winston-middleware 1.4.0 → 3.0.0

package/.travis.yml

@@ -1,13 +1,6 @@
 sudo: false
 language: node_js
 node_js:
-  - "0.10"
-  - "0.11"
-  - "0.12"
-  - "4.2"
-  - "5.3"
-  - "iojs"
-
-script:
-  - "test $TRAVIS_NODE_VERSION  = '0.6' || npm test"
-  - "test $TRAVIS_NODE_VERSION != '0.6' || npm run-script test-coverage"
+  - "6"
+  - "8"
+  - "10"

package/AUTHORS

@@ -1,4 +1,4 @@
-Heapsource <npm@heapsource.com> (http://www.heapsource.com)
+Bithavoc <im@bithavoc.io> (https://bithavoc.io)
 Lars Jacob (http://jaclar.net)
 Jonathan Lomas (http://floatinglomas.ca)
 Xavier Damman (http://xdamman.com)
@@ -6,3 +6,4 @@ Quentin Rossetti <quentin.rossetti@gmail.com>
 Damian Kaczmarek <rush@rushbase.net>
 Robbie Trencheny <me@robbiet.us> (http://robbie.io)
 Ross Brandes <ross.brandes@gmail.com>
+Kévin Maschtaler (https://www.kmaschta.me)

package/CHANGELOG.md

@@ -0,0 +1,69 @@
+## 3.0.0
+winston-middleware@3 shouldn't have any breaking changes _of its own_, but there are breaking changes as a result of upgrading winston and Node.js.
+
+winston-middleware@2.6.0 will be the last version to support winston@2.
+
+#### Breaking changes
+* Drop support for winston < 3. winston@3 includes quite a few breaking changes. Check their [changelog](https://github.com/winstonjs/winston/blob/master/CHANGELOG.md) and [upgrade guide](https://github.com/winstonjs/winston/blob/master/UPGRADE-3.0.md) to get an idea of winston's breaking changes.
+* Drop support for Node.js < 6. v6 is the oldest version of Node.js [currently supported by the Node.js team](https://github.com/nodejs/Release).
+
+## 2.6.0
+* Add `exceptionToMeta` and `blacklistedMetaFields` for filtering returned meta
+  object ([#173](https://github.com/bithavoc/winston-middleware/pull/173), @cubbuk)
+
+## 2.5.1
+* Allow `msg` to be a function ([#160](https://github.com/bithavoc/winston-middleware/pull/160), @brendancwood)
+
+## 2.5.0
+* Reduce memory usage ([#164](https://github.com/bithavoc/winston-middleware/pull/164), @Kmaschta)
+
+## 2.4.0
+* Allow `options.level` to be a function for dynamic level setting ([#148](https://github.com/bithavoc/winston-middleware/pull/148), @CryptArchy)
+
+## 2.3.0
+* Allow line breaks inside `msg` interpolation ([#143](https://github.com/bithavoc/winston-middleware/pull/143), @ltegman)
+
+## 2.2.0
+* Add dynamic metadata support to error logger ([#139](https://github.com/bithavoc/winston-middleware/issues/139), @scarlettsteph)
+
+## 2.1.3
+* Re-enable logging of req.body when request whitelist contains body and there is no no body whitelist/blacklist (broken in 2.1.1) ([#136](https://github.com/bithavoc/winston-middleware/issues/136))
+
+## 2.1.2
+* Fix error throwing when no req is logged ([#130](https://github.com/bithavoc/winston-middleware/issues/130))
+
+## 2.1.1
+* Fix `bodyBlacklist` not working when `requestWhitelist` contains `body` ([#128](https://github.com/bithavoc/winston-middleware/issues/128), @jacobcabantomski-ct)
+
+## 2.1.0
+* Add dynamic metadata support ([#124](https://github.com/bithavoc/winston-middleware/issues/124), @jpdelima)
+* Add support for `colorize`-ing status code, no `expressFormat` required ([#121](https://github.com/bithavoc/winston-middleware/issues/121))
+
+## 2.0.0
+#### Breaking changes
+* Make winston a peer dependency. `npm install --save winston` if you haven't already.
+* `expressFormat` has no color by default. Add `colorize: true` to winston-middleware
+  options to enable the previous colorized output. ([#86](https://github.com/bithavoc/winston-middleware/issues/86))
+* Drop support for inherited properties on the object provided to the `baseMeta` option. This is unlikely to actually break anyone's real-world setup.
+
+## 1.4.2
+* Upgrade winston to 1.1 ([#114](https://github.com/bithavoc/winston-middleware/issues/114))
+
+## 1.4.1
+* Don't throw exception on invalid JSON in response body ([#112](https://github.com/bithavoc/winston-middleware/issues/112))
+
+## 1.4.0
+* Allow custom log level for error logger ([#111](https://github.com/bithavoc/winston-middleware/pull/111))
+
+## 1.3.1
+* underscore -> lodash ([#88](https://github.com/bithavoc/winston-middleware/issues/88))
+
+## 1.3.0
+* Allow custom status levels ([#102](https://github.com/bithavoc/winston-middleware/pull/102))
+* Add per-instance equivalents of all global white/blacklists ([#105](https://github.com/bithavoc/winston-middleware/pull/105))
+* Allow user to override module-level whitelists and functions without having to worry about using the right object reference ([#92](https://github.com/bithavoc/winston-middleware/issues/92))
+
+## 1.2.0
+* Add `baseMeta` and `metaField` options ([#91](https://github.com/bithavoc/winston-middleware/pull/91))
+* Document `requestFilter` and `responseFilter` options
+* Drop support for node 0.6 and 0.8

package/Readme.md

@@ -1,17 +1,15 @@
 # winston-middleware
 [![Monthly Downloads](https://img.shields.io/npm/dm/winston-middleware.svg)](https://www.npmjs.com/package/winston-middleware) [![Build Status](https://secure.travis-ci.org/bithavoc/winston-middleware.png)](http://travis-ci.org/bithavoc/winston-middleware)
 
-> [winston](https://github.com/flatiron/winston) middleware for express.js
+> [winston](https://github.com/winstonjs/winston) middleware for express.js
 
-## Installation
-
-Newcomers should start with the latest branch which makes use of winston 1.x.x and supports node >= 0.10:
+[Changelog](CHANGELOG.md)
 
-    npm install winston-middleware
+## Installation
 
-If you're already using winston-middleware, and want to stick with the stable version based on winston 0.9.x, you should instead do:
+    npm install winston winston-middleware
 
-    npm install winston-middleware@0.x.x --save
+(supports node >= 6)
 
 ## Usage
 
@@ -25,8 +23,8 @@ In `package.json`:
 {
   "dependencies": {
     "...": "...",
-    "winston": "0.6.x",
-    "winston-middleware": "0.2.x",
+    "winston": "^3.0.0",
+    "winston-middleware": "^3.0.0",
     "...": "..."
   }
 }
@@ -55,8 +53,8 @@ Use `expressWinston.logger(options)` to create a middleware to log your HTTP req
       ],
       meta: true, // optional: control whether you want to log the meta data about the request (default to true)
       msg: "HTTP {{req.method}} {{req.url}}", // optional: customize the default logging message. E.g. "{{res.statusCode}} {{req.method}} {{res.responseTime}}ms {{req.url}}"
-      expressFormat: true, // Use the default Express/morgan request formatting, with the same colors. Enabling this will override any msg and colorStatus if true. Will only output colors on transports with colorize set to true
-      colorStatus: true, // Color the status code, using the Express/morgan color palette (default green, 3XX cyan, 4XX yellow, 5XX red). Will not be recognized if expressFormat is true
+      expressFormat: true, // Use the default Express/morgan request formatting. Enabling this will override any msg if true. Will only output colors with colorize set to true
+      colorize: false, // Color the text and status code, using the Express/morgan color palette (text: gray, status: default green, 3XX cyan, 4XX yellow, 5XX red).
       ignoreRoute: function (req, res) { return false; } // optional: allows to skip some log messages based on request and/or response
     }));
 
@@ -68,14 +66,14 @@ Use `expressWinston.logger(options)` to create a middleware to log your HTTP req
 ``` js
     transports: [<WinstonTransport>], // list of all winston transports instances to use.
     winstonInstance: <WinstonLogger>, // a winston logger instance. If this is provided the transports option is ignored.
-    level: String, // log level to use, the default is "info".
-    msg: String // customize the default logging message. E.g. "{{res.statusCode}} {{req.method}} {{res.responseTime}}ms {{req.url}}", "HTTP {{req.method}} {{req.url}}".
-    expressFormat: Boolean, // Use the default Express/morgan request formatting, with the same colors. Enabling this will override any msg and colorStatus if true. Will only output colors on transports with colorize set to true
-    colorStatus: Boolean, // Color the status code, using the Express/morgan color palette (default green, 3XX cyan, 4XX yellow, 5XX red). Will not be recognized if expressFormat is true
+    level: String or function(req, res) { return String; }, // log level to use, the default is "info". Assign a  function to dynamically set the level based on request and response, or a string to statically set it always at that level. statusLevels must be false for this setting to be used.
+    msg: String or function // customize the default logging message. E.g. "{{res.statusCode}} {{req.method}} {{res.responseTime}}ms {{req.url}}", "HTTP {{req.method}} {{req.url}}" or function(req, res) { return `${res.statusCode} - ${req.method}` }
+    expressFormat: Boolean, // Use the default Express/morgan request formatting. Enabling this will override any msg if true. Will only output colors when colorize set to true
+    colorize: Boolean, // Color the text and status code, using the Express/morgan color palette (text: gray, status: default green, 3XX cyan, 4XX yellow, 5XX red).
     meta: Boolean, // control whether you want to log the meta data about the request (default to true).
     baseMeta: Object, // default meta data to be added to log, this will be merged with the meta data.
     metaField: String, // if defined, the meta data will be added in this field instead of the meta root object.
-    statusLevels: Boolean or Object // different HTTP status codes caused log messages to be logged at different levels (info/warn/error), the default is false. Use an object to control the levels various status codes are logged at.
+    statusLevels: Boolean or Object // different HTTP status codes caused log messages to be logged at different levels (info/warn/error), the default is false. Use an object to control the levels various status codes are logged at. Using an object for statusLevels overrides any setting of options.level.
     ignoreRoute: function (req, res) { return false; } // A function to determine if logging is skipped, defaults to returning false. Called _before_ any later middleware.
     skip: function(req, res) { return false; } // A function to determine if logging is skipped, defaults to returning false. Called _after_ response has already been sent.
     requestFilter: function (req, propName) { return req[propName]; } // A function to filter/return request values, defaults to returning all values allowed by whitelist. If the function returns undefined, the key/value will not be included in the meta.
@@ -85,6 +83,7 @@ Use `expressWinston.logger(options)` to create a middleware to log your HTTP req
     bodyWhitelist: [String] // Array of body properties to log. Overrides global bodyWhitelist for this instance
     bodyBlacklist: [String] // Array of body properties to omit from logs. Overrides global bodyBlacklist for this instance
     ignoredRoutes: [String] // Array of paths to ignore/skip logging. Overrides global ignoredRoutes for this instance
+    dynamicMeta: function(req, res) { return [Object]; } // Extract additional meta data from request or response (typically req.user data if using passport). meta must be true for this function to be activated
 
 ```
 
@@ -113,12 +112,15 @@ The logger needs to be added AFTER the express router(`app.router)`) and BEFORE
 ``` js
     transports: [<WinstonTransport>], // list of all winston transports instances to use.
     winstonInstance: <WinstonLogger>, // a winston logger instance. If this is provided the transports option is ignored
-    msg: String // customize the default logging message. E.g. "{{res.statusCode}} {{req.method}} {{res.responseTime}}ms {{req.url}}", "HTTP {{req.method}} {{req.url}}".
+    msg: String or function // customize the default logging message. E.g. "{{err.message}} {{res.statusCode}} {{req.method}}" or function(req, res) { return `${res.statusCode} - ${req.method}` }
     baseMeta: Object, // default meta data to be added to log, this will be merged with the error data.
     metaField: String, // if defined, the meta data will be added in this field instead of the meta root object.
     requestFilter: function (req, propName) { return req[propName]; } // A function to filter/return request values, defaults to returning all values allowed by whitelist. If the function returns undefined, the key/value will not be included in the meta.
     requestWhitelist: [String] // Array of request properties to log. Overrides global requestWhitelist for this instance
-    level: String // custom log level for errors (default is 'error')
+    level: String or function(req, res, err) { return String; }// custom log level for errors (default is 'error'). Assign a function to dynamically set the log level based on request, response, and the exact error.
+    dynamicMeta: function(req, res, err) { return [Object]; } // Extract additional meta data from request or response (typically req.user data if using passport). meta must be true for this function to be activated
+    exceptionToMeta: function(error){return Object; } // Function to format the returned meta information on error log. If not given `winston.exception.getAllInfo` will be used by default
+    blacklistedMetaFields: [String] // fields to blacklist from meta data
 ```
 
 To use winston's existing transports, set `transports` to the values (as in key-value) of the `winston.default.transports` object. This may be done, for example, by using underscorejs: `transports: _.values(winston.default.transports)`.
@@ -143,12 +145,12 @@ Alternatively, if you're using a winston logger instance elsewhere and have alre
       return next(new Error("This is an error and it should be logged to the console"));
     });
 
-    app.get('/', function(req, res, next) {
+    router.get('/', function(req, res, next) {
       res.write('This is a normal request, it should be logged to the console too');
       res.end();
     });
 
-    // winston-middleware logger makes sense BEFORE the router.
+    // winston-middleware logger makes sense BEFORE the router
     app.use(expressWinston.logger({
       transports: [
         new winston.transports.Console({
@@ -370,7 +372,7 @@ Blacklisting supports only the `body` property.
     });
 ```
 
-If both `req._bodyWhitelist.body` and `req._bodyBlacklist.body` are set the result will be the white listed properties
+If both `req._routeWhitelists.body` and `req._routeBlacklists.body` are set the result will be the white listed properties
 excluding any black listed ones. In the above example, only 'email' and 'age' would be included.
 
 
@@ -385,6 +387,44 @@ If you set statusLevels to true winston-middleware will log sub 400 responses at
   }
 ```
 
+## Dynamic Status Levels
+
+If you set statusLevels to false and assign a function to level, you can customize the log level for any scenario.
+
+```js
+  statusLevels: false // default value
+  level: function (req, res) {
+    var level = "";
+    if (res.statusCode >= 100) { level = "info"; }
+    if (res.statusCode >= 400) { level = "warn"; }
+    if (res.statusCode >= 500) { level = "error"; }
+    // Ops is worried about hacking attempts so make Unauthorized and Forbidden critical
+    if (res.statusCode == 401 || res.statusCode == 403) { level = "critical"; }
+    // No one should be using the old path, so always warn for those
+    if (req.path === "/v1" && level === "info") { level = "warn"; }
+    return level;
+  }
+```
+
+
+## Dynamic meta data from request or response
+
+If you set dynamicMeta function you can extract additional meta data fields from request or response objects.
+The function can be used to either select relevant elements in request or response body without logging them as a whole
+or to extract runtime data like the user making the request. The example below logs the user name and role as assigned
+by the passport authentication middleware.
+
+```js
+   meta: true,
+   dynamicMeta: function(req, res) {
+     return {
+       user: req.user ? req.user.username : null,
+       role: req.user ? req.user.role : null,
+       ...
+   }
+}
+```
+
 ## Tests
 
 Run the basic Mocha tests:

package/index.js

@@ -117,44 +117,69 @@ exports.errorLogger = function errorLogger(options) {
 
     options.requestWhitelist = options.requestWhitelist || exports.requestWhitelist;
     options.requestFilter = options.requestFilter || exports.defaultRequestFilter;
-    options.winstonInstance = options.winstonInstance || (new winston.Logger ({ transports: options.transports }));
+    options.winstonInstance = options.winstonInstance || (winston.createLogger ({ transports: options.transports }));
     options.msg = options.msg || 'middlewareError';
     options.baseMeta = options.baseMeta || {};
     options.metaField = options.metaField || null;
     options.level = options.level || 'error';
+    options.dynamicMeta = options.dynamicMeta || function(req, res, err) { return null; };
+    const exceptionHandler = new winston.ExceptionHandler(options.winstonInstance);
+    options.exceptionToMeta = options.exceptionToMeta || exceptionHandler.getAllInfo.bind(exceptionHandler);
+    options.blacklistedMetaFields = options.blacklistedMetaFields || [];
 
     // Using mustache style templating
-    var template = _.template(options.msg, {
-      interpolate: /\{\{(.+?)\}\}/g
-    });
+    var getTemplate = function(msg, data) {
+      return _.template(msg, {interpolate: /\{\{([\s\S]+?)\}\}/g})(data)
+    };
 
     return function (err, req, res, next) {
 
-        // Let winston gather all the error data.
-        var exceptionMeta = winston.exception.getAllInfo(err);
+      // Let winston gather all the error data
+        var exceptionMeta = _.omit(options.exceptionToMeta(err), options.blacklistedMetaFields);
         exceptionMeta.req = filterObject(req, options.requestWhitelist, options.requestFilter);
 
+        if(options.dynamicMeta) {
+            var dynamicMeta = options.dynamicMeta(req, res, err);
+            exceptionMeta = _.assign(exceptionMeta, dynamicMeta);
+        }
+
         if (options.metaField) {
             var newMeta = {};
             newMeta[options.metaField] = exceptionMeta;
             exceptionMeta = newMeta;
         }
 
-        exceptionMeta = _.extend(exceptionMeta, options.baseMeta);
+        exceptionMeta = _.assign(exceptionMeta, options.baseMeta);
+
+        var level = _.isFunction(options.level) ? options.level(req, res, err) : options.level;
+
+        options.msg = typeof options.msg === 'function' ? options.msg(req, res) : options.msg;
 
         // This is fire and forget, we don't want logging to hold up the request so don't wait for the callback
-        options.winstonInstance.log(options.level, template({err: err, req: req, res: res}), exceptionMeta);
+        options.winstonInstance.log({
+            level,
+            message: getTemplate(options.msg, {err: err, req: req, res: res}),
+            meta: exceptionMeta
+        });
 
         next(err);
     };
 };
 
+function levelFromStatus(options) {
+    return function (req, res) {
+        var level = "";
+        if (res.statusCode >= 100) { level = options.statusLevels.success || "info"; }
+        if (res.statusCode >= 400) { level = options.statusLevels.warn || "warn"; }
+        if (res.statusCode >= 500) { level = options.statusLevels.error || "error"; }
+        return level;
+    }
+}
+
 //
 // ### function logger(options)
 // #### @options {Object} options to initialize the middleware.
 //
-
-
 exports.logger = function logger(options) {
 
     ensureValidOptions(options);
@@ -167,23 +192,35 @@ exports.logger = function logger(options) {
     options.requestFilter = options.requestFilter || exports.defaultRequestFilter;
     options.responseFilter = options.responseFilter || exports.defaultResponseFilter;
     options.ignoredRoutes = options.ignoredRoutes || exports.ignoredRoutes;
-    options.winstonInstance = options.winstonInstance || (new winston.Logger ({ transports: options.transports }));
-    options.level = options.level || "info";
+    options.winstonInstance = options.winstonInstance || (winston.createLogger ({ transports: options.transports }));
     options.statusLevels = options.statusLevels || false;
+    options.level = options.statusLevels ? levelFromStatus(options) : (options.level || "info");
     options.msg = options.msg || "HTTP {{req.method}} {{req.url}}";
     options.baseMeta = options.baseMeta || {};
     options.metaField = options.metaField || null;
-    options.colorStatus = options.colorStatus || false;
+    options.colorize = options.colorize || false;
     options.expressFormat = options.expressFormat || false;
     options.ignoreRoute = options.ignoreRoute || function () { return false; };
     options.skip = options.skip || exports.defaultSkip;
+    options.dynamicMeta = options.dynamicMeta || function(req, res) { return null; };
+
+    var expressMsgFormat = "{{req.method}} {{req.url}} {{res.statusCode}} {{res.responseTime}}ms";
+    if (options.colorize) {
+        expressMsgFormat = chalk.grey("{{req.method}} {{req.url}}") +
+          " {{res.statusCode}} " +
+          chalk.grey("{{res.responseTime}}ms");
+    }
+
+    var msgFormat = !options.expressFormat ? options.msg : expressMsgFormat;
 
     // Using mustache style templating
-    var template = _.template(options.msg, {
+    var template = _.template(msgFormat, {
       interpolate: /\{\{(.+?)\}\}/g
     });
 
     return function (req, res, next) {
+        var coloredRes = {};
+
         var currentUrl = req.originalUrl || req.url;
         if (currentUrl && _.includes(options.ignoredRoutes, currentUrl)) return next();
         if (options.ignoreRoute(req, res)) return next();
@@ -210,21 +247,6 @@ exports.logger = function logger(options) {
 
             req.url = req.originalUrl || req.url;
 
-            if (options.statusLevels) {
-              if (res.statusCode >= 100) { options.level = options.statusLevels.success || "info"; }
-              if (res.statusCode >= 400) { options.level = options.statusLevels.warn || "warn"; }
-              if (res.statusCode >= 500) { options.level = options.statusLevels.error || "error"; }
-            };
-
-            if (options.colorStatus || options.expressFormat) {
-              // Palette from https://github.com/expressjs/morgan/blob/master/index.js#L205
-              var statusColor = 'green';
-              if (res.statusCode >= 500) statusColor = 'red';
-              else if (res.statusCode >= 400) statusColor = 'yellow';
-              else if (res.statusCode >= 300) statusColor = 'cyan';
-              var coloredStatusCode = chalk[statusColor](res.statusCode);
-            }
-
             var meta = {};
 
             if(options.meta !== false) {
@@ -240,7 +262,7 @@ exports.logger = function logger(options) {
                   var isJson = (res._headers && res._headers['content-type']
                     && res._headers['content-type'].indexOf('json') >= 0);
 
-                  logData.res.body =  isJson ? JSON.parse(chunk) : chunk.toString();
+                  logData.res.body = bodyToString(chunk, isJson);
                 }
               }
 
@@ -256,35 +278,70 @@ exports.logger = function logger(options) {
                   if (blacklist.length > 0 && bodyWhitelist.length === 0) {
                     var whitelist = _.difference(Object.keys(req.body), blacklist);
                     filteredBody = filterObject(req.body, whitelist, options.requestFilter);
+                  } else if (
+                    requestWhitelist.indexOf('body') !== -1 &&
+                    bodyWhitelist.length === 0 &&
+                    blacklist.length === 0
+                  ) {
+                    filteredBody = filterObject(req.body, Object.keys(req.body), options.requestFilter);
                   } else {
                     filteredBody = filterObject(req.body, bodyWhitelist, options.requestFilter);
                   }
               }
 
-              if (filteredBody) logData.req.body = filteredBody;
+              if (logData.req) {
+                if (filteredBody) {
+                  logData.req.body = filteredBody;
+                } else {
+                  delete logData.req.body;
+                }
+              }
 
               logData.responseTime = res.responseTime;
 
+              if(options.dynamicMeta) {
+                  var dynamicMeta = options.dynamicMeta(req, res);
+                  logData = _.assign(logData, dynamicMeta);
+              }
+
               if (options.metaField) {
-                  var newMeta = {}
+                  var newMeta = {};
                   newMeta[options.metaField] = logData;
                   logData = newMeta;
               }
-              meta = _.extend(meta, logData);
+              meta = _.assign(meta, logData);
             }
 
-            meta = _.extend(meta, options.baseMeta);
+            meta = _.assign(meta, options.baseMeta);
+
+            if (options.colorize) {
+              // Palette from https://github.com/expressjs/morgan/blob/master/index.js#L205
+              var statusColor = 'green';
+              if (res.statusCode >= 500) statusColor = 'red';
+              else if (res.statusCode >= 400) statusColor = 'yellow';
+              else if (res.statusCode >= 300) statusColor = 'cyan';
+
+              coloredRes.statusCode = chalk[statusColor](res.statusCode);
+            }
 
-            if(options.expressFormat) {
-              var msg = chalk.grey(req.method + " " + req.url || req.url)
-                + " " + chalk[statusColor](res.statusCode)
-                + " " + chalk.grey(res.responseTime+"ms");
+            var msgFormat
+            if (!options.expressFormat) {
+              msgFormat = typeof options.msg === 'function' ? options.msg(req, res) : options.msg
             } else {
-              var msg = template({req: req, res: res});
+              msgFormat = expressMsgFormat
             }
+
+            // Using mustache style templating
+            var template = _.template(msgFormat, {
+              interpolate: /\{\{(.+?)\}\}/g
+            });
+
+            var msg = template({req: req, res: _.assign({}, res, coloredRes)});
+
             // This is fire and forget, we don't want logging to hold up the request so don't wait for the callback
             if (!options.skip(req, res)) {
-              options.winstonInstance.log(options.level, msg, meta);
+              var level = _.isFunction(options.level) ? options.level(req, res) : options.level;
+              options.winstonInstance.log({level, message: msg, meta});
             }
         };
 
@@ -292,10 +349,30 @@ exports.logger = function logger(options) {
     };
 };
 
+function safeJSONParse(string) {
+    try {
+        return JSON.parse(string);
+    } catch (e) {
+        return undefined;
+    }
+}
+
+function bodyToString(body, isJSON) {
+    var stringBody = body && body.toString();
+    if (isJSON) {
+        return (safeJSONParse(body) || stringBody);
+    }
+    return stringBody;
+}
+
 function ensureValidOptions(options) {
     if(!options) throw new Error("options are required by winston-middleware middleware");
     if(!((options.transports && (options.transports.length > 0)) || options.winstonInstance))
         throw new Error("transports or a winstonInstance are required by winston-middleware middleware");
+
+    if (options.dynamicMeta && !_.isFunction(options.dynamicMeta)) {
+        throw new Error("`dynamicMeta` winston-middleware option should be a function");
+    }
 }
 
 function ensureValidLoggerOptions(options) {

package/package.json

@@ -17,7 +17,7 @@
     "middleware",
     "colors"
   ],
-  "version": "1.4.0",
+  "version": "3.0.0",
   "repository": {
     "type": "git",
     "url": "https://github.com/bithavoc/winston-middleware.git"
@@ -47,20 +47,23 @@
     }
   },
   "dependencies": {
-    "chalk": "~0.4.0",
-    "lodash": "~4.11.1",
-    "winston": "~1.0.0"
+    "chalk": "^2.4.1",
+    "lodash": "^4.17.10"
   },
   "devDependencies": {
     "blanket": "^1.2.2",
-    "mocha": "^2.4.5",
+    "mocha": "^5.2.0",
     "node-mocks-http": "^1.5.1",
-    "promise": "^7.1.1",
-    "should": "^8.2.2",
-    "travis-cov": "^0.2.5"
+    "should": "^13.2.3",
+    "travis-cov": "^0.2.5",
+    "winston": ">=3.x <4",
+    "winston-transport": "^4.2.0"
+  },
+  "peerDependencies": {
+    "winston": ">=3.x <4"
   },
   "engines": {
-    "node": ">=0.10.0"
+    "node": ">= 6"
   },
   "license": "MIT",
   "contributors": [

package/test/test.js

@@ -1,10 +1,10 @@
 var util = require('util');
 
 var mocks = require('node-mocks-http');
-var Promise = require('promise/lib/es6-extensions');
 var should = require('should');
 var _ = require('lodash');
 var winston = require('winston');
+var Transport = require('winston-transport');
 
 var expressWinston = require('../index.js');
 
@@ -12,21 +12,23 @@ expressWinston.ignoredRoutes.push('/ignored');
 expressWinston.responseWhitelist.push('body');
 expressWinston.bodyBlacklist.push('potato');
 
-var MockTransport = function (test, options) {
-  test.transportInvoked = false;
+class MockTransport extends Transport {
+  constructor(test, options) {
+    super(options || {});
 
-  winston.Transport.call(this, options || {});
+    this._test = test;
+    this._test.transportInvoked = false;
+  }
 
-  this.log = function (level, msg, meta, cb) {
-    test.transportInvoked = true;
-    test.log.level = level;
-    test.log.msg = msg;
-    test.log.meta = meta;
+  log(info, cb) {
+    this._test.transportInvoked = true;
+    this._test.log.level = info.level;
+    this._test.log.msg = info.message;
+    this._test.log.meta = info.meta;
     this.emit('logged');
     return cb();
-  };
-};
-util.inherits(MockTransport, winston.Transport);
+  }
+}
 
 function mockReq(reqMock) {
   var reqSpec = _.extend({
@@ -119,6 +121,7 @@ function errorLoggerTestHelper(providedOptions) {
 }
 
 describe('winston-middleware', function () {
+
   describe('.errorLogger()', function () {
     it('should be a function', function () {
       expressWinston.errorLogger.should.be.a.Function();
@@ -228,6 +231,47 @@ describe('winston-middleware', function () {
       });
     });
 
+    describe('exceptionToMeta option', function () {
+      it('should, use exceptionToMeta function when given', function () {
+        function exceptionToMeta(error) {
+          return {
+            stack: error.stack && error.stack.split('\n')
+          };
+        }
+
+        var testHelperOptions = { loggerOptions: { exceptionToMeta: exceptionToMeta } };
+        return errorLoggerTestHelper(testHelperOptions).then(function (result) {
+          result.log.meta.stack.should.be.ok();
+          result.log.meta.should.not.have.property('trace');
+        });
+      });
+
+      it('should, use getAllInfo function when not given', function () {
+        var testHelperOptions = { loggerOptions: { } };
+        return errorLoggerTestHelper(testHelperOptions).then(function (result) {
+          result.log.meta.should.have.property('date');
+          result.log.meta.should.have.property('process');
+          result.log.meta.should.have.property('os');
+          result.log.meta.should.have.property('trace');
+          result.log.meta.should.have.property('stack');
+        });
+      });
+    });
+
+    describe('blacklistedMetaFields option', function () {
+      it('should, remove given fields from the meta result', function () {
+        var testHelperOptionsWithBlacklist = { loggerOptions: { blacklistedMetaFields: ['trace'] } };
+        return errorLoggerTestHelper(testHelperOptionsWithBlacklist).then(function (result) {
+          result.log.meta.should.not.have.property('trace');
+        });
+
+        var testHelperOptionsWithoutBlacklist = { loggerOptions: {} };
+        return errorLoggerTestHelper(testHelperOptionsWithoutBlacklist).then(function (result) {
+          result.log.meta.should.have.property('trace');
+        });
+      });
+    });
+
     describe('metaField option', function () {
       it('should, when using a custom metaField, log the custom metaField', function () {
         var testHelperOptions = {loggerOptions: {metaField: 'metaField'}};
@@ -260,6 +304,73 @@ describe('winston-middleware', function () {
         });
       });
     });
+
+    describe('dynamicMeta option', function () {
+      var testHelperOptions = {
+        req: {
+          body: {
+            age: 42,
+            potato: 'Russet'
+          },
+          user: {
+            username: "john@doe.com",
+            role: "operator"
+          }
+        },
+        res: {
+          custom: 'custom response runtime field'
+        },
+        originalError: new Error('FOO'),
+        loggerOptions: {
+          meta: true,
+          dynamicMeta: function(req, res, err) {
+            return {
+              user: req.user.username,
+              role: req.user.role,
+              custom: res.custom,
+              errMessage: err.message
+            }
+          }
+        }
+      };
+
+      it('should contain dynamic meta data if meta and dynamicMeta activated', function () {
+        return errorLoggerTestHelper(testHelperOptions).then(function (result) {
+          result.log.meta.req.should.be.ok();
+          result.log.meta.user.should.equal('john@doe.com');
+          result.log.meta.role.should.equal('operator');
+          result.log.meta.custom.should.equal('custom response runtime field');
+          result.log.meta.errMessage.should.equal('FOO');
+        });
+      });
+
+      it('should work with metaField option', function () {
+        testHelperOptions.loggerOptions.metaField = 'metaField';
+        return errorLoggerTestHelper(testHelperOptions).then(function (result) {
+          result.log.meta.metaField.req.should.be.ok();
+          result.log.meta.metaField.user.should.equal('john@doe.com');
+          result.log.meta.metaField.role.should.equal('operator');
+          result.log.meta.metaField.custom.should.equal('custom response runtime field');
+          result.log.meta.metaField.errMessage.should.equal('FOO');
+        });
+      });
+
+      it('should not contain dynamic meta data if dynamicMeta activated but meta false', function () {
+        testHelperOptions.loggerOptions.meta = false;
+        return errorLoggerTestHelper(testHelperOptions).then(function (result) {
+          should.not.exist(result.log.meta.req);
+          should.not.exist(result.log.meta.user);
+          should.not.exist(result.log.meta.role);
+          should.not.exist(result.log.meta.custom);
+          should.not.exist(result.log.meta.errMessage);
+        });
+      });
+
+      it('should throw an error if dynamicMeta is not a function', function () {
+        var loggerFn = expressWinston.errorLogger.bind(expressWinston, {dynamicMeta: 12});
+        loggerFn.should.throw();
+      });
+    });
   });
 
   describe('.logger()', function () {
@@ -309,6 +420,34 @@ describe('winston-middleware', function () {
       });
     });
 
+    it('should log entire body when request whitelist contains body and there is no body whitelist or blacklist', function () {
+      function next(req, res, next) {
+        res.end();
+      }
+      var testHelperOptions = {
+        next: next,
+        req: {
+          body: {
+            foo: 'bar',
+            baz: 'qux'
+          },
+          routeLevelAddedProperty: 'value that should be logged',
+          url: '/hello'
+        },
+        loggerOptions: {
+          bodyBlacklist: [],
+          bodyWhitelist: [],
+          requestWhitelist: expressWinston.requestWhitelist.concat('body')
+        }
+      };
+      return loggerTestHelper(testHelperOptions).then(function (result) {
+        result.log.meta.req.body.should.eql({
+          foo: 'bar',
+          baz: 'qux'
+        });
+      });
+    });
+
     it('should not invoke the transport when invoked on a route with transport level of "error"', function () {
       function next(req, res, next) {
         req._routeWhitelists.req = ['routeLevelAddedProperty'];
@@ -372,7 +511,7 @@ describe('winston-middleware', function () {
     });
 
     it('should use the exported bodyBlacklist', function() {
-      var originalWhitelist = expressWinston.bodyBlacklist;
+      var originalBlacklist = expressWinston.bodyBlacklist;
       expressWinston.bodyBlacklist = ['foo'];
 
       var options = {
@@ -380,7 +519,7 @@ describe('winston-middleware', function () {
       };
       return loggerTestHelper(options).then(function (result) {
         // Return to the original value for later tests
-        expressWinston.bodyBlacklist = originalWhitelist;
+        expressWinston.bodyBlacklist = originalBlacklist;
 
         result.log.meta.req.body.should.not.have.property('foo');
         result.log.meta.req.body.should.have.property('baz');
@@ -535,6 +674,35 @@ describe('winston-middleware', function () {
       });
     });
 
+    describe('when middleware function is invoked on a route that returns JSON', function() {
+      it('should parse JSON in response body', function() {
+        var bodyObject = { "message": "Hi!  I\'m a chunk!" };
+        function next(req, res, next) {
+          // Set Content-Type in a couple different case types, just in case.
+          // Seems like the mock response doesn't quite handle the case
+          // translation on these right.
+          res.setHeader('Content-Type', 'application/json');
+          res.setHeader('content-type', 'application/json');
+          res.end(JSON.stringify(bodyObject));
+        }
+        return loggerTestHelper({next: next}).then(function(result) {
+            result.log.meta.res.body.should.eql(bodyObject);
+        });
+      });
+
+      it('should not blow up when response body is invalid JSON', function() {
+        function next(req, res, next) {
+          // Set Content-Type in a couple different case types, just in case.
+          // Seems like the mock response doesn't quite handle the case
+          // translation on these right.
+          res.setHeader('Content-Type', 'application/json');
+          res.setHeader('content-type', 'application/json');
+          res.end('}');
+        }
+        return loggerTestHelper({next: next});
+      });
+    });
+
     describe('when middleware function is invoked on a route that should be ignored (by .ignoredRoutes)', function () {
       var testHelperOptions = {
         req: {url: '/ignored'}
@@ -557,6 +725,7 @@ describe('winston-middleware', function () {
       it('should match the Express format when logging', function () {
         var testHelperOptions = {
           loggerOptions: {
+            colorize: true,
             expressFormat: true
           },
           req: {
@@ -569,6 +738,115 @@ describe('winston-middleware', function () {
           resultMsg.should.endWith('ms\u001b[39m');
         });
       });
+
+      it('should not emit colors when colorize option is false', function() {
+        var testHelperOptions = {
+          loggerOptions: {
+            colorize: false,
+            expressFormat: true
+          },
+          req: {
+            url: '/all-the-things'
+          }
+        };
+        return loggerTestHelper(testHelperOptions).then(function (result) {
+          var resultMsg = result.log.msg;
+          resultMsg.should.startWith('GET /all-the-things 200 ');
+          resultMsg.should.endWith('ms');
+        });
+      });
+
+      it('should not emit colors when colorize option is not present', function() {
+        var testHelperOptions = {
+          loggerOptions: {
+            colorize: false,
+            expressFormat: true
+          },
+          req: {
+            url: '/all-the-things'
+          }
+        };
+        return loggerTestHelper(testHelperOptions).then(function (result) {
+          var resultMsg = result.log.msg;
+          resultMsg.should.startWith('GET /all-the-things 200 ');
+          resultMsg.should.endWith('ms');
+        });
+      });
+    });
+
+    describe('colorize option', function () {
+      it('should make status code text green if < 300', function () {
+        var testHelperOptions = {
+          loggerOptions: {
+            colorize: true,
+            msg: '{{res.statusCode}} {{req.method}} {{req.url}}'
+          },
+          req: {
+            url: '/all-the-things'
+          }
+        };
+        return loggerTestHelper(testHelperOptions).then(function (result) {
+          var resultMsg = result.log.msg;
+          resultMsg.should.eql('\u001b[32m200\u001b[39m GET /all-the-things');
+        });
+      });
+
+      it('should make status code text cyan if >= 300 and < 400', function () {
+        var testHelperOptions = {
+          loggerOptions: {
+            colorize: true,
+            msg: '{{res.statusCode}} {{req.method}} {{req.url}}'
+          },
+          req: {
+            url: '/all-the-things'
+          },
+          res: {
+            statusCode: 302
+          }
+        };
+        return loggerTestHelper(testHelperOptions).then(function (result) {
+          var resultMsg = result.log.msg;
+          resultMsg.should.eql('\u001b[36m302\u001b[39m GET /all-the-things');
+        });
+      });
+
+      it('should make status code text yellow if >= 400 and < 500', function () {
+        var testHelperOptions = {
+          loggerOptions: {
+            colorize: true,
+            msg: '{{res.statusCode}} {{req.method}} {{req.url}}'
+          },
+          req: {
+            url: '/all-the-things'
+          },
+          res: {
+            statusCode: 420
+          }
+        };
+        return loggerTestHelper(testHelperOptions).then(function (result) {
+          var resultMsg = result.log.msg;
+          resultMsg.should.eql('\u001b[33m420\u001b[39m GET /all-the-things');
+        });
+      });
+
+      it('should make status code text red if >= 500', function () {
+        var testHelperOptions = {
+          loggerOptions: {
+            colorize: true,
+            msg: '{{res.statusCode}} {{req.method}} {{req.url}}'
+          },
+          req: {
+            url: '/all-the-things'
+          },
+          res: {
+            statusCode: 500
+          }
+        };
+        return loggerTestHelper(testHelperOptions).then(function (result) {
+          var resultMsg = result.log.msg;
+          resultMsg.should.eql('\u001b[31m500\u001b[39m GET /all-the-things');
+        });
+      });
     });
 
     describe('msg option', function () {
@@ -798,6 +1076,59 @@ describe('winston-middleware', function () {
       });
     });
 
+    describe('when levels set to a function', function () {
+        it('should have custom status level provided by the function when 100 <= statusCode < 400', function () {
+          var testHelperOptions = {
+            next: function (req, res, next) {
+              res.status(200).end('{ "message": "Hi!  I\'m a chunk!" }');
+            },
+            loggerOptions: {
+              level: function(req,res) { return 'silly'; }
+            },
+            transportOptions: {
+              level: 'silly'
+            }
+          };
+          return loggerTestHelper(testHelperOptions).then(function (result) {
+            result.log.level.should.equal('silly');
+          });
+        });
+
+        it('should have custom status level provided by the function when 400 <= statusCode < 500', function () {
+          var testHelperOptions = {
+            next: function (req, res, next) {
+              res.status(403).end('{ "message": "Hi!  I\'m a chunk!" }');
+            },
+            loggerOptions: {
+              level: function(req,res) { return 'silly'; }
+            },
+            transportOptions: {
+              level: 'silly'
+            }
+          };
+          return loggerTestHelper(testHelperOptions).then(function (result) {
+            result.log.level.should.equal('silly');
+          });
+        });
+
+        it('should have custom status level provided by the function when 500 <= statusCode', function () {
+          var testHelperOptions = {
+            next: function (req, res, next) {
+              res.status(500).end('{ "message": "Hi!  I\'m a chunk!" }');
+            },
+            loggerOptions: {
+              level: function(req,res) { return 'silly'; }
+            },
+            transportOptions: {
+              level: 'silly'
+            }
+          };
+          return loggerTestHelper(testHelperOptions).then(function (result) {
+            result.log.level.should.equal('silly');
+          });
+        });
+    });
+
     describe('requestWhitelist option', function () {
       it('should default to global requestWhitelist', function () {
         var options = {
@@ -820,6 +1151,34 @@ describe('winston-middleware', function () {
           result.log.meta.req.should.not.have.property('method');
         });
       });
+
+      it('should not include a req in the log when there is no request whitelist', function() {
+        var options = {
+          loggerOptions: {
+            requestWhitelist: [],
+          }
+        };
+        return loggerTestHelper(options).then(function (result) {
+          should.not.exist(result.log.meta.req);
+        });
+      });
+    });
+
+    describe('bodyBlacklist option', function () {
+      it('should remove the body if it is requestWhitelisted and the bodyBlacklist removes all properties', function() {
+        var options = {
+          loggerOptions: {
+            bodyBlacklist: ['foo', 'baz'],
+            requestWhitelist: ['body'],
+          },
+          req: {
+            body: {foo: 'bar', baz: 'qux'}
+          }
+        };
+        return loggerTestHelper(options).then(function (result) {
+          result.log.meta.req.should.not.have.property('body');
+        });
+      });
     });
 
     describe('responseWhitelist option', function () {
@@ -868,6 +1227,68 @@ describe('winston-middleware', function () {
         });
       });
     });
+
+    describe('dynamicMeta option', function () {
+      var testHelperOptions = {
+        req: {
+          body: {
+            age: 42,
+            potato: 'Russet'
+          },
+          user: {
+            username: "john@doe.com",
+            role: "operator"
+          }
+        },
+        res: {
+          custom: 'custom response runtime field'
+        },
+        loggerOptions: {
+          meta: true,
+          dynamicMeta: function(req, res) {
+            return {
+              user: req.user.username,
+              role: req.user.role,
+              custom: res.custom
+            }
+          }
+        }
+      };
+
+      it('should contain dynamic meta data if meta and dynamicMeta activated', function () {
+        return loggerTestHelper(testHelperOptions).then(function (result) {
+          result.log.meta.req.should.be.ok();
+          result.log.meta.user.should.equal('john@doe.com');
+          result.log.meta.role.should.equal('operator');
+          result.log.meta.custom.should.equal('custom response runtime field');
+        });
+      });
+
+      it('should work with metaField option', function () {
+        testHelperOptions.loggerOptions.metaField = 'metaField';
+        return loggerTestHelper(testHelperOptions).then(function (result) {
+          result.log.meta.metaField.req.should.be.ok();
+          result.log.meta.metaField.user.should.equal('john@doe.com');
+          result.log.meta.metaField.role.should.equal('operator');
+          result.log.meta.metaField.custom.should.equal('custom response runtime field');
+        });
+      });
+
+      it('should not contain dynamic meta data if dynamicMeta activated but meta false', function () {
+        testHelperOptions.loggerOptions.meta = false;
+        return loggerTestHelper(testHelperOptions).then(function (result) {
+          should.not.exist(result.log.meta.req);
+          should.not.exist(result.log.meta.user);
+          should.not.exist(result.log.meta.role);
+          should.not.exist(result.log.meta.custom);
+        });
+      });
+
+      it('should throw an error if dynamicMeta is not a function', function () {
+        var loggerFn = expressWinston.logger.bind(expressWinston, {dynamicMeta: 12});
+        loggerFn.should.throw();
+      });
+    });
   });
 
   describe('.requestWhitelist', function () {