npm - @vafast/request-logger - Versions diffs - 0.2.3 → 0.3.2 - Mend

@vafast/request-logger 0.2.3 → 0.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md CHANGED Viewed

@@ -1,169 +1,116 @@
 # @vafast/request-logger
-API request logging middleware for Vafast with automatic sensitive data sanitization.
+API 请求日志中间件，将日志提交到远程日志服务。
-## Features
-- 📝 Automatic API request/response logging
-- 🔒 Built-in sensitive data sanitization (passwords, tokens, etc.)
-- 🔌 Pluggable storage adapters (MongoDB, Console, Custom)
-- ⚡ Non-blocking async logging
-- 🚫 Path exclusion support
-- 📊 Request duration tracking
-## Installation
+## 安装
 ```bash
 npm install @vafast/request-logger
-# or
-npm install @vafast/request-logger
-```
-## Quick Start
-### With MongoDB
-```typescript
-import { Server } from 'vafast'
-import { createRequestLogger, createMongoAdapter } from '@vafast/request-logger'
-import { mongoDb } from './mongodb'
-const server = new Server(routes)
-// Create request logger middleware
-const requestLogger = createRequestLogger({
-  storage: createMongoAdapter(mongoDb, 'logs', 'logsResponse'),
-  excludePaths: ['/health', '/metrics', '/performance/add'],
-  getUserId: (req) => {
-    const locals = getLocals(req)
-    return locals?.userInfo?.id
-  },
-})
-server.use(requestLogger)
 ```
-### Development (Console)
+## 使用
 ```typescript
-import { createRequestLogger, createConsoleAdapter } from '@vafast/request-logger'
-const requestLogger = createRequestLogger({
-  storage: createConsoleAdapter(),
-})
+import { requestLogger } from '@vafast/request-logger'
+server.use(requestLogger({
+  url: 'http://log-server:9005/api/logs/ingest',
+  service: 'my-service',
+  headers: { Authorization: 'Bearer apiKeyId:apiKeySecret' },
+  onError: (err) => console.error('日志记录失败', err),
+}))
 ```
-## Sensitive Data Sanitization
-The middleware automatically sanitizes sensitive data before logging:
+业务字段（appId、authType、ip、traceId 等）由日志服务端从 headers 自动解析。
-| Original | Sanitized |
-|----------|-----------|
-| `{ password: "abc123" }` | `{ password: "[REDACTED]" }` |
-| `Authorization: "Bearer eyJhbG..."` | `Authorization: "Bearer eyJh****bG..."` |
-| `Cookie: "session=xxx"` | `Cookie: "[REDACTED]"` |
-| `{ apiKey: "sk-1234567890abcdef" }` | `{ apiKey: "sk-1****cdef" }` |
+## 配置
-### Default Removed Fields
+| 参数 | 类型 | 必填 | 默认值 | 说明 |
+|------|------|------|--------|------|
+| `url` | `string` | 是 | - | 日志服务 URL |
+| `service` | `string` | 是 | - | 服务标识 |
+| `headers` | `Record<string, string>` | 否 | `{}` | 自定义请求头（如认证） |
+| `timeout` | `number` | 否 | `5000` | 超时时间（毫秒） |
+| `sanitize` | `SanitizeConfig` | 否 | - | 敏感数据清洗配置 |
+| `onError` | `(err) => void` | 否 | `console.error` | 错误回调 |
+| `enabled` | `boolean` | 否 | `true` | 是否启用 |
-- `password`, `newPassword`, `oldPassword`
-- `secret`, `secretKey`, `privateKey`
-- `apiSecret`, `clientSecret`
+## 路由级别控制
-### Default Masked Fields (partial)
-- `token`, `accessToken`, `refreshToken`
-- `authorization`, `apiKey`, `bearer`
-### Custom Sanitization
+在路由定义中设置 `log: false` 跳过日志记录：
 ```typescript
-const requestLogger = createRequestLogger({
-  storage: adapter,
-  sanitize: {
-    removeFields: ['password', 'ssn', 'creditCard'],
-    maskFields: ['token', 'apiKey', 'phoneNumber'],
-    placeholder: '***HIDDEN***',
-  },
-})
-```
+// 单个路由
+{ method: 'GET', path: '/health', log: false, handler: ... }
-## Configuration
-```typescript
-interface RequestLoggerConfig {
-  /** Storage adapter (required) */
-  storage: StorageAdapter
-  /** Paths to exclude from logging */
-  excludePaths?: (string | RegExp)[]
-  /** Sanitization config */
-  sanitize?: SanitizeConfig
-  /** Function to get user ID from request */
-  getUserId?: (req: Request) => string | undefined
-  /** Error callback */
-  onError?: (error: Error) => void
-  /** Enable/disable logging @default true */
-  enabled?: boolean
-}
-```
-## Custom Storage Adapter
-```typescript
-import type { StorageAdapter } from '@vafast/request-logger'
-const myAdapter: StorageAdapter = {
-  async saveRequestLog(log) {
-    // Save to your database
-    const id = await myDb.insert('request_logs', log)
-    return id
-  },
-  async saveResponseLog(log) {
-    // Save response details
-    await myDb.insert('response_logs', log)
-  },
+// 父路由设置，子路由继承
+{
+  path: '/internal',
+  log: false,
+  children: [
+    { method: 'GET', path: '/metrics', handler: ... },
+    { method: 'GET', path: '/status', handler: ... },
+  ]
 }
 ```
-## Log Structure
+## 日志数据格式
-### Request Log
+发送到日志服务的数据结构：
 ```typescript
 {
   method: 'POST',
-  url: 'http://localhost:3000/api/users',
+  url: 'http://example.com/api/users?page=1',
   path: '/api/users',
-  headers: { /* sanitized */ },
-  body: { /* sanitized */ },
-  query: {},
+  headers: { ... },
+  body: { ... },
+  query: { page: '1' },
+  status: 200,
+  duration: 50,
+  service: 'my-service',
+  userId: 'user123',
+  appId: 'app456',
+  authType: 'jwt',
+  ip: '192.168.1.1',
+  userAgent: 'Mozilla/5.0...',
+  traceId: 'trace789',
+  createdAt: '2024-01-01T00:00:00.000Z',
   response: {
     success: true,
     message: 'OK',
     code: 0,
   },
-  status: 200,
-  duration: 15,
-  userId: '123',
-  createdAt: Date,
+  responseData: { ... },
 }
 ```
-### Response Log
+## 敏感数据脱敏
+默认自动脱敏以下字段：
+- `password`, `pwd`, `secret`, `token`
+- `authorization`, `cookie`, `x-api-key`
+- `accessToken`, `refreshToken`, `apiKey`
+自定义脱敏配置：
 ```typescript
-{
-  requestLogId: 'abc123',
-  success: true,
-  message: 'OK',
-  code: 0,
-  data: { /* sanitized response data */ },
-  createdAt: Date,
-}
+requestLogger({
+  url: '...',
+  service: '...',
+  sanitize: {
+    fields: ['password', 'creditCard', 'ssn'],
+    mask: '******',
+    deep: true,
+  },
+})
 ```
-## License
-MIT
+## 特性
+- 异步非阻塞（不影响响应速度）
+- 自动敏感数据脱敏
+- 路由级别日志控制
+- 支持多租户（appId）
+- 支持分布式追踪（traceId）

package/dist/index.d.mts CHANGED Viewed

@@ -41,122 +41,73 @@ declare function sanitize<T>(data: T, config?: SanitizeConfig, depth?: number):
 declare function sanitizeHeaders(headers: Record<string, string>, config?: SanitizeConfig): Record<string, string>;
 //#endregion
 //#region src/index.d.ts
-interface RequestLog {
+/** 请求信息 */
+interface RequestData {
   method: string;
   url: string;
   path: string;
   headers: Record<string, string>;
   body: unknown;
   query: Record<string, string>;
-  response: {
-    success?: boolean;
-    message?: string;
-    code?: number;
-  };
   status: number;
   duration: number;
   userId?: string;
   appId?: string;
-  /** 认证类型（由调用方定义，如 apiKey、jwt 等） */
   authType?: string;
-  /** 服务标识（区分不同服务，如 auth-server、ones-server） */
   service?: string;
+  ip?: string;
+  userAgent?: string;
+  traceId?: string;
   createdAt: Date;
 }
-interface ResponseLog {
-  requestLogId: string;
+/** 响应信息 */
+interface ResponseData {
   success?: boolean;
   message?: string;
   code?: number;
   data?: unknown;
-  createdAt: Date;
 }
-/**
- * 存储适配器接口
- */
-interface StorageAdapter {
-  /** 存储请求日志 */
-  saveRequestLog(log: RequestLog): Promise<string>;
-  /** 存储响应详情 */
-  saveResponseLog(log: ResponseLog): Promise<void>;
+/** 完整日志数据 */
+interface LogData {
+  request: RequestData;
+  response: ResponseData;
 }
-interface RequestLoggerConfig {
-  /** 存储适配器 */
-  storage: StorageAdapter;
+/** 请求日志配置 */
+interface RequestLoggerOptions {
+  /** 日志服务 URL */
+  url: string;
+  /** 服务标识（如 auth-server、ones-server） */
+  service: string;
+  /** 自定义请求头（如认证信息） */
+  headers?: Record<string, string>;
+  /** 超时时间（毫秒），默认 5000 */
+  timeout?: number;
   /** 敏感数据清洗配置 */
   sanitize?: SanitizeConfig;
-  /** 获取用户 ID 的函数 */
-  getUserId?: (req: Request) => string | undefined;
-  /** 获取应用 ID 的函数（用于多租户） */
-  getAppId?: (req: Request) => string | undefined;
-  /** 获取认证类型的函数（如 apiKey、jwt 等） */
-  getAuthType?: (req: Request) => string | undefined;
-  /** 服务标识（区分不同服务，如 auth-server、ones-server） */
-  service?: string;
   /** 错误回调 */
   onError?: (error: Error) => void;
   /** 是否启用 @default true */
   enabled?: boolean;
+  /** 排除的路径列表（精确匹配或正则），这些路径不记录日志 */
+  excludePaths?: (string | RegExp)[];
 }
 /**
- * 创建请求日志中间件
- *
- * 日志排除：在路由定义中设置 log: false，支持嵌套继承（父路由设置会自动继承给子路由）
- *
- * @example
- * ```typescript
- * import { createRequestLogger, createMongoAdapter } from '@vafast/request-logger'
- * import { mongoDb } from './mongodb'
- *
- * const requestLogger = createRequestLogger({
- *   storage: createMongoAdapter(mongoDb, 'logs', 'logsResponse'),
- *   getUserId: (req) => (req as any).__locals?.userInfo?.id,
- * })
- *
- * server.use(requestLogger)
- * ```
- *
- * 在路由定义中使用 log: false（支持嵌套继承）：
- * ```typescript
- * // 单个路由
- * { method: 'GET', path: '/health', log: false, handler: ... }
- *
- * // 父路由设置，所有子路由继承
- * {
- *   path: '/logs',
- *   log: false,  // 所有子路由都不记录日志
- *   children: [
- *     { method: 'POST', path: '/find', handler: ... },
- *     { method: 'POST', path: '/search', handler: ... },
- *   ]
- * }
- * ```
- */
-declare function createRequestLogger(config: RequestLoggerConfig): vafast0.TypedMiddleware<object>;
-/**
- * 创建 MongoDB 存储适配器
+ * 请求日志中间件
  *
  * @example
  * ```typescript
- * import { Db } from 'mongodb'
- * import { createMongoAdapter } from '@vafast/request-logger'
+ * import { requestLogger } from '@vafast/request-logger'
  *
- * const adapter = createMongoAdapter(db, 'logs', 'logsResponse')
+ * server.use(requestLogger({
+ *   url: 'http://log-server:9005/api/logs/ingest',
+ *   service: 'auth-server',
+ *   auth: { apiKeyId: 'xxx', apiKeySecret: 'yyy' },
+ * }))
  * ```
  */
-declare function createMongoAdapter(db: {
-  collection: (name: string) => {
-    insertOne: (doc: any) => Promise<{
-      insertedId: {
-        toHexString: () => string;
-      };
-    }>;
-  };
-}, logsCollection?: string, logsResponseCollection?: string): StorageAdapter;
-/**
- * 创建控制台存储适配器（用于开发调试）
- */
-declare function createConsoleAdapter(): StorageAdapter;
+declare function requestLogger(options: RequestLoggerOptions): vafast0.TypedMiddleware<object>;
+/** @deprecated 使用 requestLogger 代替 */
+declare const createRequestLogger: typeof requestLogger;
 //#endregion
-export { RequestLog, RequestLoggerConfig, ResponseLog, type SanitizeConfig, StorageAdapter, createConsoleAdapter, createMongoAdapter, createRequestLogger, createRequestLogger as default, sanitize, sanitizeHeaders };
+export { LogData, RequestData, RequestLoggerOptions, ResponseData, type SanitizeConfig, createRequestLogger, requestLogger as default, requestLogger, sanitize, sanitizeHeaders };
 //# sourceMappingURL=index.d.mts.map

package/dist/index.d.mts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.mts","names":[],"sources":["../src/sanitize.ts","../src/index.ts"],"sourcesContent":[],"mappings":";;;;;;;AAQA;AA+DA;AAAkC,UA/DjB,cAAA,CA+DiB;EAAY;EAA4B,YAAA,CAAA,EAAA,MAAA,EAAA;EAAC;EA+D3D,UAAA,CAAA,EAAA,MAAe,EAAA;EACpB;EACA,WAAA,CAAA,EAAA,MAAA;EACR;EAAM,QAAA,CAAA,EAAA,MAAA;;;;~~ACvHT~~;;;;;~~AAuBA~~;~~AAYA;;AAEmC~~,~~iBDgBnB~~,~~QChBmB~~,CAAA,CAAA,CAAA,CAAA,IAAA,~~EDgBD~~,~~CChBC~~,EAAA,MAAA,CAAA,~~EDgBW~~,~~cChBX~~,EAAA,KAAA,CAAA,EAAA,MAAA,CAAA,~~EDgBuC~~,~~CChBvC;;;;AAKnC;;;;;;;AAcyB~~,~~iBD4DT,~~eAAA,~~CC5DS~~,~~OAAA~~,~~ED6Dd~~,~~MC7Dc~~,~~CAAA,~~MAAA,EAAA,MAAA~~,CAAA,EAAA,MAAA,CAAA,ED8Dd,cC9Dc,CAAA,ED~~+~~DtB~~,~~MC/DsB,CAAA,MAAA,EAAA,MAAA,CAAA;;;UAxDR,UAAA;;EDVA,~~GAAA,EAAA,~~MAAA~~;~~EA+DD~~,IAAA,EAAA,~~MAAQ~~;~~EAAU~~,OAAA,~~ECjDvB~~,~~MDiDuB~~,CAAA,MAAA,EAAA,MAAA,CAAA;~~EAAY~~,IAAA,EAAA,OAAA;~~EAA4B~~,KAAA,~~EC/CjE~~,~~MD+CiE~~,CAAA,MAAA,EAAA,MAAA,CAAA;~~EAAC,QAAA,EAAA;IA~~+D3D,~~OAAA~~,~~CAAA,~~EAAA,~~OAAe~~;~~IACpB~~,~~OAAA~~,~~CAAA,~~EAAA,MAAA;~~IACA~~,~~IAAA~~,CAAA,EAAA,MAAA;EACR,CAAA~~;EAAM~~,~~MAAA,~~EAAA,MAAA~~;;;;ECvHQ~~;~~EAIN~~,QAAA,CAAA,EAAA,MAAA~~;EAEF;EAcI~~,OAAA,CAAA,EAAA,~~MAAA~~;~~EAAI~~,SAAA,~~EAAJ~~,~~IAAI;AAGjB;AAYiB~~,~~UAZA~~,~~WAAA,CAYc;EAET,~~YAAA,~~EAAA,MAAA~~;~~EAAa~~,OAAA,CAAA,EAAA,~~OAAA~~;~~EAEZ~~,OAAA,CAAA,~~EAAA~~,MAAA;~~EAAc~~,IAAA,CAAA,EAAA,MAAA;~~EAAO~~,IAAA,CAAA,EAAA,OAAA~~;EAG3B~~,~~SAAA~~,~~EAbJ~~,~~IAaI;;;;;AAUK,UAjBL,cAAA,CAiBK~~;~~EAIF;EAAK~~,~~cAAA~~,~~CAAA~~,~~GAAA,EAnBH,UAmBG,CAAA,EAnBU,OAmBV,CAAA,MAAA,CAAA~~;~~EAyCT;EAoKA~~,~~eAAA~~,~~CAAA~~,~~GAAA,EA9NO,WA+N0C,CAAA,EA/N5B,OAkOlC,CAAA,IAAA,CAAA~~;~~AA2BH;UA1PiB~~,~~mBAAA~~;;~~WAEN;;aAEE;;~~oBAEO~~;;mBAED;;sBAEG~~;;;;~~oBAIF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAyCJ~~,~~mBAAA~~,~~SAA4B~~,~~sBAAmB~~,OAAA,CAAA~~;;;;;;;;;;;;iBAoK/C,kBAAA~~;;~~6BACiD;;;;;;8DAG9D;;;;iBA2Ba~~,~~oBAAA,CAAA,GAAwB~~"}
1	+ {"version":3,"file":"index.d.mts","names":[],"sources":["../src/sanitize.ts","../src/index.ts"],"sourcesContent":[],"mappings":";;;;;;;AAQA;AA+DA;AAAkC,UA/DjB,cAAA,CA+DiB;EAAY;EAA4B,YAAA,CAAA,EAAA,MAAA,EAAA;EAAC;EA+D3D,UAAA,CAAA,EAAA,MAAe,EAAA;EACpB;EACA,WAAA,CAAA,EAAA,MAAA;EACR;EAAM,QAAA,CAAA,EAAA,MAAA;;;;AC/GT;;;;;AAoBA;AAQA;AAMA;AAMY,iBDKI,QCLJ,CAAA,CAAA,CAAA,CAAA,IAAA,EDKsB,CCLtB,EAAA,MAAA,CAAA,EDKkC,cCLlC,EAAA,KAAA,CAAA,EAAA,MAAA,CAAA,EDK8D,CCL9D;;;;;AA8BZ;AAkCA;;;;;iBDIgB,eAAA,UACL,iCACA,iBACR;;;;UC/Gc,WAAA;EDlBA,MAAA,EAAA,MAAA;EA+DD,GAAA,EAAA,MAAQ;EAAU,IAAA,EAAA,MAAA;EAAY,OAAA,ECzCnC,MDyCmC,CAAA,MAAA,EAAA,MAAA,CAAA;EAA4B,IAAA,EAAA,OAAA;EAAC,KAAA,ECvClE,MDuCkE,CAAA,MAAA,EAAA,MAAA,CAAA;EA+D3D,MAAA,EAAA,MAAA;EACL,QAAA,EAAA,MAAA;EACA,MAAA,CAAA,EAAA,MAAA;EACR,KAAA,CAAA,EAAA,MAAA;EAAM,QAAA,CAAA,EAAA,MAAA;;;;EC/GQ,OAAA,CAAA,EAAA,MAAW;EAIjB,SAAA,EAYE,IAZF;;;AAYM,UAIA,YAAA,CAJA;EAIA,OAAA,CAAA,EAAA,OAAY;EAQZ,OAAA,CAAA,EAAO,MAAA;EAMP,IAAA,CAAA,EAAA,MAAA;EAML,IAAA,CAAA,EAAA,OAAA;;;AAUe,UAtBV,OAAA,CAsBU;EAAM,OAAA,EArBtB,WAqBsB;EAoBjB,QAAA,EAxCJ,YAwCiB;AAkC7B;;UAtEiB,oBAAA;;;;;;YAML;;;;aAIC;;oBAEO;;;;2BAIO;;;;;;;;;;;;;;;;iBAoBX,aAAA,UAAuB,uBAAoB,OAAA,CAAA;;cAkC9C,4BAAmB"}

package/dist/index.mjs CHANGED Viewed

@@ -105,73 +105,60 @@ function sanitizeHeaders(headers, config) {
 //#endregion
 //#region src/index.ts
 /**
-* @vafast/request-logger - API request logging middleware for Vafast
+* @vafast/request-logger - API 请求日志中间件
 *
-* Features:
-* - Automatic sensitive data sanitization
-* - Pluggable storage adapters (MongoDB, custom)
-* - Async logging (non-blocking)
-* - Route-level log control (log: false in route definition, supports inheritance)
-*
-* Uses vafast RouteRegistry to query route configurations at runtime,
-* similar to @vafast/webhook implementation.
-*/
-/**
-* 创建请求日志中间件
-*
-* 日志排除：在路由定义中设置 log: false，支持嵌套继承（父路由设置会自动继承给子路由）
+* 特性：
+* - 自动敏感数据脱敏
+* - HTTP 远程日志服务
+* - 异步非阻塞记录
+* - 路由级别日志控制（路由定义中设置 log: false）
 *
 * @example
 * ```typescript
-* import { createRequestLogger, createMongoAdapter } from '@vafast/request-logger'
-* import { mongoDb } from './mongodb'
-*
-* const requestLogger = createRequestLogger({
-*   storage: createMongoAdapter(mongoDb, 'logs', 'logsResponse'),
-*   getUserId: (req) => (req as any).__locals?.userInfo?.id,
-* })
+* import { requestLogger } from '@vafast/request-logger'
 *
-* server.use(requestLogger)
+* server.use(requestLogger({
+*   url: 'http://log-server:9005/api/logs/ingest',
+*   service: 'auth-server',
+*   getUserId: (req) => req.__locals?.userInfo?.id,
+* }))
 * ```
+*/
+/**
+* 请求日志中间件
 *
-* 在路由定义中使用 log: false（支持嵌套继承）：
+* @example
 * ```typescript
-* // 单个路由
-* { method: 'GET', path: '/health', log: false, handler: ... }
+* import { requestLogger } from '@vafast/request-logger'
 *
-* // 父路由设置，所有子路由继承
-* {
-*   path: '/logs',
-*   log: false,  // 所有子路由都不记录日志
-*   children: [
-*     { method: 'POST', path: '/find', handler: ... },
-*     { method: 'POST', path: '/search', handler: ... },
-*   ]
-* }
+* server.use(requestLogger({
+*   url: 'http://log-server:9005/api/logs/ingest',
+*   service: 'auth-server',
+*   auth: { apiKeyId: 'xxx', apiKeySecret: 'yyy' },
+* }))
 * ```
 */
-function createRequestLogger(config) {
-	const { storage, sanitize: sanitizeConfig, getUserId, getAppId, getAuthType, service, onError = console.error, enabled = true } = config;
+function requestLogger(options) {
+	const { url, service, headers = {}, timeout = 5e3, sanitize: sanitizeConfig, onError = console.error, enabled = true, excludePaths = [] } = options;
 	return defineMiddleware(async (req, next) => {
 		if (!enabled) return next();
 		const startTime = Date.now();
 		const response = await next();
 		recordLog(req, response, startTime, {
-			storage,
-			sanitizeConfig,
-			getUserId,
-			getAppId,
-			getAuthType,
+			url,
 			service,
-			onError
+			headers,
+			timeout,
+			sanitizeConfig,
+			onError,
+			excludePaths
 		}).catch(onError);
 		return response;
 	});
 }
-/**
-* 检查路由是否配置了 log: false
-* 使用 vafast RouteRegistry 查询路由配置（支持嵌套继承）
-*/
+/** @deprecated 使用 requestLogger 代替 */
+const createRequestLogger = requestLogger;
+/** 检查路由是否配置了 log: false */
 function shouldSkipLog(method, path) {
 	try {
 		return getRoute(method, path)?.log === false;
@@ -179,15 +166,35 @@ function shouldSkipLog(method, path) {
 		return false;
 	}
 }
+/** 检查路径是否在排除列表中 */
+function isPathExcluded(path, excludePaths) {
+	return excludePaths.some((pattern) => {
+		if (typeof pattern === "string") return path === pattern || path.startsWith(pattern + "/");
+		return pattern.test(path);
+	});
+}
+/** 带超时的 fetch */
+async function fetchWithTimeout(targetUrl, options, timeout) {
+	const controller = new AbortController();
+	const timeoutId = setTimeout(() => controller.abort(), timeout);
+	try {
+		return await fetch(targetUrl, {
+			...options,
+			signal: controller.signal
+		});
+	} finally {
+		clearTimeout(timeoutId);
+	}
+}
 async function recordLog(req, response, startTime, options) {
-	const { storage, sanitizeConfig, getUserId, getAppId, getAuthType, service } = options;
-	const url = new URL(req.url);
-	const path = url.pathname;
+	const { url: logUrl, service, headers: customHeaders, timeout, sanitizeConfig, onError, excludePaths } = options;
+	const reqUrl = new URL(req.url);
+	const path = reqUrl.pathname;
+	if (isPathExcluded(path, excludePaths)) return;
 	if (shouldSkipLog(req.method, path)) return;
 	let body = null;
 	try {
-		const clonedReq = req.clone();
-		if ((req.headers.get("content-type") || "").includes("application/json")) body = await clonedReq.json();
+		if ((req.headers.get("content-type") || "").includes("application/json")) body = await req.clone().json();
 	} catch {}
 	let responseData = {};
 	try {
@@ -200,88 +207,40 @@ async function recordLog(req, response, startTime, options) {
 	const sanitizedHeaders = sanitizeHeaders(headers, sanitizeConfig);
 	const sanitizedBody = sanitize(body, sanitizeConfig);
 	const sanitizedResponseData = sanitize(responseData.data, sanitizeConfig);
-	const now = /* @__PURE__ */ new Date();
-	const duration = Date.now() - startTime;
-	const userId = getUserId?.(req);
-	const appId = getAppId?.(req);
-	const authType = getAuthType?.(req);
-	const requestLogId = await storage.saveRequestLog({
+	const logBody = {
 		method: req.method,
 		url: req.url,
 		path,
 		headers: sanitizedHeaders,
 		body: sanitizedBody,
-		query: Object.fromEntries(url.searchParams),
+		query: Object.fromEntries(reqUrl.searchParams),
+		status: response.status,
+		duration: Date.now() - startTime,
+		service,
+		createdAt: (/* @__PURE__ */ new Date()).toISOString(),
 		response: {
 			success: responseData.success,
 			message: responseData.message,
 			code: responseData.code
 		},
-		status: response.status,
-		duration,
-		userId,
-		appId,
-		authType,
-		service,
-		createdAt: now
-	});
-	await storage.saveResponseLog({
-		requestLogId,
-		success: responseData.success,
-		message: responseData.message,
-		code: responseData.code,
-		data: sanitizedResponseData,
-		createdAt: now
-	});
-}
-/**
-* 创建 MongoDB 存储适配器
-*
-* @example
-* ```typescript
-* import { Db } from 'mongodb'
-* import { createMongoAdapter } from '@vafast/request-logger'
-*
-* const adapter = createMongoAdapter(db, 'logs', 'logsResponse')
-* ```
-*/
-function createMongoAdapter(db, logsCollection = "logs", logsResponseCollection = "logsResponse") {
-	return {
-		async saveRequestLog(log) {
-			return (await db.collection(logsCollection).insertOne({
-				...log,
-				createAt: log.createdAt,
-				updateAt: log.createdAt
-			})).insertedId.toHexString();
-		},
-		async saveResponseLog(log) {
-			await db.collection(logsResponseCollection).insertOne({
-				logsId: log.requestLogId,
-				...log,
-				createAt: log.createdAt,
-				updateAt: log.createdAt
-			});
-		}
-	};
-}
-/**
-* 创建控制台存储适配器（用于开发调试）
-*/
-function createConsoleAdapter() {
-	let idCounter = 0;
-	return {
-		async saveRequestLog(log) {
-			const id = `log_${++idCounter}`;
-			console.log(`[REQUEST] ${log.method} ${log.path} ${log.status} ${log.duration}ms`);
-			return id;
-		},
-		async saveResponseLog(log) {
-			if (!log.success) console.log(`[RESPONSE ERROR] ${log.message}`);
-		}
+		responseData: sanitizedResponseData
 	};
+	try {
+		const res = await fetchWithTimeout(logUrl, {
+			method: "POST",
+			headers: {
+				"Content-Type": "application/json",
+				...customHeaders
+			},
+			body: JSON.stringify(logBody)
+		}, timeout);
+		if (!res.ok) throw new Error(`HTTP ${res.status}: ${res.statusText}`);
+	} catch (error) {
+		onError(error);
+	}
 }
-var src_default = createRequestLogger;
+var src_default = requestLogger;
 //#endregion
-export { createConsoleAdapter, createMongoAdapter, createRequestLogger, src_default as default, sanitize, sanitizeHeaders };
+export { createRequestLogger, src_default as default, requestLogger, sanitize, sanitizeHeaders };
 //# sourceMappingURL=index.mjs.map

package/dist/index.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.mjs","names":[],"sources":["../src/sanitize.ts","../src/index.ts"],"sourcesContent":["/*\n 敏感数据清洗工具\n * \n * 用于在记录日志前移除或脱敏敏感信息\n /\n\n// ============ Types ============\n\nexport interface SanitizeConfig {\n /* 需要完全移除的字段（小写） /\n removeFields?: string[]\n /* 需要脱敏的字段（小写，部分匹配） /\n maskFields?: string[]\n /* 脱敏占位符 @default '[REDACTED]' /\n placeholder?: string\n /* 最大递归深度 @default 10 /\n maxDepth?: number\n}\n\n// ============ Default Config ============\n\n/* 默认需要完全移除的敏感字段 /\nconst DEFAULT_REMOVE_FIELDS = [\n 'password',\n 'newpassword',\n 'oldpassword',\n 'confirmpassword',\n 'secret',\n 'secretkey',\n 'privatekey',\n 'apisecret',\n 'clientsecret',\n]\n\n/* 默认需要脱敏的字段（保留部分信息） /\nconst DEFAULT_MASK_FIELDS = [\n 'token',\n 'accesstoken',\n 'refreshtoken',\n 'authorization',\n 'apikey',\n 'api_key',\n 'x-api-key',\n 'idtoken',\n 'sessiontoken',\n 'bearer',\n]\n\nconst DEFAULT_PLACEHOLDER = '[REDACTED]'\nconst DEFAULT_MAX_DEPTH = 10\n\n// ============ Sanitize Functions ============\n\n/\n 部分脱敏（保留前4后4位）\n /\nfunction partialMask(value: string, placeholder: string): string {\n if (value.length <= 8) return placeholder\n return value.slice(0, 4) + '*' + value.slice(-4)\n}\n\n/\n * 深度清洗对象中的敏感数据\n * \n * @example\n * ```typescript\n * const data = { password: '123456', token: 'eyJhbG...' }\n * const sanitized = sanitize(data)\n * // { password: '[REDACTED]', token: 'eyJh***...' }\n ```\n /\nexport function sanitize<T>(data: T, config?: SanitizeConfig, depth = 0): T {\n const {\n removeFields = DEFAULT_REMOVE_FIELDS,\n maskFields = DEFAULT_MASK_FIELDS,\n placeholder = DEFAULT_PLACEHOLDER,\n maxDepth = DEFAULT_MAX_DEPTH,\n } = config ?? {}\n\n // 防止无限递归\n if (depth > maxDepth) return data\n \n if (data === null \|\| data === undefined) {\n return data\n }\n\n // 处理数组\n if (Array.isArray(data)) {\n return data.map(item => sanitize(item, config, depth + 1)) as T\n }\n\n // 处理对象\n if (typeof data === 'object') {\n const result: Record<string, unknown> = {}\n \n for (const [key, value] of Object.entries(data)) {\n const lowerKey = key.toLowerCase()\n \n // 完全移除的字段\n if (removeFields.some(field => lowerKey === field)) {\n result[key] = placeholder\n continue\n }\n \n // 部分脱敏的字段\n if (maskFields.some(field => lowerKey.includes(field))) {\n if (typeof value === 'string') {\n result[key] = partialMask(value, placeholder)\n } else {\n result[key] = placeholder\n }\n continue\n }\n \n // 递归处理嵌套对象\n result[key] = sanitize(value, config, depth + 1)\n }\n \n return result as T\n }\n\n return data\n}\n\n/\n 清洗 HTTP 请求头\n * \n * @example\n * ```typescript\n * const headers = { Authorization: 'Bearer eyJhbG...', Cookie: 'session=xxx' }\n * const sanitized = sanitizeHeaders(headers)\n * // { Authorization: 'Bearer eyJh***...', Cookie: '[REDACTED]' }\n ```\n /\nexport function sanitizeHeaders(\n headers: Record<string, string>,\n config?: SanitizeConfig\n): Record<string, string> {\n const {\n maskFields = DEFAULT_MASK_FIELDS,\n placeholder = DEFAULT_PLACEHOLDER,\n } = config ?? {}\n\n const result: Record<string, string> = {}\n \n for (const [key, value] of Object.entries(headers)) {\n const lowerKey = key.toLowerCase()\n \n // Authorization 头部分脱敏\n if (lowerKey === 'authorization') {\n if (value.startsWith('Bearer ')) {\n result[key] = 'Bearer ' + partialMask(value.slice(7), placeholder)\n } else {\n result[key] = partialMask(value, placeholder)\n }\n continue\n }\n \n // Cookie 完全脱敏\n if (lowerKey === 'cookie' \|\| lowerKey === 'set-cookie') {\n result[key] = placeholder\n continue\n }\n \n // API Key 相关头脱敏\n if (maskFields.some(field => lowerKey.includes(field))) {\n result[key] = partialMask(value, placeholder)\n continue\n }\n \n result[key] = value\n }\n \n return result\n}\n\n/\n 检查值是否为敏感字段\n /\nexport function isSensitiveField(fieldName: string, config?: SanitizeConfig): boolean {\n const {\n removeFields = DEFAULT_REMOVE_FIELDS,\n maskFields = DEFAULT_MASK_FIELDS,\n } = config ?? {}\n\n const lowerName = fieldName.toLowerCase()\n \n return (\n removeFields.some(field => lowerName === field) \|\|\n maskFields.some(field => lowerName.includes(field))\n )\n}\n\n","/\n @vafast/request-logger - API request logging middleware for Vafast\n * \n * Features:\n * - Automatic sensitive data sanitization\n * - Pluggable storage adapters (MongoDB, custom)\n * - Async logging (non-blocking)\n * - Route-level log control (log: false in route definition, supports inheritance)\n * \n * Uses vafast RouteRegistry to query route configurations at runtime,\n * similar to @vafast/webhook implementation.\n /\nimport { defineMiddleware } from 'vafast'\nimport { getRoute } from 'vafast'\nimport { sanitize, sanitizeHeaders, type SanitizeConfig } from './sanitize'\n\n// ============ Types ============\n\nexport interface RequestLog {\n method: string\n url: string\n path: string\n headers: Record<string, string>\n body: unknown\n query: Record<string, string>\n response: {\n success?: boolean\n message?: string\n code?: number\n }\n status: number\n duration: number\n userId?: string\n appId?: string\n /* 认证类型（由调用方定义，如 apiKey、jwt 等） /\n authType?: string\n /* 服务标识（区分不同服务，如 auth-server、ones-server） /\n service?: string\n createdAt: Date\n}\n\nexport interface ResponseLog {\n requestLogId: string\n success?: boolean\n message?: string\n code?: number\n data?: unknown\n createdAt: Date\n}\n\n/\n 存储适配器接口\n /\nexport interface StorageAdapter {\n /* 存储请求日志 /\n saveRequestLog(log: RequestLog): Promise<string>\n /* 存储响应详情 /\n saveResponseLog(log: ResponseLog): Promise<void>\n}\n\nexport interface RequestLoggerConfig {\n /* 存储适配器 /\n storage: StorageAdapter\n /* 敏感数据清洗配置 /\n sanitize?: SanitizeConfig\n /* 获取用户 ID 的函数 /\n getUserId?: (req: Request) => string \| undefined\n /* 获取应用 ID 的函数（用于多租户） /\n getAppId?: (req: Request) => string \| undefined\n /* 获取认证类型的函数（如 apiKey、jwt 等） /\n getAuthType?: (req: Request) => string \| undefined\n /* 服务标识（区分不同服务，如 auth-server、ones-server） /\n service?: string\n /* 错误回调 /\n onError?: (error: Error) => void\n /* 是否启用 @default true /\n enabled?: boolean\n}\n\n// ============ Middleware Factory ============\n\n/\n 创建请求日志中间件\n * \n * 日志排除：在路由定义中设置 log: false，支持嵌套继承（父路由设置会自动继承给子路由）\n * \n * @example\n * ```typescript\n * import { createRequestLogger, createMongoAdapter } from '@vafast/request-logger'\n * import { mongoDb } from './mongodb'\n * \n * const requestLogger = createRequestLogger({\n * storage: createMongoAdapter(mongoDb, 'logs', 'logsResponse'),\n * getUserId: (req) => (req as any).__locals?.userInfo?.id,\n * })\n * \n * server.use(requestLogger)\n * ```\n * \n * 在路由定义中使用 log: false（支持嵌套继承）：\n * ```typescript\n * // 单个路由\n * { method: 'GET', path: '/health', log: false, handler: ... }\n * \n * // 父路由设置，所有子路由继承\n * {\n * path: '/logs',\n * log: false, // 所有子路由都不记录日志\n * children: [\n * { method: 'POST', path: '/find', handler: ... },\n * { method: 'POST', path: '/search', handler: ... },\n * ]\n * }\n * ```\n /\nexport function createRequestLogger(config: RequestLoggerConfig) {\n const {\n storage,\n sanitize: sanitizeConfig,\n getUserId,\n getAppId,\n getAuthType,\n service,\n onError = console.error,\n enabled = true,\n } = config\n\n return defineMiddleware(async (req, next) => {\n if (!enabled) {\n return next()\n }\n\n const startTime = Date.now()\n const response = await next()\n\n // 异步记录日志，不阻塞响应\n recordLog(req, response, startTime, {\n storage,\n sanitizeConfig,\n getUserId,\n getAppId,\n getAuthType,\n service,\n onError,\n }).catch(onError)\n\n return response\n })\n}\n\n// ============ Internal Functions ============\n\ninterface RecordLogOptions {\n storage: StorageAdapter\n sanitizeConfig?: SanitizeConfig\n getUserId?: (req: Request) => string \| undefined\n getAppId?: (req: Request) => string \| undefined\n getAuthType?: (req: Request) => string \| undefined\n service?: string\n onError: (error: Error) => void\n}\n\n/\n 检查路由是否配置了 log: false\n * 使用 vafast RouteRegistry 查询路由配置（支持嵌套继承）\n /\nfunction shouldSkipLog(method: string, path: string): boolean {\n try {\n // RouteRegistry 使用完整路径 (fullPath) 作为 key，直接查询\n const route = getRoute<{ log?: boolean }>(method, path)\n return route?.log === false\n } catch {\n // RouteRegistry 未初始化时忽略错误\n return false\n }\n}\n\nasync function recordLog(\n req: Request,\n response: Response,\n startTime: number,\n options: RecordLogOptions\n) {\n const { storage, sanitizeConfig, getUserId, getAppId, getAuthType, service } = options\n\n const url = new URL(req.url)\n const path = url.pathname\n\n // 检查路由定义中的 log: false（通过 RouteRegistry 查询，支持嵌套继承）\n if (shouldSkipLog(req.method, path)) {\n return\n }\n\n // 解析请求体\n let body: unknown = null\n try {\n const clonedReq = req.clone()\n const contentType = req.headers.get('content-type') \|\| ''\n if (contentType.includes('application/json')) {\n body = await clonedReq.json()\n }\n } catch {\n // 忽略解析错误\n }\n\n // 解析响应体\n let responseData: { success?: boolean; message?: string; code?: number; data?: unknown } = {}\n try {\n const clonedRes = response.clone()\n responseData = await clonedRes.json()\n } catch {\n // 忽略解析错误\n }\n\n // 提取请求头\n const headers: Record<string, string> = {}\n req.headers.forEach((value, key) => {\n headers[key] = value\n })\n\n // 清洗敏感数据\n const sanitizedHeaders = sanitizeHeaders(headers, sanitizeConfig)\n const sanitizedBody = sanitize(body, sanitizeConfig)\n const sanitizedResponseData = sanitize(responseData.data, sanitizeConfig)\n\n const now = new Date()\n const duration = Date.now() - startTime\n\n // 获取用户 ID、应用 ID 和认证类型\n const userId = getUserId?.(req)\n const appId = getAppId?.(req)\n const authType = getAuthType?.(req)\n\n // 存储请求日志\n const requestLogId = await storage.saveRequestLog({\n method: req.method,\n url: req.url,\n path,\n headers: sanitizedHeaders,\n body: sanitizedBody,\n query: Object.fromEntries(url.searchParams),\n response: {\n success: responseData.success,\n message: responseData.message,\n code: responseData.code,\n },\n status: response.status,\n duration,\n userId,\n appId,\n authType,\n service,\n createdAt: now,\n })\n\n // 存储响应详情\n await storage.saveResponseLog({\n requestLogId,\n success: responseData.success,\n message: responseData.message,\n code: responseData.code,\n data: sanitizedResponseData,\n createdAt: now,\n })\n}\n\n// ============ MongoDB Adapter ============\n\n/\n 创建 MongoDB 存储适配器\n * \n * @example\n * ```typescript\n * import { Db } from 'mongodb'\n * import { createMongoAdapter } from '@vafast/request-logger'\n * \n * const adapter = createMongoAdapter(db, 'logs', 'logsResponse')\n * ```\n /\nexport function createMongoAdapter(\n db: { collection: (name: string) => { insertOne: (doc: any) => Promise<{ insertedId: { toHexString: () => string } }> } },\n logsCollection: string = 'logs',\n logsResponseCollection: string = 'logsResponse'\n): StorageAdapter {\n return {\n async saveRequestLog(log: RequestLog): Promise<string> {\n const result = await db.collection(logsCollection).insertOne({\n ...log,\n createAt: log.createdAt,\n updateAt: log.createdAt,\n })\n return result.insertedId.toHexString()\n },\n\n async saveResponseLog(log: ResponseLog): Promise<void> {\n await db.collection(logsResponseCollection).insertOne({\n logsId: log.requestLogId,\n ...log,\n createAt: log.createdAt,\n updateAt: log.createdAt,\n })\n },\n }\n}\n\n// ============ Console Adapter (for development) ============\n\n/\n 创建控制台存储适配器（用于开发调试）\n */\nexport function createConsoleAdapter(): StorageAdapter {\n let idCounter = 0\n\n return {\n async saveRequestLog(log: RequestLog): Promise<string> {\n const id = `log_${++idCounter}`\n console.log(`[REQUEST] ${log.method} ${log.path} ${log.status} ${log.duration}ms`)\n return id\n },\n\n async saveResponseLog(log: ResponseLog): Promise<void> {\n if (!log.success) {\n console.log(`[RESPONSE ERROR] ${log.message}`)\n }\n },\n }\n}\n\n// ============ Re-exports ============\n\nexport { sanitize, sanitizeHeaders, type SanitizeConfig } from './sanitize'\nexport default createRequestLogger\n"],"mappings":";;;;AAsBA,MAAM,wBAAwB;CAC5B;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD;;AAGD,MAAM,sBAAsB;CAC1B;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD;AAED,MAAM,sBAAsB;AAC5B,MAAM,oBAAoB;;;;AAO1B,SAAS,YAAY,OAAe,aAA6B;AAC/D,KAAI,MAAM,UAAU,EAAG,QAAO;AAC9B,QAAO,MAAM,MAAM,GAAG,EAAE,GAAG,SAAS,MAAM,MAAM,GAAG;;;;;;;;;;;;AAarD,SAAgB,SAAY,MAAS,QAAyB,QAAQ,GAAM;CAC1E,MAAM,EACJ,eAAe,uBACf,aAAa,qBACb,cAAc,qBACd,WAAW,sBACT,UAAU,EAAE;AAGhB,KAAI,QAAQ,SAAU,QAAO;AAE7B,KAAI,SAAS,QAAQ,SAAS,OAC5B,QAAO;AAIT,KAAI,MAAM,QAAQ,KAAK,CACrB,QAAO,KAAK,KAAI,SAAQ,SAAS,MAAM,QAAQ,QAAQ,EAAE,CAAC;AAI5D,KAAI,OAAO,SAAS,UAAU;EAC5B,MAAM,SAAkC,EAAE;AAE1C,OAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,KAAK,EAAE;GAC/C,MAAM,WAAW,IAAI,aAAa;AAGlC,OAAI,aAAa,MAAK,UAAS,aAAa,MAAM,EAAE;AAClD,WAAO,OAAO;AACd;;AAIF,OAAI,WAAW,MAAK,UAAS,SAAS,SAAS,MAAM,CAAC,EAAE;AACtD,QAAI,OAAO,UAAU,SACnB,QAAO,OAAO,YAAY,OAAO,YAAY;QAE7C,QAAO,OAAO;AAEhB;;AAIF,UAAO,OAAO,SAAS,OAAO,QAAQ,QAAQ,EAAE;;AAGlD,SAAO;;AAGT,QAAO;;;;;;;;;;;;AAaT,SAAgB,gBACd,SACA,QACwB;CACxB,MAAM,EACJ,aAAa,qBACb,cAAc,wBACZ,UAAU,EAAE;CAEhB,MAAM,SAAiC,EAAE;AAEzC,MAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,QAAQ,EAAE;EAClD,MAAM,WAAW,IAAI,aAAa;AAGlC,MAAI,aAAa,iBAAiB;AAChC,OAAI,MAAM,WAAW,UAAU,CAC7B,QAAO,OAAO,YAAY,YAAY,MAAM,MAAM,EAAE,EAAE,YAAY;OAElE,QAAO,OAAO,YAAY,OAAO,YAAY;AAE/C;;AAIF,MAAI,aAAa,YAAY,aAAa,cAAc;AACtD,UAAO,OAAO;AACd;;AAIF,MAAI,WAAW,MAAK,UAAS,SAAS,SAAS,MAAM,CAAC,EAAE;AACtD,UAAO,OAAO,YAAY,OAAO,YAAY;AAC7C;;AAGF,SAAO,OAAO;;AAGhB,QAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AC1DT,SAAgB,oBAAoB,QAA6B;CAC/D,MAAM,EACJ,SACA,UAAU,gBACV,WACA,UACA,aACA,SACA,UAAU,QAAQ,OAClB,UAAU,SACR;AAEJ,QAAO,iBAAiB,OAAO,KAAK,SAAS;AAC3C,MAAI,CAAC,QACH,QAAO,MAAM;EAGf,MAAM,YAAY,KAAK,KAAK;EAC5B,MAAM,WAAW,MAAM,MAAM;AAG7B,YAAU,KAAK,UAAU,WAAW;GAClC;GACA;GACA;GACA;GACA;GACA;GACA;GACD,CAAC,CAAC,MAAM,QAAQ;AAEjB,SAAO;GACP;;;;;;AAmBJ,SAAS,cAAc,QAAgB,MAAuB;AAC5D,KAAI;AAGF,SADc,SAA4B,QAAQ,KAAK,EACzC,QAAQ;SAChB;AAEN,SAAO;;;AAIX,eAAe,UACb,KACA,UACA,WACA,SACA;CACA,MAAM,EAAE,SAAS,gBAAgB,WAAW,UAAU,aAAa,YAAY;CAE/E,MAAM,MAAM,IAAI,IAAI,IAAI,IAAI;CAC5B,MAAM,OAAO,IAAI;AAGjB,KAAI,cAAc,IAAI,QAAQ,KAAK,CACjC;CAIF,IAAI,OAAgB;AACpB,KAAI;EACF,MAAM,YAAY,IAAI,OAAO;AAE7B,OADoB,IAAI,QAAQ,IAAI,eAAe,IAAI,IACvC,SAAS,mBAAmB,CAC1C,QAAO,MAAM,UAAU,MAAM;SAEzB;CAKR,IAAI,eAAuF,EAAE;AAC7F,KAAI;AAEF,iBAAe,MADG,SAAS,OAAO,CACH,MAAM;SAC/B;CAKR,MAAM,UAAkC,EAAE;AAC1C,KAAI,QAAQ,SAAS,OAAO,QAAQ;AAClC,UAAQ,OAAO;GACf;CAGF,MAAM,mBAAmB,gBAAgB,SAAS,eAAe;CACjE,MAAM,gBAAgB,SAAS,MAAM,eAAe;CACpD,MAAM,wBAAwB,SAAS,aAAa,MAAM,eAAe;CAEzE,MAAM,sBAAM,IAAI,MAAM;CACtB,MAAM,WAAW,KAAK,KAAK,GAAG;CAG9B,MAAM,SAAS,YAAY,IAAI;CAC/B,MAAM,QAAQ,WAAW,IAAI;CAC7B,MAAM,WAAW,cAAc,IAAI;CAGnC,MAAM,eAAe,MAAM,QAAQ,eAAe;EAChD,QAAQ,IAAI;EACZ,KAAK,IAAI;EACT;EACA,SAAS;EACT,MAAM;EACN,OAAO,OAAO,YAAY,IAAI,aAAa;EAC3C,UAAU;GACR,SAAS,aAAa;GACtB,SAAS,aAAa;GACtB,MAAM,aAAa;GACpB;EACD,QAAQ,SAAS;EACjB;EACA;EACA;EACA;EACA;EACA,WAAW;EACZ,CAAC;AAGF,OAAM,QAAQ,gBAAgB;EAC5B;EACA,SAAS,aAAa;EACtB,SAAS,aAAa;EACtB,MAAM,aAAa;EACnB,MAAM;EACN,WAAW;EACZ,CAAC;;;;;;;;;;;;;AAgBJ,SAAgB,mBACd,IACA,iBAAyB,QACzB,yBAAiC,gBACjB;AAChB,QAAO;EACL,MAAM,eAAe,KAAkC;AAMrD,WALe,MAAM,GAAG,WAAW,eAAe,CAAC,UAAU;IAC3D,GAAG;IACH,UAAU,IAAI;IACd,UAAU,IAAI;IACf,CAAC,EACY,WAAW,aAAa;;EAGxC,MAAM,gBAAgB,KAAiC;AACrD,SAAM,GAAG,WAAW,uBAAuB,CAAC,UAAU;IACpD,QAAQ,IAAI;IACZ,GAAG;IACH,UAAU,IAAI;IACd,UAAU,IAAI;IACf,CAAC;;EAEL;;;;;AAQH,SAAgB,uBAAuC;CACrD,IAAI,YAAY;AAEhB,QAAO;EACL,MAAM,eAAe,KAAkC;GACrD,MAAM,KAAK,OAAO,EAAE;AACpB,WAAQ,IAAI,aAAa,IAAI,OAAO,GAAG,IAAI,KAAK,GAAG,IAAI,OAAO,GAAG,IAAI,SAAS,IAAI;AAClF,UAAO;;EAGT,MAAM,gBAAgB,KAAiC;AACrD,OAAI,CAAC,IAAI,QACP,SAAQ,IAAI,oBAAoB,IAAI,UAAU;;EAGnD;;AAMH,kBAAe"}
1	+ {"version":3,"file":"index.mjs","names":[],"sources":["../src/sanitize.ts","../src/index.ts"],"sourcesContent":["/*\n 敏感数据清洗工具\n * \n * 用于在记录日志前移除或脱敏敏感信息\n /\n\n// ============ Types ============\n\nexport interface SanitizeConfig {\n /* 需要完全移除的字段（小写） /\n removeFields?: string[]\n /* 需要脱敏的字段（小写，部分匹配） /\n maskFields?: string[]\n /* 脱敏占位符 @default '[REDACTED]' /\n placeholder?: string\n /* 最大递归深度 @default 10 /\n maxDepth?: number\n}\n\n// ============ Default Config ============\n\n/* 默认需要完全移除的敏感字段 /\nconst DEFAULT_REMOVE_FIELDS = [\n 'password',\n 'newpassword',\n 'oldpassword',\n 'confirmpassword',\n 'secret',\n 'secretkey',\n 'privatekey',\n 'apisecret',\n 'clientsecret',\n]\n\n/* 默认需要脱敏的字段（保留部分信息） /\nconst DEFAULT_MASK_FIELDS = [\n 'token',\n 'accesstoken',\n 'refreshtoken',\n 'authorization',\n 'apikey',\n 'api_key',\n 'x-api-key',\n 'idtoken',\n 'sessiontoken',\n 'bearer',\n]\n\nconst DEFAULT_PLACEHOLDER = '[REDACTED]'\nconst DEFAULT_MAX_DEPTH = 10\n\n// ============ Sanitize Functions ============\n\n/\n 部分脱敏（保留前4后4位）\n /\nfunction partialMask(value: string, placeholder: string): string {\n if (value.length <= 8) return placeholder\n return value.slice(0, 4) + '*' + value.slice(-4)\n}\n\n/\n * 深度清洗对象中的敏感数据\n * \n * @example\n * ```typescript\n * const data = { password: '123456', token: 'eyJhbG...' }\n * const sanitized = sanitize(data)\n * // { password: '[REDACTED]', token: 'eyJh***...' }\n ```\n /\nexport function sanitize<T>(data: T, config?: SanitizeConfig, depth = 0): T {\n const {\n removeFields = DEFAULT_REMOVE_FIELDS,\n maskFields = DEFAULT_MASK_FIELDS,\n placeholder = DEFAULT_PLACEHOLDER,\n maxDepth = DEFAULT_MAX_DEPTH,\n } = config ?? {}\n\n // 防止无限递归\n if (depth > maxDepth) return data\n \n if (data === null \|\| data === undefined) {\n return data\n }\n\n // 处理数组\n if (Array.isArray(data)) {\n return data.map(item => sanitize(item, config, depth + 1)) as T\n }\n\n // 处理对象\n if (typeof data === 'object') {\n const result: Record<string, unknown> = {}\n \n for (const [key, value] of Object.entries(data)) {\n const lowerKey = key.toLowerCase()\n \n // 完全移除的字段\n if (removeFields.some(field => lowerKey === field)) {\n result[key] = placeholder\n continue\n }\n \n // 部分脱敏的字段\n if (maskFields.some(field => lowerKey.includes(field))) {\n if (typeof value === 'string') {\n result[key] = partialMask(value, placeholder)\n } else {\n result[key] = placeholder\n }\n continue\n }\n \n // 递归处理嵌套对象\n result[key] = sanitize(value, config, depth + 1)\n }\n \n return result as T\n }\n\n return data\n}\n\n/\n 清洗 HTTP 请求头\n * \n * @example\n * ```typescript\n * const headers = { Authorization: 'Bearer eyJhbG...', Cookie: 'session=xxx' }\n * const sanitized = sanitizeHeaders(headers)\n * // { Authorization: 'Bearer eyJh***...', Cookie: '[REDACTED]' }\n ```\n /\nexport function sanitizeHeaders(\n headers: Record<string, string>,\n config?: SanitizeConfig\n): Record<string, string> {\n const {\n maskFields = DEFAULT_MASK_FIELDS,\n placeholder = DEFAULT_PLACEHOLDER,\n } = config ?? {}\n\n const result: Record<string, string> = {}\n \n for (const [key, value] of Object.entries(headers)) {\n const lowerKey = key.toLowerCase()\n \n // Authorization 头部分脱敏\n if (lowerKey === 'authorization') {\n if (value.startsWith('Bearer ')) {\n result[key] = 'Bearer ' + partialMask(value.slice(7), placeholder)\n } else {\n result[key] = partialMask(value, placeholder)\n }\n continue\n }\n \n // Cookie 完全脱敏\n if (lowerKey === 'cookie' \|\| lowerKey === 'set-cookie') {\n result[key] = placeholder\n continue\n }\n \n // API Key 相关头脱敏\n if (maskFields.some(field => lowerKey.includes(field))) {\n result[key] = partialMask(value, placeholder)\n continue\n }\n \n result[key] = value\n }\n \n return result\n}\n\n/\n 检查值是否为敏感字段\n /\nexport function isSensitiveField(fieldName: string, config?: SanitizeConfig): boolean {\n const {\n removeFields = DEFAULT_REMOVE_FIELDS,\n maskFields = DEFAULT_MASK_FIELDS,\n } = config ?? {}\n\n const lowerName = fieldName.toLowerCase()\n \n return (\n removeFields.some(field => lowerName === field) \|\|\n maskFields.some(field => lowerName.includes(field))\n )\n}\n\n","/\n @vafast/request-logger - API 请求日志中间件\n * \n * 特性：\n * - 自动敏感数据脱敏\n * - HTTP 远程日志服务\n * - 异步非阻塞记录\n * - 路由级别日志控制（路由定义中设置 log: false）\n * \n * @example\n * ```typescript\n * import { requestLogger } from '@vafast/request-logger'\n * \n * server.use(requestLogger({\n * url: 'http://log-server:9005/api/logs/ingest',\n * service: 'auth-server',\n * getUserId: (req) => req.__locals?.userInfo?.id,\n * }))\n * ```\n /\nimport { defineMiddleware, getRoute } from 'vafast'\nimport { sanitize, sanitizeHeaders, type SanitizeConfig } from './sanitize'\n\n// ============ Types ============\n\n/* 请求信息 /\nexport interface RequestData {\n method: string\n url: string\n path: string\n headers: Record<string, string>\n body: unknown\n query: Record<string, string>\n status: number\n duration: number\n userId?: string\n appId?: string\n authType?: string\n service?: string\n ip?: string\n userAgent?: string\n traceId?: string\n createdAt: Date\n}\n\n/* 响应信息 /\nexport interface ResponseData {\n success?: boolean\n message?: string\n code?: number\n data?: unknown\n}\n\n/* 完整日志数据 /\nexport interface LogData {\n request: RequestData\n response: ResponseData\n}\n\n/* 请求日志配置 /\nexport interface RequestLoggerOptions {\n /* 日志服务 URL /\n url: string\n /* 服务标识（如 auth-server、ones-server） /\n service: string\n /* 自定义请求头（如认证信息） /\n headers?: Record<string, string>\n /* 超时时间（毫秒），默认 5000 /\n timeout?: number\n /* 敏感数据清洗配置 /\n sanitize?: SanitizeConfig\n /* 错误回调 /\n onError?: (error: Error) => void\n /* 是否启用 @default true /\n enabled?: boolean\n /* 排除的路径列表（精确匹配或正则），这些路径不记录日志 /\n excludePaths?: (string \| RegExp)[]\n}\n\n\n// ============ Middleware ============\n\n/\n 请求日志中间件\n * \n * @example\n * ```typescript\n * import { requestLogger } from '@vafast/request-logger'\n * \n * server.use(requestLogger({\n * url: 'http://log-server:9005/api/logs/ingest',\n * service: 'auth-server',\n * auth: { apiKeyId: 'xxx', apiKeySecret: 'yyy' },\n * }))\n * ```\n /\nexport function requestLogger(options: RequestLoggerOptions) {\n const {\n url,\n service,\n headers = {},\n timeout = 5000,\n sanitize: sanitizeConfig,\n onError = console.error,\n enabled = true,\n excludePaths = [],\n } = options\n\n return defineMiddleware(async (req, next) => {\n if (!enabled) return next()\n\n const startTime = Date.now()\n const response = await next()\n\n // 异步记录日志，不阻塞响应\n recordLog(req, response, startTime, {\n url,\n service,\n headers,\n timeout,\n sanitizeConfig,\n onError,\n excludePaths,\n }).catch(onError)\n\n return response\n })\n}\n\n/* @deprecated 使用 requestLogger 代替 /\nexport const createRequestLogger = requestLogger\n\n// ============ Internal ============\n\ninterface RecordLogOptions {\n url: string\n service: string\n headers: Record<string, string>\n timeout: number\n sanitizeConfig?: SanitizeConfig\n onError: (error: Error) => void\n excludePaths: (string \| RegExp)[]\n}\n\n/* 检查路由是否配置了 log: false /\nfunction shouldSkipLog(method: string, path: string): boolean {\n try {\n const route = getRoute<{ log?: boolean }>(method, path)\n return route?.log === false\n } catch {\n return false\n }\n}\n\n/* 检查路径是否在排除列表中 /\nfunction isPathExcluded(path: string, excludePaths: (string \| RegExp)[]): boolean {\n return excludePaths.some(pattern => {\n if (typeof pattern === 'string') {\n return path === pattern \|\| path.startsWith(pattern + '/')\n }\n return pattern.test(path)\n })\n}\n\n/* 带超时的 fetch */\nasync function fetchWithTimeout(\n targetUrl: string,\n options: RequestInit,\n timeout: number\n): Promise<Response> {\n const controller = new AbortController()\n const timeoutId = setTimeout(() => controller.abort(), timeout)\n\n try {\n return await fetch(targetUrl, { ...options, signal: controller.signal })\n } finally {\n clearTimeout(timeoutId)\n }\n}\n\nasync function recordLog(\n req: Request,\n response: Response,\n startTime: number,\n options: RecordLogOptions\n) {\n const { url: logUrl, service, headers: customHeaders, timeout, sanitizeConfig, onError, excludePaths } = options\n\n const reqUrl = new URL(req.url)\n const path = reqUrl.pathname\n\n // 检查路径是否在排除列表中\n if (isPathExcluded(path, excludePaths)) return\n\n // 检查路由是否禁用日志\n if (shouldSkipLog(req.method, path)) return\n\n // 解析请求体\n let body: unknown = null\n try {\n const contentType = req.headers.get('content-type') \|\| ''\n if (contentType.includes('application/json')) {\n body = await req.clone().json()\n }\n } catch {\n // 忽略\n }\n\n // 解析响应体\n let responseData: ResponseData = {}\n try {\n responseData = await response.clone().json()\n } catch {\n // 忽略\n }\n\n // 提取请求头\n const headers: Record<string, string> = {}\n req.headers.forEach((value, key) => {\n headers[key] = value\n })\n\n // 清洗敏感数据\n const sanitizedHeaders = sanitizeHeaders(headers, sanitizeConfig)\n const sanitizedBody = sanitize(body, sanitizeConfig)\n const sanitizedResponseData = sanitize(responseData.data, sanitizeConfig)\n\n // 构建日志数据（业务字段由 log-server 从 headers 解析）\n const logBody = {\n method: req.method,\n url: req.url,\n path,\n headers: sanitizedHeaders,\n body: sanitizedBody,\n query: Object.fromEntries(reqUrl.searchParams),\n status: response.status,\n duration: Date.now() - startTime,\n service,\n createdAt: new Date().toISOString(),\n response: {\n success: responseData.success,\n message: responseData.message,\n code: responseData.code,\n },\n responseData: sanitizedResponseData,\n }\n\n // 发送到日志服务\n try {\n const res = await fetchWithTimeout(\n logUrl,\n {\n method: 'POST',\n headers: { 'Content-Type': 'application/json', ...customHeaders },\n body: JSON.stringify(logBody),\n },\n timeout\n )\n\n if (!res.ok) {\n throw new Error(`HTTP ${res.status}: ${res.statusText}`)\n }\n } catch (error) {\n onError(error as Error)\n }\n}\n\n// ============ Re-exports ============\n\nexport { sanitize, sanitizeHeaders, type SanitizeConfig } from './sanitize'\nexport default requestLogger\n"],"mappings":";;;;AAsBA,MAAM,wBAAwB;CAC5B;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD;;AAGD,MAAM,sBAAsB;CAC1B;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD;AAED,MAAM,sBAAsB;AAC5B,MAAM,oBAAoB;;;;AAO1B,SAAS,YAAY,OAAe,aAA6B;AAC/D,KAAI,MAAM,UAAU,EAAG,QAAO;AAC9B,QAAO,MAAM,MAAM,GAAG,EAAE,GAAG,SAAS,MAAM,MAAM,GAAG;;;;;;;;;;;;AAarD,SAAgB,SAAY,MAAS,QAAyB,QAAQ,GAAM;CAC1E,MAAM,EACJ,eAAe,uBACf,aAAa,qBACb,cAAc,qBACd,WAAW,sBACT,UAAU,EAAE;AAGhB,KAAI,QAAQ,SAAU,QAAO;AAE7B,KAAI,SAAS,QAAQ,SAAS,OAC5B,QAAO;AAIT,KAAI,MAAM,QAAQ,KAAK,CACrB,QAAO,KAAK,KAAI,SAAQ,SAAS,MAAM,QAAQ,QAAQ,EAAE,CAAC;AAI5D,KAAI,OAAO,SAAS,UAAU;EAC5B,MAAM,SAAkC,EAAE;AAE1C,OAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,KAAK,EAAE;GAC/C,MAAM,WAAW,IAAI,aAAa;AAGlC,OAAI,aAAa,MAAK,UAAS,aAAa,MAAM,EAAE;AAClD,WAAO,OAAO;AACd;;AAIF,OAAI,WAAW,MAAK,UAAS,SAAS,SAAS,MAAM,CAAC,EAAE;AACtD,QAAI,OAAO,UAAU,SACnB,QAAO,OAAO,YAAY,OAAO,YAAY;QAE7C,QAAO,OAAO;AAEhB;;AAIF,UAAO,OAAO,SAAS,OAAO,QAAQ,QAAQ,EAAE;;AAGlD,SAAO;;AAGT,QAAO;;;;;;;;;;;;AAaT,SAAgB,gBACd,SACA,QACwB;CACxB,MAAM,EACJ,aAAa,qBACb,cAAc,wBACZ,UAAU,EAAE;CAEhB,MAAM,SAAiC,EAAE;AAEzC,MAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,QAAQ,EAAE;EAClD,MAAM,WAAW,IAAI,aAAa;AAGlC,MAAI,aAAa,iBAAiB;AAChC,OAAI,MAAM,WAAW,UAAU,CAC7B,QAAO,OAAO,YAAY,YAAY,MAAM,MAAM,EAAE,EAAE,YAAY;OAElE,QAAO,OAAO,YAAY,OAAO,YAAY;AAE/C;;AAIF,MAAI,aAAa,YAAY,aAAa,cAAc;AACtD,UAAO,OAAO;AACd;;AAIF,MAAI,WAAW,MAAK,UAAS,SAAS,SAAS,MAAM,CAAC,EAAE;AACtD,UAAO,OAAO,YAAY,OAAO,YAAY;AAC7C;;AAGF,SAAO,OAAO;;AAGhB,QAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AC7ET,SAAgB,cAAc,SAA+B;CAC3D,MAAM,EACJ,KACA,SACA,UAAU,EAAE,EACZ,UAAU,KACV,UAAU,gBACV,UAAU,QAAQ,OAClB,UAAU,MACV,eAAe,EAAE,KACf;AAEJ,QAAO,iBAAiB,OAAO,KAAK,SAAS;AAC3C,MAAI,CAAC,QAAS,QAAO,MAAM;EAE3B,MAAM,YAAY,KAAK,KAAK;EAC5B,MAAM,WAAW,MAAM,MAAM;AAG7B,YAAU,KAAK,UAAU,WAAW;GAClC;GACA;GACA;GACA;GACA;GACA;GACA;GACD,CAAC,CAAC,MAAM,QAAQ;AAEjB,SAAO;GACP;;;AAIJ,MAAa,sBAAsB;;AAenC,SAAS,cAAc,QAAgB,MAAuB;AAC5D,KAAI;AAEF,SADc,SAA4B,QAAQ,KAAK,EACzC,QAAQ;SAChB;AACN,SAAO;;;;AAKX,SAAS,eAAe,MAAc,cAA4C;AAChF,QAAO,aAAa,MAAK,YAAW;AAClC,MAAI,OAAO,YAAY,SACrB,QAAO,SAAS,WAAW,KAAK,WAAW,UAAU,IAAI;AAE3D,SAAO,QAAQ,KAAK,KAAK;GACzB;;;AAIJ,eAAe,iBACb,WACA,SACA,SACmB;CACnB,MAAM,aAAa,IAAI,iBAAiB;CACxC,MAAM,YAAY,iBAAiB,WAAW,OAAO,EAAE,QAAQ;AAE/D,KAAI;AACF,SAAO,MAAM,MAAM,WAAW;GAAE,GAAG;GAAS,QAAQ,WAAW;GAAQ,CAAC;WAChE;AACR,eAAa,UAAU;;;AAI3B,eAAe,UACb,KACA,UACA,WACA,SACA;CACA,MAAM,EAAE,KAAK,QAAQ,SAAS,SAAS,eAAe,SAAS,gBAAgB,SAAS,iBAAiB;CAEzG,MAAM,SAAS,IAAI,IAAI,IAAI,IAAI;CAC/B,MAAM,OAAO,OAAO;AAGpB,KAAI,eAAe,MAAM,aAAa,CAAE;AAGxC,KAAI,cAAc,IAAI,QAAQ,KAAK,CAAE;CAGrC,IAAI,OAAgB;AACpB,KAAI;AAEF,OADoB,IAAI,QAAQ,IAAI,eAAe,IAAI,IACvC,SAAS,mBAAmB,CAC1C,QAAO,MAAM,IAAI,OAAO,CAAC,MAAM;SAE3B;CAKR,IAAI,eAA6B,EAAE;AACnC,KAAI;AACF,iBAAe,MAAM,SAAS,OAAO,CAAC,MAAM;SACtC;CAKR,MAAM,UAAkC,EAAE;AAC1C,KAAI,QAAQ,SAAS,OAAO,QAAQ;AAClC,UAAQ,OAAO;GACf;CAGF,MAAM,mBAAmB,gBAAgB,SAAS,eAAe;CACjE,MAAM,gBAAgB,SAAS,MAAM,eAAe;CACpD,MAAM,wBAAwB,SAAS,aAAa,MAAM,eAAe;CAGzE,MAAM,UAAU;EACd,QAAQ,IAAI;EACZ,KAAK,IAAI;EACT;EACA,SAAS;EACT,MAAM;EACN,OAAO,OAAO,YAAY,OAAO,aAAa;EAC9C,QAAQ,SAAS;EACjB,UAAU,KAAK,KAAK,GAAG;EACvB;EACA,4BAAW,IAAI,MAAM,EAAC,aAAa;EACnC,UAAU;GACR,SAAS,aAAa;GACtB,SAAS,aAAa;GACtB,MAAM,aAAa;GACpB;EACD,cAAc;EACf;AAGD,KAAI;EACF,MAAM,MAAM,MAAM,iBAChB,QACA;GACE,QAAQ;GACR,SAAS;IAAE,gBAAgB;IAAoB,GAAG;IAAe;GACjE,MAAM,KAAK,UAAU,QAAQ;GAC9B,EACD,QACD;AAED,MAAI,CAAC,IAAI,GACP,OAAM,IAAI,MAAM,QAAQ,IAAI,OAAO,IAAI,IAAI,aAAa;UAEnD,OAAO;AACd,UAAQ,MAAe;;;AAO3B,kBAAe"}

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@vafast/request-logger",
-  "version": "0.2.3",
-  "description": "API request logging middleware for Vafast with sensitive data sanitization",
+  "version": "0.3.2",
+  "description": "API request logging middleware for Vafast",
   "type": "module",
   "main": "./dist/index.mjs",
   "module": "./dist/index.mjs",
@@ -18,7 +18,6 @@
     "request-logger",
     "api-logs",
     "middleware",
-    "mongodb",
     "typescript"
   ],
   "scripts": {
@@ -36,19 +35,12 @@
   "dependencies": {},
   "devDependencies": {
     "@types/node": "^22.15.30",
-    "mongodb": "^6.16.0",
     "rimraf": "^6.0.1",
     "tsdown": "^0.19.0-beta.4",
     "typescript": "^5.4.5",
     "vafast": "^0.5.1"
   },
   "peerDependencies": {
-    "vafast": "^0.5.1",
-    "mongodb": ">= 6.0.0"
-  },
-  "peerDependenciesMeta": {
-    "mongodb": {
-      "optional": true
-    }
+    "vafast": "^0.5.1"
   }
-}
+}