observe-node 1.0.4 → 1.0.6

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "observe-node",
-  "version": "1.0.4",
+  "version": "1.0.6",
   "description": "Structured logs + Prometheus metrics SDK for Node.js (Loki/Grafana ready)",
   "main": "src/index.js",
   "type": "commonjs",

package/src/http/express.js

@@ -18,6 +18,16 @@ function redact(obj, keys = ["password","token","authorization","jwt","otp","sec
   return out;
 }
 
+function pickRequestBody(body, maxBytes = 20_000) {
+  if (!body || typeof body !== "object") return undefined;
+
+  const redacted = redact(body);
+  const bytes = safeJsonSizeBytes(redacted);
+  if (bytes == null) return { truncated: true, bytes: null };
+  if (bytes > maxBytes) return { truncated: true, bytes };
+  return { body: redacted, truncated: false, bytes };
+}
+
 function pickResponseBody(body, maxBytes = 20_000) {
   // limit response size (avoid huge payloads / images)
   const redacted = redact(body);
@@ -29,6 +39,7 @@ function pickResponseBody(body, maxBytes = 20_000) {
 
 function expressMiddleware(observe, opts = {}) {
   const maxResponseBytes = Number(opts.maxResponseBytes || 20_000);
+  const maxRequestBytes = Number(opts.maxRequestBytes || 20_000);
 
   return function (req, res, next) {
     const start = Date.now();
@@ -77,29 +88,64 @@ res.send = (body) => {
   }
 };
 
-    res.on("finish", () => {
-      const duration_ms = Date.now() - start;
-
-      observe.emit({
-        event_name: "http.response",
-        level: res.statusCode >= 500 ? "error" : res.statusCode >= 400 ? "warn" : "info",
-        message: `${req.method} ${req.originalUrl} -> ${res.statusCode} (${duration_ms}ms)`,
-        http: {
-          method: req.method,
-          path: (req.originalUrl || req.url || "").split("?")[0],
-          status: res.statusCode,
-          duration_ms,
-        },
-        request: {
-          query: req.query,
-          params: req.params,
-        },
-        response: {
-          status: res.statusCode,
-          ...capturedResponse, // { body?, truncated, bytes }
-        },
-      });
-    });
+  res.on("finish", () => {
+  const duration_ms = Date.now() - start;
+
+  const originalUrl = req.originalUrl || req.url || "";
+  const pathOnly = originalUrl.split("?")[0];
+  const queryString = originalUrl.includes("?") ? originalUrl.split("?")[1] : "";
+
+  // ✅ best effort matched route pattern
+  // baseUrl is mounted path, route.path is endpoint pattern (like "/:id")
+  const routePath = req.route?.path;
+  const matchedRoute =
+    routePath ? `${req.baseUrl || ""}${routePath}` : undefined;
+
+  // ✅ headers (safe subset)
+  const headers = {
+    "user-agent": req.headers["user-agent"],
+    "content-type": req.headers["content-type"],
+    "content-length": req.headers["content-length"],
+    "referer": req.headers["referer"],
+  };
+
+  // ✅ auth info (don’t log token)
+  const hasAuth = !!req.headers.authorization;
+
+  // ✅ body (only if parsed)
+  const requestBody = req.body ? redact(req.body) : undefined;
+
+  observe.emit({
+    event_name: "http.response",
+    level: res.statusCode >= 500 ? "error" : res.statusCode >= 400 ? "warn" : "info",
+    message: `${req.method} ${originalUrl} -> ${res.statusCode} (${duration_ms}ms)`,
+
+    http: {
+      method: req.method,
+      status: res.statusCode,
+      path: pathOnly,
+      original_url: originalUrl,
+      matched_route: matchedRoute,      // ✅ tells exactly which API matched
+      duration_ms,
+      ip: req.ip,
+    },
+
+    request: {
+      headers,
+      has_auth: hasAuth,
+      query: req.query,                // parsed query object
+      query_string: queryString,       // raw query string
+      params: req.params,              // may be empty (see note)
+      body: requestBody,               // parsed body (if express.json ran before)
+      bodyPayload: capturedRequest,
+    },
+
+    response: {
+      status: res.statusCode,
+      ...capturedResponse,
+    },
+  });
+});
 
     next();
   };