enhanced security by default

Question

enhanced security by default

Vandivier opened this issue a month ago · comments

What do you want and why?

for streamers, blitz logs expose sensitive data by default on the terminal

Possible implementation(s)

// Note: This stays in the /pages folder for the time being

import { rpcHandler } from "@blitzjs/rpc"
import { api } from "src/app/blitz-server"

const getBlitzLogLevel = (): "info" | "debug" | undefined => {
  const requestedLevel = process.env.BLITZ_LOG_DISABLE_LEVEL
  if (requestedLevel === "info" || requestedLevel === "debug") {
    return requestedLevel
  }
  return undefined
}

export default api(
  rpcHandler({
    onError: (error, ctx) => console.log(error),
    logging: {
      disablelevel: getBlitzLogLevel(),
    },
  })
)

John Vandivier · Answer 1 · Sat Jun 01 2024 10:05:44 GMT+0800 (China Standard Time)

related Vandivier/ladderly-3#182

Siddharth Suresh · Answer 2 · Wed Jun 05 2024 01:19:44 GMT+0800 (China Standard Time)

@Vandivier this sounds like a good default, will you be willing to send a PR?

John Vandivier · Answer 3 · Wed Jun 05 2024 04:52:22 GMT+0800 (China Standard Time)

@siddhsuresh yes, thanks! i'll get a PR up in the next 1-3 days