observe-node 1.0.5 → 1.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/src/http/express.js +14 -3
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "observe-node",
3
- "version": "1.0.5",
3
+ "version": "1.0.7",
4
4
  "description": "Structured logs + Prometheus metrics SDK for Node.js (Loki/Grafana ready)",
5
5
  "main": "src/index.js",
6
6
  "type": "commonjs",
package/src/http/express.js CHANGED
@@ -18,6 +18,16 @@ function redact(obj, keys = ["password","token","authorization","jwt","otp","sec
18
18
  return out;
19
19
  }
20
20
 
21
+ function pickRequestBody(body, maxBytes = 20_000) {
22
+ if (!body || typeof body !== "object") return undefined;
23
+
24
+ const redacted = redact(body);
25
+ const bytes = safeJsonSizeBytes(redacted);
26
+ if (bytes == null) return { truncated: true, bytes: null };
27
+ if (bytes > maxBytes) return { truncated: true, bytes };
28
+ return { body: redacted, truncated: false, bytes };
29
+ }
30
+
21
31
  function pickResponseBody(body, maxBytes = 20_000) {
22
32
  // limit response size (avoid huge payloads / images)
23
33
  const redacted = redact(body);
@@ -29,10 +39,13 @@ function pickResponseBody(body, maxBytes = 20_000) {
29
39
 
30
40
  function expressMiddleware(observe, opts = {}) {
31
41
  const maxResponseBytes = Number(opts.maxResponseBytes || 20_000);
42
+ const maxRequestBytes = Number(opts.maxRequestBytes || 20_000);
32
43
 
33
44
  return function (req, res, next) {
34
45
  const start = Date.now();
35
46
 
47
+ const capturedRequest = pickRequestBody(req.body, maxRequestBytes);
48
+
36
49
  // ✅ capture response body
37
50
  let capturedResponse;
38
51
  const _json = res.json.bind(res);
@@ -101,8 +114,6 @@ res.send = (body) => {
101
114
  // ✅ auth info (don’t log token)
102
115
  const hasAuth = !!req.headers.authorization;
103
116
 
104
- // ✅ body (only if parsed)
105
- const requestBody = req.body ? redact(req.body) : undefined;
106
117
 
107
118
  observe.emit({
108
119
  event_name: "http.response",
@@ -125,7 +136,7 @@ res.send = (body) => {
125
136
  query: req.query, // parsed query object
126
137
  query_string: queryString, // raw query string
127
138
  params: req.params, // may be empty (see note)
128
- body: requestBody, // parsed body (if express.json ran before)
139
+ body: capturedRequest
129
140
  },
130
141
 
131
142
  response: {