeaders = true, logBody = true, sanitize = [], } = loggingOptions || {};
             const responseTime = Date.now() - startTime;
             // 获取当前上下文信息
             const context = context_extractor_util_1.ContextExtractor.getHttpContext();
@@ -119,9 +121,9 @@ let HttpLoggingService = HttpLoggingService_1 = class HttpLoggingService {
                 statusCode: response.status,
                 responseTime,
                 headers: logHeaders
-                    ? this.sanitizeHeaders(response.headers, sanitizeHeaders)
+                    ? sanitize_util_1.SanitizeUtil.sanitizeHeaders(response.headers, sanitize)
                     : undefined,
-                body: logBody ? this.sanitizeBody(response.data) : undefined,
+                body: logBody ? sanitize_util_1.SanitizeUtil.sanitizeBody(response.data, sanitize) : undefined,
                 responseSize: JSON.stringify(response.data).length,
                 circuitBreakerState,
             };
@@ -140,7 +142,7 @@ let HttpLoggingService = HttpLoggingService_1 = class HttpLoggingService {
                     dataSource: (_a = loggingOptions.databaseLogging) === null || _a === void 0 ? void 0 : _a.dataSource,
                     tableName: (_b = loggingOptions.databaseLogging) === null || _b === void 0 ? void 0 : _b.tableName,
                 });
-                this.initRepository(loggingOptions.databaseLogging.dataSource, loggingOptions.databaseLogging.tableName);
+                this.initRepository(((_c = loggingOptions.databaseLogging) === null || _c === void 0 ? void 0 : _c.dataSource) || 'default', ((_d = loggingOptions.databaseLogging) === null || _d === void 0 ? void 0 : _d.tableName) || 'http_log');
             }
             // 数据库日志记录
             if (databaseLogging && this.logRepository) {
@@ -157,25 +159,25 @@ let HttpLoggingService = HttpLoggingService_1 = class HttpLoggingService {
                 this.saveToDatabase({
                     requestId,
                     userId: context.userId,
-                    method: ((_c = response.config.method) === null || _c === void 0 ? void 0 : _c.toUpperCase()) || 'UNKNOWN',
-                    url: this.getFullUrl(response.config) || '',
-                    headers: this.sanitizeHeaders(response.config.headers, sanitizeHeaders),
-                    body: this.sanitizeBodyAsString(response.config.data),
-                    params: response.config.params,
+                    method: ((_e = response.config.method) === null || _e === void 0 ? void 0 : _e.toUpperCase()) || 'UNKNOWN',
+                    url: sanitize_util_1.SanitizeUtil.sanitizeQueryString(this.getFullUrl(response.config), sanitize),
+                    headers: sanitize_util_1.SanitizeUtil.sanitizeHeaders(response.config.headers, sanitize),
+                    body: sanitize_util_1.SanitizeUtil.sanitizeBodyAsString(response.config.data, sanitize),
+                    params: sanitize_util_1.SanitizeUtil.sanitizeParams(response.config.params, sanitize),
                     statusCode: response.status,
                     responseTime,
                     attemptCount: (retryRecords === null || retryRecords === void 0 ? void 0 : retryRecords.length)
                         ? Math.max(...retryRecords.map((r) => r.attempt)) + 1
                         : 1,
                     success: true,
-                    responseHeaders: this.sanitizeHeaders(response.headers, sanitizeHeaders),
+                    responseHeaders: sanitize_util_1.SanitizeUtil.sanitizeHeaders(response.headers, sanitize),
                     responseBody: logBody
-                        ? this.sanitizeBodyAsString(response.data)
+                        ? sanitize_util_1.SanitizeUtil.sanitizeBodyAsString(response.data, sanitize)
                         : undefined,
                     serviceName: clientName || context.appId,
                     operationName: callInfo.operationName,
                     clientIp: context.clientIp,
-                    source: (_d = context.metadata) === null || _d === void 0 ? void 0 : _d.source,
+                    source: (_f = context.metadata) === null || _f === void 0 ? void 0 : _f.source,
                     tags: context.tags,
                     metadata: logData,
                     retryRecords,
@@ -188,8 +190,8 @@ let HttpLoggingService = HttpLoggingService_1 = class HttpLoggingService {
      * 记录请求错误
      */
     logRequestError(error, startTime, requestId, attemptCount, loggingOptions, databaseLogging = false, retryRecords, circuitBreakerState, decoratorContext, clientName, callingContext) {
-        var _a, _b, _c, _d, _e, _f, _g, _h, _j;
-        const { logHeaders = true, sanitizeHeaders = [] } = loggingOptions;
+        var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l;
+        const { logHeaders = true, sanitize = [] } = loggingOptions;
         const responseTime = Date.now() - startTime;
         // 获取当前上下文信息
         const context = context_extractor_util_1.ContextExtractor.getHttpContext();
@@ -203,7 +205,7 @@ let HttpLoggingService = HttpLoggingService_1 = class HttpLoggingService {
             errorCode: error.code,
             statusCode: (_a = error.response) === null || _a === void 0 ? void 0 : _a.status,
             headers: ((_b = error.config) === null || _b === void 0 ? void 0 : _b.headers) && logHeaders
-                ? this.sanitizeHeaders(error.config.headers, sanitizeHeaders)
+                ? sanitize_util_1.SanitizeUtil.sanitizeHeaders(error.config.headers, sanitize)
                 : undefined,
             circuitBreakerState,
         };
@@ -223,7 +225,7 @@ let HttpLoggingService = HttpLoggingService_1 = class HttpLoggingService {
                 break;
         }
         if (!this.logRepository) {
-            this.initRepository(loggingOptions.databaseLogging.dataSource, loggingOptions.databaseLogging.tableName);
+            this.initRepository(((_c = loggingOptions.databaseLogging) === null || _c === void 0 ? void 0 : _c.dataSource) || 'default', ((_d = loggingOptions.databaseLogging) === null || _d === void 0 ? void 0 : _d.tableName) || 'http_log');
         }
         // 数据库日志记录
         if (databaseLogging && this.logRepository) {
@@ -234,14 +236,14 @@ let HttpLoggingService = HttpLoggingService_1 = class HttpLoggingService {
             this.saveToDatabase({
                 requestId,
                 userId: context.userId,
-                method: ((_d = (_c = error.config) === null || _c === void 0 ? void 0 : _c.method) === null || _d === void 0 ? void 0 : _d.toUpperCase()) || 'UNKNOWN',
-                url: this.getFullUrl(error.config) || '',
-                headers: ((_e = error.config) === null || _e === void 0 ? void 0 : _e.headers)
-                    ? this.sanitizeHeaders(error.config.headers, sanitizeHeaders)
+                method: ((_f = (_e = error.config) === null || _e === void 0 ? void 0 : _e.method) === null || _f === void 0 ? void 0 : _f.toUpperCase()) || 'UNKNOWN',
+                url: sanitize_util_1.SanitizeUtil.sanitizeQueryString(this.getFullUrl(error.config), sanitize),
+                headers: ((_g = error.config) === null || _g === void 0 ? void 0 : _g.headers)
+                    ? sanitize_util_1.SanitizeUtil.sanitizeHeaders(error.config.headers, sanitize)
                     : {},
-                body: this.sanitizeBodyAsString((_f = error.config) === null || _f === void 0 ? void 0 : _f.data),
-                params: (_g = error.config) === null || _g === void 0 ? void 0 : _g.params,
-                statusCode: (_h = error.response) === null || _h === void 0 ? void 0 : _h.status,
+                body: sanitize_util_1.SanitizeUtil.sanitizeBodyAsString((_h = error.config) === null || _h === void 0 ? void 0 : _h.data, sanitize),
+                params: sanitize_util_1.SanitizeUtil.sanitizeParams((_j = error.config) === null || _j === void 0 ? void 0 : _j.params, sanitize),
+                statusCode: (_k = error.response) === null || _k === void 0 ? void 0 : _k.status,
                 responseTime,
                 attemptCount,
                 success: false,
@@ -251,7 +253,7 @@ let HttpLoggingService = HttpLoggingService_1 = class HttpLoggingService {
                 serviceName: clientName || context.appId,
                 operationName: callInfo.operationName,
                 clientIp: context.clientIp,
-                source: (_j = context.metadata) === null || _j === void 0 ? void 0 : _j.source,
+                source: (_l = context.metadata) === null || _l === void 0 ? void 0 : _l.source,
                 tags: context.tags,
                 metadata: logData,
                 retryRecords,
@@ -581,97 +583,6 @@ let HttpLoggingService = HttpLoggingService_1 = class HttpLoggingService {
             }
         });
     }
-    /**
-     * 转换请求体为字符串
-     */
-    sanitizeBodyAsString(data) {
-        if (!data)
-            return undefined;
-        if (typeof data === 'string') {
-            return data.length > 5000 ? data.substring(0, 5000) + '...' : data;
-        }
-        const jsonString = JSON.stringify(data);
-        return jsonString.length > 5000
-            ? jsonString.substring(0, 5000) + '...'
-            : jsonString;
-    }
-    /**
-     * 清理敏感头信息
-     */
-    sanitizeHeaders(headers, sanitizeHeaders) {
-        if (!headers)
-            return {};
-        const sanitized = {};
-        const defaultSensitiveHeaders = [
-            'authorization',
-            'apikey',
-            'password',
-            'token',
-            'secret',
-            'cookie',
-            'set-cookie',
-            'x-api-key',
-            'x-auth-token',
-        ];
-        const headersToSanitize = [...defaultSensitiveHeaders, ...sanitizeHeaders];
-        Object.keys(headers).forEach((key) => {
-            if (headersToSanitize.some((sensitive) => key.toLowerCase().includes(sensitive.toLowerCase()))) {
-                sanitized[key] = '[FILTERED]';
-            }
-            else {
-                sanitized[key] = String(headers[key]);
-            }
-        });
-        return sanitized;
-    }
-    /**
-     * 清理敏感请求体信息
-     */
-    sanitizeBody(body) {
-        if (!body)
-            return undefined;
-        if (typeof body === 'string') {
-            try {
-                body = JSON.parse(body);
-            }
-            catch (_a) {
-                return body.length > 1000 ? body.substring(0, 1000) + '...' : body;
-            }
-        }
-        if (typeof body === 'object') {
-            const sanitized = Object.assign({}, body);
-            const sensitiveFields = [
-                'password',
-                'secret',
-                'token',
-                'key',
-                'authorization',
-                'credential',
-                'private',
-                'confidential',
-                'ssn',
-                'creditCard',
-            ];
-            this.sanitizeObject(sanitized, sensitiveFields);
-            return sanitized;
-        }
-        return body;
-    }
-    /**
-     * 递归清理对象中的敏感字段
-     */
-    sanitizeObject(obj, sensitiveFields) {
-        if (typeof obj !== 'object' || obj === null)
-            return;
-        for (const key in obj) {
-            if (sensitiveFields.some((field) => key.toLowerCase().includes(field.toLowerCase()))) {
-                obj[key] = '[FILTERED]';
-            }
-            else if (typeof obj[key] === 'object') {
-                this.sanitizeObject(obj[key], sensitiveFields);
-            }
-        }
-    }
     /**
      * 获取完整URL
      * @param config Axios请求配置

package/http-client/utils/curl-generator.util.js

@@ -137,13 +137,10 @@ class CurlGenerator {
                 config.url = urlMatch[1];
             }
             // 提取头信息
-            const headerMatches = curlCommand.match(/-H\s+'([^:]+):\s*([^']+)'/g) || [];
+            const headerMatches = Array.from(curlCommand.matchAll(/-H\s+'([^:]+):\s*([^']+)'/g));
             config.headers = {};
             headerMatches.forEach((header) => {
-                const headerMatch = header.match(/-H\s+'([^:]+):\s*([^']+)'/);
-                if (headerMatch) {
-                    config.headers[headerMatch[1]] = headerMatch[2];
-                }
+                config.headers[header[1]] = header[2];
             });
             // 提取数据
             const dataMatch = curlCommand.match(/-d\s+'([^']+)'/);

package/http-client/utils/index.d.ts

@@ -3,3 +3,4 @@ export * from './retry-recorder.util';
 export * from './context-extractor.util';
 export * from './call-stack-extractor.util';
 export * from './proxy-environment.util';
+export * from './sanitize.util';

package/http-client/utils/index.js

@@ -19,3 +19,4 @@ __exportStar(require("./retry-recorder.util"), exports);
 __exportStar(require("./context-extractor.util"), exports);
 __exportStar(require("./call-stack-extractor.util"), exports);
 __exportStar(require("./proxy-environment.util"), exports);
+__exportStar(require("./sanitize.util"), exports);

package/http-client/utils/retry-recorder.util.d.ts

@@ -21,10 +21,6 @@ export declare class RetryRecorder {
      * 获取重试原因
      */
     private static getRetryReason;
-    /**
-     * 过滤敏感头信息
-     */
-    private static sanitizeHeaders;
     /**
      * 添加重试记录
      */

package/http-client/utils/retry-recorder.util.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.RetryRecorder = void 0;
+const sanitize_util_1 = require("./sanitize.util");
 /**
  * 请求重试记录器
  */
@@ -22,7 +23,7 @@ class RetryRecorder {
             requestConfig: {
                 method: ((_a = config.method) === null || _a === void 0 ? void 0 : _a.toUpperCase()) || 'UNKNOWN',
                 url: config.url || '',
-                headers: this.sanitizeHeaders(config.headers || {}),
+                headers: sanitize_util_1.SanitizeUtil.sanitizeHeaders(config.headers || {}),
             },
         };
     }
@@ -83,32 +84,6 @@ class RetryRecorder {
         }
         return `HTTP error: ${status}`;
     }
-    /**
-     * 过滤敏感头信息
-     */
-    static sanitizeHeaders(headers) {
-        const sanitized = {};
-        const sensitiveKeys = [
-            'authorization',
-            'apikey',
-            'password',
-            'secret',
-            'token',
-            'x-api-key',
-            'x-auth-token',
-            'cookie',
-            'set-cookie',
-        ];
-        Object.entries(headers).forEach(([key, value]) => {
-            if (sensitiveKeys.some((sensitive) => key.toLowerCase().includes(sensitive))) {
-                sanitized[key] = '[FILTERED]';
-            }
-            else {
-                sanitized[key] = value;
-            }
-        });
-        return sanitized;
-    }
     /**
      * 添加重试记录
      */

package/http-client/utils/sanitize.util.d.ts

@@ -0,0 +1,58 @@
+/**
+ * HTTP 请求数据脱敏工具
+ * 统一处理 headers、body、query string 的敏感信息过滤
+ */
+export declare class SanitizeUtil {
+    /**
+     * 默认敏感字段列表
+     */
+    private static readonly DEFAULT_SENSITIVE_FIELDS;
+    /**
+     * 脱敏 headers
+     * @param headers - 原始 headers 对象
+     * @param sensitiveFields - 自定义敏感字段列表
+     * @returns 脱敏后的 headers
+     */
+    static sanitizeHeaders(headers: any, sensitiveFields?: string[]): Record<string, string>;
+    /**
+     * 脱敏 body
+     * @param body - 原始 body 数据
+     * @param sensitiveFields - 自定义敏感字段列表
+     * @returns 脱敏后的 body
+     */
+    static sanitizeBody(body: any, sensitiveFields?: string[]): any;
+    /**
+     * 脱敏 URL 中的 query string
+     * @param url - 原始 URL
+     * @param sensitiveFields - 自定义敏感字段列表
+     * @returns 脱敏后的 URL
+     */
+    static sanitizeQueryString(url: string, sensitiveFields?: string[]): string;
+    /**
+     * 脱敏 params 对象
+     * @param params - 原始 params 对象
+     * @param sensitiveFields - 自定义敏感字段列表
+     * @returns 脱敏后的 params
+     */
+    static sanitizeParams(params: Record<string, any>, sensitiveFields?: string[]): Record<string, any>;
+    /**
+     * 将 body 转换为字符串并脱敏
+     * @param data - 原始数据
+     * @param sensitiveFields - 自定义敏感字段列表
+     * @returns 脱敏后的字符串
+     */
+    static sanitizeBodyAsString(data: any, sensitiveFields?: string[]): string | undefined;
+    /**
+     * 判断字段是否为敏感字段
+     * @param key - 字段名
+     * @param sensitiveFields - 敏感字段列表
+     * @returns 是否为敏感字段
+     */
+    private static isSensitiveField;
+    /**
+     * 递归脱敏对象中的敏感字段
+     * @param obj - 目标对象
+     * @param sensitiveFields - 敏感字段列表
+     */
+    private static sanitizeObject;
+}

package/http-client/utils/sanitize.util.js

@@ -0,0 +1,188 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SanitizeUtil = void 0;
+/**
+ * HTTP 请求数据脱敏工具
+ * 统一处理 headers、body、query string 的敏感信息过滤
+ */
+class SanitizeUtil {
+    /**
+     * 脱敏 headers
+     * @param headers - 原始 headers 对象
+     * @param sensitiveFields - 自定义敏感字段列表
+     * @returns 脱敏后的 headers
+     */
+    static sanitizeHeaders(headers, sensitiveFields = []) {
+        if (!headers)
+            return {};
+        const sanitized = {};
+        const fieldsToSanitize = [
+            ...this.DEFAULT_SENSITIVE_FIELDS,
+            ...sensitiveFields,
+        ];
+        Object.keys(headers).forEach((key) => {
+            if (this.isSensitiveField(key, fieldsToSanitize)) {
+                sanitized[key] = '[FILTERED]';
+            }
+            else {
+                sanitized[key] = String(headers[key]);
+            }
+        });
+        return sanitized;
+    }
+    /**
+     * 脱敏 body
+     * @param body - 原始 body 数据
+     * @param sensitiveFields - 自定义敏感字段列表
+     * @returns 脱敏后的 body
+     */
+    static sanitizeBody(body, sensitiveFields = []) {
+        if (!body)
+            return undefined;
+        if (typeof body === 'string') {
+            try {
+                body = JSON.parse(body);
+            }
+            catch (_a) {
+                // 非 JSON 字符串，不做处理
+                return body.length > 1000 ? body.substring(0, 1000) + '...' : body;
+            }
+        }
+        if (typeof body === 'object') {
+            const sanitized = Object.assign({}, body);
+            const fieldsToSanitize = [
+                ...this.DEFAULT_SENSITIVE_FIELDS,
+                ...sensitiveFields,
+            ];
+            this.sanitizeObject(sanitized, fieldsToSanitize);
+            return sanitized;
+        }
+        return body;
+    }
+    /**
+     * 脱敏 URL 中的 query string
+     * @param url - 原始 URL
+     * @param sensitiveFields - 自定义敏感字段列表
+     * @returns 脱敏后的 URL
+     */
+    static sanitizeQueryString(url, sensitiveFields = []) {
+        if (!url)
+            return url;
+        const queryIndex = url.indexOf('?');
+        if (queryIndex === -1) {
+            return url; // 没有 query string
+        }
+        const baseUrl = url.substring(0, queryIndex);
+        const queryString = url.substring(queryIndex + 1);
+        const params = new URLSearchParams(queryString);
+        const fieldsToSanitize = [
+            ...this.DEFAULT_SENSITIVE_FIELDS,
+            ...sensitiveFields,
+        ];
+        params.forEach((value, key) => {
+            if (this.isSensitiveField(key, fieldsToSanitize)) {
+                params.set(key, '[FILTERED]');
+            }
+        });
+        const sanitizedQuery = params.toString();
+        return sanitizedQuery ? `${baseUrl}?${sanitizedQuery}` : baseUrl;
+    }
+    /**
+     * 脱敏 params 对象
+     * @param params - 原始 params 对象
+     * @param sensitiveFields - 自定义敏感字段列表
+     * @returns 脱敏后的 params
+     */
+    static sanitizeParams(params, sensitiveFields = []) {
+        if (!params)
+            return {};
+        const sanitized = {};
+        const fieldsToSanitize = [
+            ...this.DEFAULT_SENSITIVE_FIELDS,
+            ...sensitiveFields,
+        ];
+        Object.keys(params).forEach((key) => {
+            if (this.isSensitiveField(key, fieldsToSanitize)) {
+                sanitized[key] = '[FILTERED]';
+            }
+            else {
+                sanitized[key] = params[key];
+            }
+        });
+        return sanitized;
+    }
+    /**
+     * 将 body 转换为字符串并脱敏
+     * @param data - 原始数据
+     * @param sensitiveFields - 自定义敏感字段列表
+     * @returns 脱敏后的字符串
+     */
+    static sanitizeBodyAsString(data, sensitiveFields = []) {
+        const sanitized = this.sanitizeBody(data, sensitiveFields);
+        if (!sanitized)
+            return undefined;
+        if (typeof sanitized === 'string') {
+            return sanitized.length > 5000
+                ? sanitized.substring(0, 5000) + '...'
+                : sanitized;
+        }
+        const jsonString = JSON.stringify(sanitized);
+        return jsonString.length > 5000
+            ? jsonString.substring(0, 5000) + '...'
+            : jsonString;
+    }
+    /**
+     * 判断字段是否为敏感字段
+     * @param key - 字段名
+     * @param sensitiveFields - 敏感字段列表
+     * @returns 是否为敏感字段
+     */
+    static isSensitiveField(key, sensitiveFields) {
+        const lowerKey = key.toLowerCase();
+        return sensitiveFields.some((field) => lowerKey.includes(field.toLowerCase()));
+    }
+    /**
+     * 递归脱敏对象中的敏感字段
+     * @param obj - 目标对象
+     * @param sensitiveFields - 敏感字段列表
+     */
+    static sanitizeObject(obj, sensitiveFields) {
+        if (typeof obj !== 'object' || obj === null)
+            return;
+        for (const key in obj) {
+            if (this.isSensitiveField(key, sensitiveFields)) {
+                obj[key] = '[FILTERED]';
+            }
+            else if (typeof obj[key] === 'object') {
+                this.sanitizeObject(obj[key], sensitiveFields);
+            }
+        }
+    }
+}
+exports.SanitizeUtil = SanitizeUtil;
+/**
+ * 默认敏感字段列表
+ */
+SanitizeUtil.DEFAULT_SENSITIVE_FIELDS = [
+    // Headers 相关
+    'authorization',
+    'apikey',
+    'x-api-key',
+    'x-auth-token',
+    'cookie',
+    'set-cookie',
+    // Body/Query 通用字段
+    'password',
+    'secret',
+    'token',
+    'key',
+    'credential',
+    'private',
+    'confidential',
+    'ssn',
+    'creditCard',
+    'accessToken',
+    'refreshToken',
+    'apiKey',
+    'apiSecret',
+];

package/interceptors/http-logging-interceptor.service.d.ts

@@ -0,0 +1,38 @@
+import { NestInterceptor, ExecutionContext, CallHandler } from '@nestjs/common';
+import { Observable } from 'rxjs';
+import { ApiConfigService } from '../shared/services/api-config.service';
+/**
+ * HTTP 日志拦截器
+ * 参考 Tomcat AccessLog 的实现，每个请求只记录一条日志
+ * 在请求完成时同时记录请求和响应的完整信息
+ */
+export declare class HttpLoggingInterceptor implements NestInterceptor {
+    private readonly configService;
+    private readonly logger;
+    constructor(configService: ApiConfigService);
+    intercept(context: ExecutionContext, next: CallHandler): Observable<any>;
+    /**
+     * 生成请求 ID
+     */
+    private generateRequestId;
+    /**
+     * 记录请求和响应（一条日志）
+     */
+    private logRequestResponse;
+    /**
+     * 记录请求和错误（一条日志）
+     */
+    private logRequestError;
+    /**
+     * 清理敏感的 header 信息
+     */
+    private sanitizeHeaders;
+    /**
+     * 清理敏感的 body 信息
+     */
+    private sanitizeBody;
+    /**
+     * 从 headers 提取用户信息
+     */
+    private extractUser;
+}

package/interceptors/http-logging-interceptor.service.js

@@ -0,0 +1,167 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var HttpLoggingInterceptor_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HttpLoggingInterceptor = void 0;
+const common_1 = require("@nestjs/common");
+const operators_1 = require("rxjs/operators");
+const api_config_service_1 = require("../shared/services/api-config.service");
+/**
+ * HTTP 日志拦截器
+ * 参考 Tomcat AccessLog 的实现，每个请求只记录一条日志
+ * 在请求完成时同时记录请求和响应的完整信息
+ */
+let HttpLoggingInterceptor = HttpLoggingInterceptor_1 = class HttpLoggingInterceptor {
+    constructor(configService) {
+        this.configService = configService;
+        this.logger = new common_1.Logger(HttpLoggingInterceptor_1.name);
+    }
+    intercept(context, next) {
+        const ctx = context.switchToHttp();
+        const request = ctx.getRequest();
+        const response = ctx.getResponse();
+        const startTime = Date.now();
+        const { method, url, headers, body } = request;
+        const requestId = String(request.id || headers['x-request-id'] || this.generateRequestId());
+        // 监听响应完成事件，一条日志同时记录请求和响应
+        response.on('finish', () => {
+            const duration = Date.now() - startTime;
+            this.logRequestResponse(requestId, request, response, duration);
+        });
+        return next.handle().pipe((0, operators_1.catchError)((error) => {
+            const duration = Date.now() - startTime;
+            this.logRequestError(requestId, request, error, duration);
+            throw error;
+        }));
+    }
+    /**
+     * 生成请求 ID
+     */
+    generateRequestId() {
+        return `${Date.now()}-${Math.random().toString(36).substr(2, 9)}`;
+    }
+    /**
+     * 记录请求和响应（一条日志）
+     */
+    logRequestResponse(requestId, request, response, duration) {
+        const statusCode = response.statusCode;
+        const logData = {
+            requestId,
+            timestamp: new Date().toISOString(),
+            env: this.configService.nodeEnv,
+            appName: this.configService.getString('NAME'),
+            http: {
+                method: request.method,
+                url: request.url,
+                query: request.query,
+                statusCode,
+                duration: `${duration}ms`,
+                req: {
+                    headers: this.sanitizeHeaders(request.headers),
+                    body: this.sanitizeBody(request.body),
+                },
+                res: {
+                    headers: this.sanitizeHeaders(response.getHeaders()),
+                },
+            },
+            user: this.extractUser(request.headers),
+        };
+        const message = `HTTP ${request.method} ${request.url} ${statusCode} (${duration}ms)`;
+        if (statusCode >= 500) {
+            this.logger.error(message, logData);
+        }
+        else if (statusCode >= 400) {
+            this.logger.warn(message, logData);
+        }
+        else {
+            this.logger.log(message, logData);
+        }
+    }
+    /**
+     * 记录请求和错误（一条日志）
+     */
+    logRequestError(requestId, request, error, duration) {
+        const logData = {
+            requestId,
+            timestamp: new Date().toISOString(),
+            env: this.configService.nodeEnv,
+            appName: this.configService.getString('NAME'),
+            http: {
+                method: request.method,
+                url: request.url,
+                query: request.query,
+                statusCode: (error === null || error === void 0 ? void 0 : error.status) || 500,
+                duration: `${duration}ms`,
+                req: {
+                    headers: this.sanitizeHeaders(request.headers),
+                    body: this.sanitizeBody(request.body),
+                },
+            },
+            error: {
+                message: error.message,
+                stack: error.stack,
+                code: error.code,
+            },
+            user: this.extractUser(request.headers),
+        };
+        this.logger.error(`HTTP ${request.method} ${request.url} ${(error === null || error === void 0 ? void 0 : error.status) || 500} (${duration}ms) - ${error.message}`, logData);
+    }
+    /**
+     * 清理敏感的 header 信息
+     */
+    sanitizeHeaders(headers) {
+        if (!headers)
+            return {};
+        const sanitized = Object.assign({}, headers);
+        const sensitiveKeys = ['authorization', 'apikey', 'x-api-key', 'token', 'cookie'];
+        for (const key of Object.keys(sanitized)) {
+            if (sensitiveKeys.includes(key.toLowerCase())) {
+                sanitized[key] = '[REDACTED]';
+            }
+        }
+        return sanitized;
+    }
+    /**
+     * 清理敏感的 body 信息
+     */
+    sanitizeBody(body) {
+        if (!body)
+            return body;
+        // 如果 body 太大，只记录部分信息
+        const bodyStr = JSON.stringify(body);
+        if (bodyStr.length > 1000) {
+            return { _large: `${bodyStr.length} bytes` };
+        }
+        return body;
+    }
+    /**
+     * 从 headers 提取用户信息
+     */
+    extractUser(headers) {
+        const userHeader = headers['user'] || headers['x-user'];
+        if (userHeader) {
+            try {
+                return typeof userHeader === 'string'
+                    ? JSON.parse(userHeader)
+                    : userHeader;
+            }
+            catch (_a) {
+                return userHeader;
+            }
+        }
+        return null;
+    }
+};
+exports.HttpLoggingInterceptor = HttpLoggingInterceptor;
+exports.HttpLoggingInterceptor = HttpLoggingInterceptor = HttpLoggingInterceptor_1 = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [api_config_service_1.ApiConfigService])
+], HttpLoggingInterceptor);

package/interceptors/index.d.ts

@@ -1,2 +1,3 @@
 export * from './language-interceptor.service';
 export * from './translation-interceptor.service';
+export * from './http-logging-interceptor.service';

package/interceptors/index.js

@@ -16,3 +16,4 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./language-interceptor.service"), exports);
 __exportStar(require("./translation-interceptor.service"), exports);
+__exportStar(require("./http-logging-interceptor.service"), exports);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nest-omni/core",
-  "version": "4.1.3-26",
+  "version": "4.1.3-27",
   "description": "A comprehensive NestJS framework for building enterprise-grade applications with best practices",
   "main": "index.js",
   "types": "index.d.ts",

package/setup/bootstrap.setup.js

@@ -166,7 +166,7 @@ function bootstrapSetup(AppModule, SetupSwagger) {
         const reflector = app.get(core_1.Reflector);
         app.useGlobalFilters(new setup_1.SentryGlobalFilter(), new __1.HttpExceptionFilter(), new __1.QueryFailedFilter(reflector));
         // 全局拦截器
-        app.useGlobalInterceptors(new __1.LanguageInterceptor(), new __1.TranslationInterceptor(), new nestjs_pino_1.LoggerErrorInterceptor());
+        app.useGlobalInterceptors(new __1.HttpLoggingInterceptor(configService), new __1.LanguageInterceptor(), new __1.TranslationInterceptor());
         // 全局管道
         app.useGlobalPipes(new nestjs_i18n_1.I18nValidationPipe({
             whitelist: true,

package/shared/services/api-config.service.js

@@ -214,25 +214,10 @@ let ApiConfigService = ApiConfigService_1 = class ApiConfigService {
                 genReqId: (req) => req.id,
                 transport,
                 level: this.isDev ? 'debug' : 'info',
-                customLogLevel: function (res) {
-                    if (res.statusCode >= 500)
-                        return 'error';
-                    if (res.statusCode >= 400)
-                        return 'warn';
-                    return 'info';
-                },
-                wrapSerializers: true,
-                customProps: (req, res) => {
-                    return {
-                        env: this.nodeEnv,
-                        appName: this.getString('NAME'),
-                        user: req === null || req === void 0 ? void 0 : req.user,
-                        'req.body': req === null || req === void 0 ? void 0 : req.body,
-                        'res.body': res === null || res === void 0 ? void 0 : res.body,
-                    };
-                },
+                // 禁用 pinoHttp 的自动日志，由 HttpLoggingInterceptor 处理
+                autoLogging: false,
                 redact: {
-                    paths: ['req.headers.authorization', 'req.headers.apikey'],
+                    paths: ['req.headers.authorization', 'req.headers.apikey', 'req.headers.cookie'],
                     remove: true,
                 },
             },