SEC-331: cut secrets from logs (#35)

* SEC-331: cut secrets from logs * SEC-331: fix formatting * SEC-331: fix dialyzer * SEC-331: cleanup logs --------- Co-authored-by: anatoliy.losev <losto@nix>
2024-11-06 01:05:21 +00:00 · 2023-06-09 11:08:51 +03:00 · 2023-06-09 11:08:51 +03:00 · 14c307f0de
commit 14c307f0de
parent 9b423010e3
4 changed files with 103 additions and 14 deletions
--- a/apps/party_management/src/party_management.erl
+++ b/apps/party_management/src/party_management.erl
@ -59,7 +59,7 @@ get_api_child_spec(MachineHandlers, Opts) ->
            port => genlib_app:env(?MODULE, port, 8022),
            transport_opts => genlib_app:env(?MODULE, transport_opts, #{}),
            protocol_opts => genlib_app:env(?MODULE, protocol_opts, #{}),
-            event_handler => {scoper_woody_event_handler, EventHandlerOpts},
+            event_handler => {pm_woody_event_handler, EventHandlerOpts},
            handlers =>
                pm_machine:get_service_handlers(MachineHandlers, Opts) ++
                [
--- a/apps/party_management/src/pm_claim_committer_validator.erl
+++ b/apps/party_management/src/pm_claim_committer_validator.erl
@ -107,12 +107,6 @@ assert_shop_contract_valid(
        payments = #domain_PaymentsServiceTerms{categories = CategorySelector}
    } = Terms,
    Categories = pm_selector:reduce_to_value(CategorySelector, #{}, Revision),
-    logger:log(
-        info,
-        "Assert shop contract valid, contract: ~p, category: ~p, categorySelector: ~p",
-        [pm_contract:get_id(Contract), CategoryRef, CategorySelector],
-        logger:get_process_metadata()
-    ),
    _ =
        ordsets:is_element(CategoryRef, Categories) orelse
            throw(
@ -213,12 +207,6 @@ assert_currency_valid(

 assert_currency_valid(Prefix, ContractID, CurrencyRef, Selector, Terms, Revision) ->
    Currencies = pm_selector:reduce_to_value(Selector, #{}, Revision),
-    logger:log(
-        info,
-        "Assert currency valid, selector: ~p, currency: ~p, currencies: ~p",
-        [Selector, CurrencyRef, Currencies],
-        logger:get_process_metadata()
-    ),
    _ = ordsets:is_element(CurrencyRef, Currencies) orelse raise_contract_terms_violated(Prefix, ContractID, Terms).

 -spec raise_contract_terms_violated(
--- a/apps/party_management/src/pm_woody_client.erl
+++ b/apps/party_management/src/pm_woody_client.erl
@ -24,7 +24,7 @@ new(Opts = #{url := _}) ->
    EventHandlerOpts = genlib_app:env(party_management, scoper_event_handler_options, #{}),
    maps:merge(
        #{
-            event_handler => {scoper_woody_event_handler, EventHandlerOpts}
+            event_handler => {pm_woody_event_handler, EventHandlerOpts}
        },
        maps:with([url, event_handler, transport_opts], Opts)
    );
--- a/apps/party_management/src/pm_woody_event_handler.erl
+++ b/apps/party_management/src/pm_woody_event_handler.erl
@ -0,0 +1,101 @@
+-module(pm_woody_event_handler).
+
+-behaviour(woody_event_handler).
+
+-include_lib("damsel/include/dmsl_base_thrift.hrl").
+-include_lib("damsel/include/dmsl_domain_thrift.hrl").
+-include_lib("damsel/include/dmsl_payproc_thrift.hrl").
+
+%% woody_event_handler behaviour callbacks
+-export([handle_event/4]).
+
+-spec handle_event(Event, RpcId, Meta, Opts) -> ok when
+    Event :: woody_event_handler:event(),
+    RpcId :: woody:rpc_id() | undefined,
+    Meta :: woody_event_handler:event_meta(),
+    Opts :: woody:options().
+handle_event(Event, RpcID, RawMeta, Opts) ->
+    FilteredMeta = filter_meta(RawMeta),
+    scoper_woody_event_handler:handle_event(Event, RpcID, FilteredMeta, Opts).
+
+%% Internals
+
+filter_meta(RawMeta0) ->
+    maps:map(fun do_filter_meta/2, RawMeta0).
+
+do_filter_meta(args, Args) ->
+    filter(Args);
+do_filter_meta(_Key, Value) ->
+    Value.
+
+%% cut secrets
+filter(#payproc_ProviderTerminal{proxy = Proxy} = ProviderTerminal) ->
+    #domain_ProxyDefinition{options = Options} = Proxy,
+    ProviderTerminal#payproc_ProviderTerminal{
+        proxy = Proxy#domain_ProxyDefinition{options = maps:without([<<"api-key">>, <<"secret-key">>], Options)}
+    };
+%% common
+filter(L) when is_list(L) ->
+    [filter(E) || E <- L];
+filter(T) when is_tuple(T) ->
+    list_to_tuple(filter(tuple_to_list(T)));
+%% default
+filter(V) ->
+    V.
+
+-ifdef(TEST).
+
+-include_lib("eunit/include/eunit.hrl").
+
+-define(ARG_W_SECRET,
+    {
+        #payproc_ProviderTerminal{
+            ref = #domain_TerminalRef{id = 128},
+            name = <<"TestTerm">>,
+            provider = #payproc_ProviderDetails{
+                ref = #domain_ProviderRef{id = 1},
+                name = <<"Provider1">>
+            },
+            proxy = #domain_ProxyDefinition{
+                name = <<"Proxy">>,
+                description = <<"Desc">>,
+                url = <<"http://127.0.0.1">>,
+                options = #{<<"api-key">> => <<"secret">>, <<"secret-key">> => <<"secret">>}
+            }
+        }
+    }
+).
+
+-define(ARG_WO_SECRET,
+    {
+        #payproc_ProviderTerminal{
+            ref = #domain_TerminalRef{id = 128},
+            name = <<"TestTerm">>,
+            provider = #payproc_ProviderDetails{
+                ref = #domain_ProviderRef{id = 1},
+                name = <<"Provider1">>
+            },
+            proxy = #domain_ProxyDefinition{
+                name = <<"Proxy">>,
+                description = <<"Desc">>,
+                url = <<"http://127.0.0.1">>,
+                options = #{}
+            }
+        }
+    }
+).
+
+-spec test() -> _.
+
+-spec format_event_w_secret_test_() -> _.
+format_event_w_secret_test_() ->
+    [
+        ?_assertEqual(
+            #{args => {some_data, ?ARG_WO_SECRET}, code => 200, function => 'ComputePaymentInstitutionTerms'},
+            filter_meta(
+                #{args => {some_data, ?ARG_W_SECRET}, code => 200, function => 'ComputePaymentInstitutionTerms'}
+            )
+        )
+    ].
+
+-endif.