@vafast/request-logger 0.1.0

package/README.md

@@ -0,0 +1,169 @@
+# @vafast/request-logger
+
+API request logging middleware for Vafast with automatic sensitive data sanitization.
+
+## Features
+
+- 📝 Automatic API request/response logging
+- 🔒 Built-in sensitive data sanitization (passwords, tokens, etc.)
+- 🔌 Pluggable storage adapters (MongoDB, Console, Custom)
+- ⚡ Non-blocking async logging
+- 🚫 Path exclusion support
+- 📊 Request duration tracking
+
+## Installation
+
+```bash
+npm install @vafast/request-logger
+# or
+bun add @vafast/request-logger
+```
+
+## Quick Start
+
+### With MongoDB
+
+```typescript
+import { Server } from 'vafast'
+import { createRequestLogger, createMongoAdapter } from '@vafast/request-logger'
+import { mongoDb } from './mongodb'
+
+const server = new Server(routes)
+
+// Create request logger middleware
+const requestLogger = createRequestLogger({
+  storage: createMongoAdapter(mongoDb, 'logs', 'logsResponse'),
+  excludePaths: ['/health', '/metrics', '/performance/add'],
+  getUserId: (req) => {
+    const locals = getLocals(req)
+    return locals?.userInfo?.id
+  },
+})
+
+server.use(requestLogger)
+```
+
+### Development (Console)
+
+```typescript
+import { createRequestLogger, createConsoleAdapter } from '@vafast/request-logger'
+
+const requestLogger = createRequestLogger({
+  storage: createConsoleAdapter(),
+})
+```
+
+## Sensitive Data Sanitization
+
+The middleware automatically sanitizes sensitive data before logging:
+
+| Original | Sanitized |
+|----------|-----------|
+| `{ password: "abc123" }` | `{ password: "[REDACTED]" }` |
+| `Authorization: "Bearer eyJhbG..."` | `Authorization: "Bearer eyJh****bG..."` |
+| `Cookie: "session=xxx"` | `Cookie: "[REDACTED]"` |
+| `{ apiKey: "sk-1234567890abcdef" }` | `{ apiKey: "sk-1****cdef" }` |
+
+### Default Removed Fields
+
+- `password`, `newPassword`, `oldPassword`
+- `secret`, `secretKey`, `privateKey`
+- `apiSecret`, `clientSecret`
+
+### Default Masked Fields (partial)
+
+- `token`, `accessToken`, `refreshToken`
+- `authorization`, `apiKey`, `bearer`
+
+### Custom Sanitization
+
+```typescript
+const requestLogger = createRequestLogger({
+  storage: adapter,
+  sanitize: {
+    removeFields: ['password', 'ssn', 'creditCard'],
+    maskFields: ['token', 'apiKey', 'phoneNumber'],
+    placeholder: '***HIDDEN***',
+  },
+})
+```
+
+## Configuration
+
+```typescript
+interface RequestLoggerConfig {
+  /** Storage adapter (required) */
+  storage: StorageAdapter
+  /** Paths to exclude from logging */
+  excludePaths?: (string | RegExp)[]
+  /** Sanitization config */
+  sanitize?: SanitizeConfig
+  /** Function to get user ID from request */
+  getUserId?: (req: Request) => string | undefined
+  /** Error callback */
+  onError?: (error: Error) => void
+  /** Enable/disable logging @default true */
+  enabled?: boolean
+}
+```
+
+## Custom Storage Adapter
+
+```typescript
+import type { StorageAdapter } from '@vafast/request-logger'
+
+const myAdapter: StorageAdapter = {
+  async saveRequestLog(log) {
+    // Save to your database
+    const id = await myDb.insert('request_logs', log)
+    return id
+  },
+
+  async saveResponseLog(log) {
+    // Save response details
+    await myDb.insert('response_logs', log)
+  },
+}
+```
+
+## Log Structure
+
+### Request Log
+
+```typescript
+{
+  method: 'POST',
+  url: 'http://localhost:3000/api/users',
+  path: '/api/users',
+  headers: { /* sanitized */ },
+  body: { /* sanitized */ },
+  query: {},
+  response: {
+    success: true,
+    message: 'OK',
+    code: 0,
+  },
+  status: 200,
+  duration: 15,
+  userId: '123',
+  createdAt: Date,
+}
+```
+
+### Response Log
+
+```typescript
+{
+  requestLogId: 'abc123',
+  success: true,
+  message: 'OK',
+  code: 0,
+  data: { /* sanitized response data */ },
+  createdAt: Date,
+}
+```
+
+## License
+
+MIT
+

package/dist/index.d.ts

@@ -0,0 +1,142 @@
+import { Middleware } from 'vafast';
+
+/**
+ * 敏感数据清洗工具
+ *
+ * 用于在记录日志前移除或脱敏敏感信息
+ */
+interface SanitizeConfig {
+    /** 需要完全移除的字段（小写） */
+    removeFields?: string[];
+    /** 需要脱敏的字段（小写，部分匹配） */
+    maskFields?: string[];
+    /** 脱敏占位符 @default '[REDACTED]' */
+    placeholder?: string;
+    /** 最大递归深度 @default 10 */
+    maxDepth?: number;
+}
+/**
+ * 深度清洗对象中的敏感数据
+ *
+ * @example
+ * ```typescript
+ * const data = { password: '123456', token: 'eyJhbG...' }
+ * const sanitized = sanitize(data)
+ * // { password: '[REDACTED]', token: 'eyJh****...' }
+ * ```
+ */
+declare function sanitize<T>(data: T, config?: SanitizeConfig, depth?: number): T;
+/**
+ * 清洗 HTTP 请求头
+ *
+ * @example
+ * ```typescript
+ * const headers = { Authorization: 'Bearer eyJhbG...', Cookie: 'session=xxx' }
+ * const sanitized = sanitizeHeaders(headers)
+ * // { Authorization: 'Bearer eyJh****...', Cookie: '[REDACTED]' }
+ * ```
+ */
+declare function sanitizeHeaders(headers: Record<string, string>, config?: SanitizeConfig): Record<string, string>;
+
+/**
+ * @vafast/request-logger - API request logging middleware for Vafast
+ *
+ * Features:
+ * - Automatic sensitive data sanitization
+ * - Pluggable storage adapters (MongoDB, custom)
+ * - Async logging (non-blocking)
+ * - Path exclusion support
+ */
+
+interface RequestLog {
+    method: string;
+    url: string;
+    path: string;
+    headers: Record<string, string>;
+    body: unknown;
+    query: Record<string, string>;
+    response: {
+        success?: boolean;
+        message?: string;
+        code?: number;
+    };
+    status: number;
+    duration: number;
+    userId?: string;
+    createdAt: Date;
+}
+interface ResponseLog {
+    requestLogId: string;
+    success?: boolean;
+    message?: string;
+    code?: number;
+    data?: unknown;
+    createdAt: Date;
+}
+/**
+ * 存储适配器接口
+ */
+interface StorageAdapter {
+    /** 存储请求日志 */
+    saveRequestLog(log: RequestLog): Promise<string>;
+    /** 存储响应详情 */
+    saveResponseLog(log: ResponseLog): Promise<void>;
+}
+interface RequestLoggerConfig {
+    /** 存储适配器 */
+    storage: StorageAdapter;
+    /** 排除的路径（支持字符串或正则） */
+    excludePaths?: (string | RegExp)[];
+    /** 敏感数据清洗配置 */
+    sanitize?: SanitizeConfig;
+    /** 获取用户 ID 的函数 */
+    getUserId?: (req: Request) => string | undefined;
+    /** 错误回调 */
+    onError?: (error: Error) => void;
+    /** 是否启用 @default true */
+    enabled?: boolean;
+}
+/**
+ * 创建请求日志中间件
+ *
+ * @example
+ * ```typescript
+ * import { createRequestLogger, createMongoAdapter } from '@vafast/request-logger'
+ * import { mongoDb } from './mongodb'
+ *
+ * const requestLogger = createRequestLogger({
+ *   storage: createMongoAdapter(mongoDb, 'logs', 'logsResponse'),
+ *   excludePaths: ['/health', '/metrics'],
+ *   getUserId: (req) => getLocals(req)?.userInfo?.id,
+ * })
+ *
+ * server.use(requestLogger)
+ * ```
+ */
+declare function createRequestLogger(config: RequestLoggerConfig): Middleware;
+/**
+ * 创建 MongoDB 存储适配器
+ *
+ * @example
+ * ```typescript
+ * import { Db } from 'mongodb'
+ * import { createMongoAdapter } from '@vafast/request-logger'
+ *
+ * const adapter = createMongoAdapter(db, 'logs', 'logsResponse')
+ * ```
+ */
+declare function createMongoAdapter(db: {
+    collection: (name: string) => {
+        insertOne: (doc: any) => Promise<{
+            insertedId: {
+                toHexString: () => string;
+            };
+        }>;
+    };
+}, logsCollection?: string, logsResponseCollection?: string): StorageAdapter;
+/**
+ * 创建控制台存储适配器（用于开发调试）
+ */
+declare function createConsoleAdapter(): StorageAdapter;
+
+export { type RequestLog, type RequestLoggerConfig, type ResponseLog, type SanitizeConfig, type StorageAdapter, createConsoleAdapter, createMongoAdapter, createRequestLogger, createRequestLogger as default, sanitize, sanitizeHeaders };

package/dist/index.js

@@ -0,0 +1,230 @@
+// src/sanitize.ts
+var DEFAULT_REMOVE_FIELDS = [
+  "password",
+  "newpassword",
+  "oldpassword",
+  "confirmpassword",
+  "secret",
+  "secretkey",
+  "privatekey",
+  "apisecret",
+  "clientsecret"
+];
+var DEFAULT_MASK_FIELDS = [
+  "token",
+  "accesstoken",
+  "refreshtoken",
+  "authorization",
+  "apikey",
+  "api_key",
+  "x-api-key",
+  "idtoken",
+  "sessiontoken",
+  "bearer"
+];
+var DEFAULT_PLACEHOLDER = "[REDACTED]";
+var DEFAULT_MAX_DEPTH = 10;
+function partialMask(value, placeholder) {
+  if (value.length <= 8) return placeholder;
+  return value.slice(0, 4) + "****" + value.slice(-4);
+}
+function sanitize(data, config, depth = 0) {
+  const {
+    removeFields = DEFAULT_REMOVE_FIELDS,
+    maskFields = DEFAULT_MASK_FIELDS,
+    placeholder = DEFAULT_PLACEHOLDER,
+    maxDepth = DEFAULT_MAX_DEPTH
+  } = config ?? {};
+  if (depth > maxDepth) return data;
+  if (data === null || data === void 0) {
+    return data;
+  }
+  if (Array.isArray(data)) {
+    return data.map((item) => sanitize(item, config, depth + 1));
+  }
+  if (typeof data === "object") {
+    const result = {};
+    for (const [key, value] of Object.entries(data)) {
+      const lowerKey = key.toLowerCase();
+      if (removeFields.some((field) => lowerKey === field)) {
+        result[key] = placeholder;
+        continue;
+      }
+      if (maskFields.some((field) => lowerKey.includes(field))) {
+        if (typeof value === "string") {
+          result[key] = partialMask(value, placeholder);
+        } else {
+          result[key] = placeholder;
+        }
+        continue;
+      }
+      result[key] = sanitize(value, config, depth + 1);
+    }
+    return result;
+  }
+  return data;
+}
+function sanitizeHeaders(headers, config) {
+  const {
+    maskFields = DEFAULT_MASK_FIELDS,
+    placeholder = DEFAULT_PLACEHOLDER
+  } = config ?? {};
+  const result = {};
+  for (const [key, value] of Object.entries(headers)) {
+    const lowerKey = key.toLowerCase();
+    if (lowerKey === "authorization") {
+      if (value.startsWith("Bearer ")) {
+        result[key] = "Bearer " + partialMask(value.slice(7), placeholder);
+      } else {
+        result[key] = partialMask(value, placeholder);
+      }
+      continue;
+    }
+    if (lowerKey === "cookie" || lowerKey === "set-cookie") {
+      result[key] = placeholder;
+      continue;
+    }
+    if (maskFields.some((field) => lowerKey.includes(field))) {
+      result[key] = partialMask(value, placeholder);
+      continue;
+    }
+    result[key] = value;
+  }
+  return result;
+}
+
+// src/index.ts
+function createRequestLogger(config) {
+  const {
+    storage,
+    excludePaths = [],
+    sanitize: sanitizeConfig,
+    getUserId,
+    onError = console.error,
+    enabled = true
+  } = config;
+  return async (req, next) => {
+    if (!enabled) {
+      return next();
+    }
+    const startTime = Date.now();
+    const response = await next();
+    recordLog(req, response, startTime, {
+      storage,
+      excludePaths,
+      sanitizeConfig,
+      getUserId,
+      onError
+    }).catch(onError);
+    return response;
+  };
+}
+async function recordLog(req, response, startTime, options) {
+  const { storage, excludePaths, sanitizeConfig, getUserId } = options;
+  const url = new URL(req.url);
+  const path = url.pathname;
+  const shouldExclude = excludePaths.some((pattern) => {
+    if (typeof pattern === "string") {
+      return path.includes(pattern);
+    }
+    return pattern.test(path);
+  });
+  if (shouldExclude) {
+    return;
+  }
+  let body = null;
+  try {
+    const clonedReq = req.clone();
+    const contentType = req.headers.get("content-type") || "";
+    if (contentType.includes("application/json")) {
+      body = await clonedReq.json();
+    }
+  } catch {
+  }
+  let responseData = {};
+  try {
+    const clonedRes = response.clone();
+    responseData = await clonedRes.json();
+  } catch {
+  }
+  const headers = {};
+  req.headers.forEach((value, key) => {
+    headers[key] = value;
+  });
+  const sanitizedHeaders = sanitizeHeaders(headers, sanitizeConfig);
+  const sanitizedBody = sanitize(body, sanitizeConfig);
+  const sanitizedResponseData = sanitize(responseData.data, sanitizeConfig);
+  const now = /* @__PURE__ */ new Date();
+  const duration = Date.now() - startTime;
+  const userId = getUserId?.(req);
+  const requestLogId = await storage.saveRequestLog({
+    method: req.method,
+    url: req.url,
+    path,
+    headers: sanitizedHeaders,
+    body: sanitizedBody,
+    query: Object.fromEntries(url.searchParams),
+    response: {
+      success: responseData.success,
+      message: responseData.message,
+      code: responseData.code
+    },
+    status: response.status,
+    duration,
+    userId,
+    createdAt: now
+  });
+  await storage.saveResponseLog({
+    requestLogId,
+    success: responseData.success,
+    message: responseData.message,
+    code: responseData.code,
+    data: sanitizedResponseData,
+    createdAt: now
+  });
+}
+function createMongoAdapter(db, logsCollection = "logs", logsResponseCollection = "logsResponse") {
+  return {
+    async saveRequestLog(log) {
+      const result = await db.collection(logsCollection).insertOne({
+        ...log,
+        createAt: log.createdAt,
+        updateAt: log.createdAt
+      });
+      return result.insertedId.toHexString();
+    },
+    async saveResponseLog(log) {
+      await db.collection(logsResponseCollection).insertOne({
+        logsId: log.requestLogId,
+        ...log,
+        createAt: log.createdAt,
+        updateAt: log.createdAt
+      });
+    }
+  };
+}
+function createConsoleAdapter() {
+  let idCounter = 0;
+  return {
+    async saveRequestLog(log) {
+      const id = `log_${++idCounter}`;
+      console.log(`[REQUEST] ${log.method} ${log.path} ${log.status} ${log.duration}ms`);
+      return id;
+    },
+    async saveResponseLog(log) {
+      if (!log.success) {
+        console.log(`[RESPONSE ERROR] ${log.message}`);
+      }
+    }
+  };
+}
+var index_default = createRequestLogger;
+export {
+  createConsoleAdapter,
+  createMongoAdapter,
+  createRequestLogger,
+  index_default as default,
+  sanitize,
+  sanitizeHeaders
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/sanitize.ts","../src/index.ts"],"sourcesContent":["/**\n * 敏感数据清洗工具\n * \n * 用于在记录日志前移除或脱敏敏感信息\n */\n\n// ============ Types ============\n\nexport interface SanitizeConfig {\n  /** 需要完全移除的字段（小写） */\n  removeFields?: string[]\n  /** 需要脱敏的字段（小写，部分匹配） */\n  maskFields?: string[]\n  /** 脱敏占位符 @default '[REDACTED]' */\n  placeholder?: string\n  /** 最大递归深度 @default 10 */\n  maxDepth?: number\n}\n\n// ============ Default Config ============\n\n/** 默认需要完全移除的敏感字段 */\nconst DEFAULT_REMOVE_FIELDS = [\n  'password',\n  'newpassword',\n  'oldpassword',\n  'confirmpassword',\n  'secret',\n  'secretkey',\n  'privatekey',\n  'apisecret',\n  'clientsecret',\n]\n\n/** 默认需要脱敏的字段（保留部分信息） */\nconst DEFAULT_MASK_FIELDS = [\n  'token',\n  'accesstoken',\n  'refreshtoken',\n  'authorization',\n  'apikey',\n  'api_key',\n  'x-api-key',\n  'idtoken',\n  'sessiontoken',\n  'bearer',\n]\n\nconst DEFAULT_PLACEHOLDER = '[REDACTED]'\nconst DEFAULT_MAX_DEPTH = 10\n\n// ============ Sanitize Functions ============\n\n/**\n * 部分脱敏（保留前4后4位）\n */\nfunction partialMask(value: string, placeholder: string): string {\n  if (value.length <= 8) return placeholder\n  return value.slice(0, 4) + '****' + value.slice(-4)\n}\n\n/**\n * 深度清洗对象中的敏感数据\n * \n * @example\n * ```typescript\n * const data = { password: '123456', token: 'eyJhbG...' }\n * const sanitized = sanitize(data)\n * // { password: '[REDACTED]', token: 'eyJh****...' }\n * ```\n */\nexport function sanitize<T>(data: T, config?: SanitizeConfig, depth = 0): T {\n  const {\n    removeFields = DEFAULT_REMOVE_FIELDS,\n    maskFields = DEFAULT_MASK_FIELDS,\n    placeholder = DEFAULT_PLACEHOLDER,\n    maxDepth = DEFAULT_MAX_DEPTH,\n  } = config ?? {}\n\n  // 防止无限递归\n  if (depth > maxDepth) return data\n  \n  if (data === null || data === undefined) {\n    return data\n  }\n\n  // 处理数组\n  if (Array.isArray(data)) {\n    return data.map(item => sanitize(item, config, depth + 1)) as T\n  }\n\n  // 处理对象\n  if (typeof data === 'object') {\n    const result: Record<string, unknown> = {}\n    \n    for (const [key, value] of Object.entries(data)) {\n      const lowerKey = key.toLowerCase()\n      \n      // 完全移除的字段\n      if (removeFields.some(field => lowerKey === field)) {\n        result[key] = placeholder\n        continue\n      }\n      \n      // 部分脱敏的字段\n      if (maskFields.some(field => lowerKey.includes(field))) {\n        if (typeof value === 'string') {\n          result[key] = partialMask(value, placeholder)\n        } else {\n          result[key] = placeholder\n        }\n        continue\n      }\n      \n      // 递归处理嵌套对象\n      result[key] = sanitize(value, config, depth + 1)\n    }\n    \n    return result as T\n  }\n\n  return data\n}\n\n/**\n * 清洗 HTTP 请求头\n * \n * @example\n * ```typescript\n * const headers = { Authorization: 'Bearer eyJhbG...', Cookie: 'session=xxx' }\n * const sanitized = sanitizeHeaders(headers)\n * // { Authorization: 'Bearer eyJh****...', Cookie: '[REDACTED]' }\n * ```\n */\nexport function sanitizeHeaders(\n  headers: Record<string, string>,\n  config?: SanitizeConfig\n): Record<string, string> {\n  const {\n    maskFields = DEFAULT_MASK_FIELDS,\n    placeholder = DEFAULT_PLACEHOLDER,\n  } = config ?? {}\n\n  const result: Record<string, string> = {}\n  \n  for (const [key, value] of Object.entries(headers)) {\n    const lowerKey = key.toLowerCase()\n    \n    // Authorization 头部分脱敏\n    if (lowerKey === 'authorization') {\n      if (value.startsWith('Bearer ')) {\n        result[key] = 'Bearer ' + partialMask(value.slice(7), placeholder)\n      } else {\n        result[key] = partialMask(value, placeholder)\n      }\n      continue\n    }\n    \n    // Cookie 完全脱敏\n    if (lowerKey === 'cookie' || lowerKey === 'set-cookie') {\n      result[key] = placeholder\n      continue\n    }\n    \n    // API Key 相关头脱敏\n    if (maskFields.some(field => lowerKey.includes(field))) {\n      result[key] = partialMask(value, placeholder)\n      continue\n    }\n    \n    result[key] = value\n  }\n  \n  return result\n}\n\n/**\n * 检查值是否为敏感字段\n */\nexport function isSensitiveField(fieldName: string, config?: SanitizeConfig): boolean {\n  const {\n    removeFields = DEFAULT_REMOVE_FIELDS,\n    maskFields = DEFAULT_MASK_FIELDS,\n  } = config ?? {}\n\n  const lowerName = fieldName.toLowerCase()\n  \n  return (\n    removeFields.some(field => lowerName === field) ||\n    maskFields.some(field => lowerName.includes(field))\n  )\n}\n\n","/**\n * @vafast/request-logger - API request logging middleware for Vafast\n * \n * Features:\n * - Automatic sensitive data sanitization\n * - Pluggable storage adapters (MongoDB, custom)\n * - Async logging (non-blocking)\n * - Path exclusion support\n */\nimport type { Middleware } from 'vafast'\nimport { sanitize, sanitizeHeaders, type SanitizeConfig } from './sanitize'\n\n// ============ Types ============\n\nexport interface RequestLog {\n  method: string\n  url: string\n  path: string\n  headers: Record<string, string>\n  body: unknown\n  query: Record<string, string>\n  response: {\n    success?: boolean\n    message?: string\n    code?: number\n  }\n  status: number\n  duration: number\n  userId?: string\n  createdAt: Date\n}\n\nexport interface ResponseLog {\n  requestLogId: string\n  success?: boolean\n  message?: string\n  code?: number\n  data?: unknown\n  createdAt: Date\n}\n\n/**\n * 存储适配器接口\n */\nexport interface StorageAdapter {\n  /** 存储请求日志 */\n  saveRequestLog(log: RequestLog): Promise<string>\n  /** 存储响应详情 */\n  saveResponseLog(log: ResponseLog): Promise<void>\n}\n\nexport interface RequestLoggerConfig {\n  /** 存储适配器 */\n  storage: StorageAdapter\n  /** 排除的路径（支持字符串或正则） */\n  excludePaths?: (string | RegExp)[]\n  /** 敏感数据清洗配置 */\n  sanitize?: SanitizeConfig\n  /** 获取用户 ID 的函数 */\n  getUserId?: (req: Request) => string | undefined\n  /** 错误回调 */\n  onError?: (error: Error) => void\n  /** 是否启用 @default true */\n  enabled?: boolean\n}\n\n// ============ Middleware Factory ============\n\n/**\n * 创建请求日志中间件\n * \n * @example\n * ```typescript\n * import { createRequestLogger, createMongoAdapter } from '@vafast/request-logger'\n * import { mongoDb } from './mongodb'\n * \n * const requestLogger = createRequestLogger({\n *   storage: createMongoAdapter(mongoDb, 'logs', 'logsResponse'),\n *   excludePaths: ['/health', '/metrics'],\n *   getUserId: (req) => getLocals(req)?.userInfo?.id,\n * })\n * \n * server.use(requestLogger)\n * ```\n */\nexport function createRequestLogger(config: RequestLoggerConfig): Middleware {\n  const {\n    storage,\n    excludePaths = [],\n    sanitize: sanitizeConfig,\n    getUserId,\n    onError = console.error,\n    enabled = true,\n  } = config\n\n  return async (req: Request, next: () => Promise<Response>) => {\n    if (!enabled) {\n      return next()\n    }\n\n    const startTime = Date.now()\n    const response = await next()\n\n    // 异步记录日志，不阻塞响应\n    recordLog(req, response, startTime, {\n      storage,\n      excludePaths,\n      sanitizeConfig,\n      getUserId,\n      onError,\n    }).catch(onError)\n\n    return response\n  }\n}\n\n// ============ Internal Functions ============\n\ninterface RecordLogOptions {\n  storage: StorageAdapter\n  excludePaths: (string | RegExp)[]\n  sanitizeConfig?: SanitizeConfig\n  getUserId?: (req: Request) => string | undefined\n  onError: (error: Error) => void\n}\n\nasync function recordLog(\n  req: Request,\n  response: Response,\n  startTime: number,\n  options: RecordLogOptions\n) {\n  const { storage, excludePaths, sanitizeConfig, getUserId } = options\n\n  const url = new URL(req.url)\n  const path = url.pathname\n\n  // 检查是否需要排除\n  const shouldExclude = excludePaths.some(pattern => {\n    if (typeof pattern === 'string') {\n      return path.includes(pattern)\n    }\n    return pattern.test(path)\n  })\n\n  if (shouldExclude) {\n    return\n  }\n\n  // 解析请求体\n  let body: unknown = null\n  try {\n    const clonedReq = req.clone()\n    const contentType = req.headers.get('content-type') || ''\n    if (contentType.includes('application/json')) {\n      body = await clonedReq.json()\n    }\n  } catch {\n    // 忽略解析错误\n  }\n\n  // 解析响应体\n  let responseData: { success?: boolean; message?: string; code?: number; data?: unknown } = {}\n  try {\n    const clonedRes = response.clone()\n    responseData = await clonedRes.json()\n  } catch {\n    // 忽略解析错误\n  }\n\n  // 提取请求头\n  const headers: Record<string, string> = {}\n  req.headers.forEach((value, key) => {\n    headers[key] = value\n  })\n\n  // 清洗敏感数据\n  const sanitizedHeaders = sanitizeHeaders(headers, sanitizeConfig)\n  const sanitizedBody = sanitize(body, sanitizeConfig)\n  const sanitizedResponseData = sanitize(responseData.data, sanitizeConfig)\n\n  const now = new Date()\n  const duration = Date.now() - startTime\n\n  // 获取用户 ID\n  const userId = getUserId?.(req)\n\n  // 存储请求日志\n  const requestLogId = await storage.saveRequestLog({\n    method: req.method,\n    url: req.url,\n    path,\n    headers: sanitizedHeaders,\n    body: sanitizedBody,\n    query: Object.fromEntries(url.searchParams),\n    response: {\n      success: responseData.success,\n      message: responseData.message,\n      code: responseData.code,\n    },\n    status: response.status,\n    duration,\n    userId,\n    createdAt: now,\n  })\n\n  // 存储响应详情\n  await storage.saveResponseLog({\n    requestLogId,\n    success: responseData.success,\n    message: responseData.message,\n    code: responseData.code,\n    data: sanitizedResponseData,\n    createdAt: now,\n  })\n}\n\n// ============ MongoDB Adapter ============\n\n/**\n * 创建 MongoDB 存储适配器\n * \n * @example\n * ```typescript\n * import { Db } from 'mongodb'\n * import { createMongoAdapter } from '@vafast/request-logger'\n * \n * const adapter = createMongoAdapter(db, 'logs', 'logsResponse')\n * ```\n */\nexport function createMongoAdapter(\n  db: { collection: (name: string) => { insertOne: (doc: any) => Promise<{ insertedId: { toHexString: () => string } }> } },\n  logsCollection: string = 'logs',\n  logsResponseCollection: string = 'logsResponse'\n): StorageAdapter {\n  return {\n    async saveRequestLog(log: RequestLog): Promise<string> {\n      const result = await db.collection(logsCollection).insertOne({\n        ...log,\n        createAt: log.createdAt,\n        updateAt: log.createdAt,\n      })\n      return result.insertedId.toHexString()\n    },\n\n    async saveResponseLog(log: ResponseLog): Promise<void> {\n      await db.collection(logsResponseCollection).insertOne({\n        logsId: log.requestLogId,\n        ...log,\n        createAt: log.createdAt,\n        updateAt: log.createdAt,\n      })\n    },\n  }\n}\n\n// ============ Console Adapter (for development) ============\n\n/**\n * 创建控制台存储适配器（用于开发调试）\n */\nexport function createConsoleAdapter(): StorageAdapter {\n  let idCounter = 0\n\n  return {\n    async saveRequestLog(log: RequestLog): Promise<string> {\n      const id = `log_${++idCounter}`\n      console.log(`[REQUEST] ${log.method} ${log.path} ${log.status} ${log.duration}ms`)\n      return id\n    },\n\n    async saveResponseLog(log: ResponseLog): Promise<void> {\n      if (!log.success) {\n        console.log(`[RESPONSE ERROR] ${log.message}`)\n      }\n    },\n  }\n}\n\n// ============ Re-exports ============\n\nexport { sanitize, sanitizeHeaders, type SanitizeConfig } from './sanitize'\nexport default createRequestLogger\n\n"],"mappings":";AAsBA,IAAM,wBAAwB;AAAA,EAC5B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAGA,IAAM,sBAAsB;AAAA,EAC1B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,IAAM,sBAAsB;AAC5B,IAAM,oBAAoB;AAO1B,SAAS,YAAY,OAAe,aAA6B;AAC/D,MAAI,MAAM,UAAU,EAAG,QAAO;AAC9B,SAAO,MAAM,MAAM,GAAG,CAAC,IAAI,SAAS,MAAM,MAAM,EAAE;AACpD;AAYO,SAAS,SAAY,MAAS,QAAyB,QAAQ,GAAM;AAC1E,QAAM;AAAA,IACJ,eAAe;AAAA,IACf,aAAa;AAAA,IACb,cAAc;AAAA,IACd,WAAW;AAAA,EACb,IAAI,UAAU,CAAC;AAGf,MAAI,QAAQ,SAAU,QAAO;AAE7B,MAAI,SAAS,QAAQ,SAAS,QAAW;AACvC,WAAO;AAAA,EACT;AAGA,MAAI,MAAM,QAAQ,IAAI,GAAG;AACvB,WAAO,KAAK,IAAI,UAAQ,SAAS,MAAM,QAAQ,QAAQ,CAAC,CAAC;AAAA,EAC3D;AAGA,MAAI,OAAO,SAAS,UAAU;AAC5B,UAAM,SAAkC,CAAC;AAEzC,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,IAAI,GAAG;AAC/C,YAAM,WAAW,IAAI,YAAY;AAGjC,UAAI,aAAa,KAAK,WAAS,aAAa,KAAK,GAAG;AAClD,eAAO,GAAG,IAAI;AACd;AAAA,MACF;AAGA,UAAI,WAAW,KAAK,WAAS,SAAS,SAAS,KAAK,CAAC,GAAG;AACtD,YAAI,OAAO,UAAU,UAAU;AAC7B,iBAAO,GAAG,IAAI,YAAY,OAAO,WAAW;AAAA,QAC9C,OAAO;AACL,iBAAO,GAAG,IAAI;AAAA,QAChB;AACA;AAAA,MACF;AAGA,aAAO,GAAG,IAAI,SAAS,OAAO,QAAQ,QAAQ,CAAC;AAAA,IACjD;AAEA,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AAYO,SAAS,gBACd,SACA,QACwB;AACxB,QAAM;AAAA,IACJ,aAAa;AAAA,IACb,cAAc;AAAA,EAChB,IAAI,UAAU,CAAC;AAEf,QAAM,SAAiC,CAAC;AAExC,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,OAAO,GAAG;AAClD,UAAM,WAAW,IAAI,YAAY;AAGjC,QAAI,aAAa,iBAAiB;AAChC,UAAI,MAAM,WAAW,SAAS,GAAG;AAC/B,eAAO,GAAG,IAAI,YAAY,YAAY,MAAM,MAAM,CAAC,GAAG,WAAW;AAAA,MACnE,OAAO;AACL,eAAO,GAAG,IAAI,YAAY,OAAO,WAAW;AAAA,MAC9C;AACA;AAAA,IACF;AAGA,QAAI,aAAa,YAAY,aAAa,cAAc;AACtD,aAAO,GAAG,IAAI;AACd;AAAA,IACF;AAGA,QAAI,WAAW,KAAK,WAAS,SAAS,SAAS,KAAK,CAAC,GAAG;AACtD,aAAO,GAAG,IAAI,YAAY,OAAO,WAAW;AAC5C;AAAA,IACF;AAEA,WAAO,GAAG,IAAI;AAAA,EAChB;AAEA,SAAO;AACT;;;ACzFO,SAAS,oBAAoB,QAAyC;AAC3E,QAAM;AAAA,IACJ;AAAA,IACA,eAAe,CAAC;AAAA,IAChB,UAAU;AAAA,IACV;AAAA,IACA,UAAU,QAAQ;AAAA,IAClB,UAAU;AAAA,EACZ,IAAI;AAEJ,SAAO,OAAO,KAAc,SAAkC;AAC5D,QAAI,CAAC,SAAS;AACZ,aAAO,KAAK;AAAA,IACd;AAEA,UAAM,YAAY,KAAK,IAAI;AAC3B,UAAM,WAAW,MAAM,KAAK;AAG5B,cAAU,KAAK,UAAU,WAAW;AAAA,MAClC;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC,EAAE,MAAM,OAAO;AAEhB,WAAO;AAAA,EACT;AACF;AAYA,eAAe,UACb,KACA,UACA,WACA,SACA;AACA,QAAM,EAAE,SAAS,cAAc,gBAAgB,UAAU,IAAI;AAE7D,QAAM,MAAM,IAAI,IAAI,IAAI,GAAG;AAC3B,QAAM,OAAO,IAAI;AAGjB,QAAM,gBAAgB,aAAa,KAAK,aAAW;AACjD,QAAI,OAAO,YAAY,UAAU;AAC/B,aAAO,KAAK,SAAS,OAAO;AAAA,IAC9B;AACA,WAAO,QAAQ,KAAK,IAAI;AAAA,EAC1B,CAAC;AAED,MAAI,eAAe;AACjB;AAAA,EACF;AAGA,MAAI,OAAgB;AACpB,MAAI;AACF,UAAM,YAAY,IAAI,MAAM;AAC5B,UAAM,cAAc,IAAI,QAAQ,IAAI,cAAc,KAAK;AACvD,QAAI,YAAY,SAAS,kBAAkB,GAAG;AAC5C,aAAO,MAAM,UAAU,KAAK;AAAA,IAC9B;AAAA,EACF,QAAQ;AAAA,EAER;AAGA,MAAI,eAAuF,CAAC;AAC5F,MAAI;AACF,UAAM,YAAY,SAAS,MAAM;AACjC,mBAAe,MAAM,UAAU,KAAK;AAAA,EACtC,QAAQ;AAAA,EAER;AAGA,QAAM,UAAkC,CAAC;AACzC,MAAI,QAAQ,QAAQ,CAAC,OAAO,QAAQ;AAClC,YAAQ,GAAG,IAAI;AAAA,EACjB,CAAC;AAGD,QAAM,mBAAmB,gBAAgB,SAAS,cAAc;AAChE,QAAM,gBAAgB,SAAS,MAAM,cAAc;AACnD,QAAM,wBAAwB,SAAS,aAAa,MAAM,cAAc;AAExE,QAAM,MAAM,oBAAI,KAAK;AACrB,QAAM,WAAW,KAAK,IAAI,IAAI;AAG9B,QAAM,SAAS,YAAY,GAAG;AAG9B,QAAM,eAAe,MAAM,QAAQ,eAAe;AAAA,IAChD,QAAQ,IAAI;AAAA,IACZ,KAAK,IAAI;AAAA,IACT;AAAA,IACA,SAAS;AAAA,IACT,MAAM;AAAA,IACN,OAAO,OAAO,YAAY,IAAI,YAAY;AAAA,IAC1C,UAAU;AAAA,MACR,SAAS,aAAa;AAAA,MACtB,SAAS,aAAa;AAAA,MACtB,MAAM,aAAa;AAAA,IACrB;AAAA,IACA,QAAQ,SAAS;AAAA,IACjB;AAAA,IACA;AAAA,IACA,WAAW;AAAA,EACb,CAAC;AAGD,QAAM,QAAQ,gBAAgB;AAAA,IAC5B;AAAA,IACA,SAAS,aAAa;AAAA,IACtB,SAAS,aAAa;AAAA,IACtB,MAAM,aAAa;AAAA,IACnB,MAAM;AAAA,IACN,WAAW;AAAA,EACb,CAAC;AACH;AAeO,SAAS,mBACd,IACA,iBAAyB,QACzB,yBAAiC,gBACjB;AAChB,SAAO;AAAA,IACL,MAAM,eAAe,KAAkC;AACrD,YAAM,SAAS,MAAM,GAAG,WAAW,cAAc,EAAE,UAAU;AAAA,QAC3D,GAAG;AAAA,QACH,UAAU,IAAI;AAAA,QACd,UAAU,IAAI;AAAA,MAChB,CAAC;AACD,aAAO,OAAO,WAAW,YAAY;AAAA,IACvC;AAAA,IAEA,MAAM,gBAAgB,KAAiC;AACrD,YAAM,GAAG,WAAW,sBAAsB,EAAE,UAAU;AAAA,QACpD,QAAQ,IAAI;AAAA,QACZ,GAAG;AAAA,QACH,UAAU,IAAI;AAAA,QACd,UAAU,IAAI;AAAA,MAChB,CAAC;AAAA,IACH;AAAA,EACF;AACF;AAOO,SAAS,uBAAuC;AACrD,MAAI,YAAY;AAEhB,SAAO;AAAA,IACL,MAAM,eAAe,KAAkC;AACrD,YAAM,KAAK,OAAO,EAAE,SAAS;AAC7B,cAAQ,IAAI,aAAa,IAAI,MAAM,IAAI,IAAI,IAAI,IAAI,IAAI,MAAM,IAAI,IAAI,QAAQ,IAAI;AACjF,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,gBAAgB,KAAiC;AACrD,UAAI,CAAC,IAAI,SAAS;AAChB,gBAAQ,IAAI,oBAAoB,IAAI,OAAO,EAAE;AAAA,MAC/C;AAAA,IACF;AAAA,EACF;AACF;AAKA,IAAO,gBAAQ;","names":[]}

package/package.json

@@ -0,0 +1,58 @@
+{
+  "name": "@vafast/request-logger",
+  "version": "0.1.0",
+  "description": "API request logging middleware for Vafast with sensitive data sanitization",
+  "type": "module",
+  "main": "./dist/index.js",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "default": "./dist/index.js"
+    }
+  },
+  "keywords": [
+    "vafast",
+    "request-logger",
+    "api-logs",
+    "middleware",
+    "mongodb",
+    "typescript"
+  ],
+  "scripts": {
+    "clean": "rimraf dist",
+    "build": "tsup",
+    "dev": "bun run --hot example/index.ts",
+    "test": "bun test",
+    "test:types": "tsc --noEmit",
+    "prepublishOnly": "npm run build",
+    "release": "npm run build && npm publish --access=public"
+  },
+  "license": "MIT",
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "dependencies": {},
+  "devDependencies": {
+    "@types/node": "^22.15.30",
+    "mongodb": "^6.16.0",
+    "rimraf": "^6.0.1",
+    "tsup": "^8.5.1",
+    "typescript": "^5.4.5",
+    "vafast": "^0.3.9"
+  },
+  "peerDependencies": {
+    "vafast": ">= 0.3.0",
+    "mongodb": ">= 6.0.0"
+  },
+  "peerDependenciesMeta": {
+    "mongodb": {
+      "optional": true
+    }
+  }
+}
+