Merged PR 164: BUG916:ユーザーのパスワードをログに出さないようにする

BUG916:ユーザーのパスワードをログに出さないようにする Related work items: #916
BUG916:ユーザーのパスワードをログに出さないようにする
2025-03-26 10:14:44 +00:00 · 2025-03-25 17:09:08 +09:00 · 2025-03-18 04:30:46 +00:00 · 2025-03-18 13:11:04 +09:00 · 2025-03-04 16:53:41 +09:00 · 2025-02-01 14:29:59 +09:00
3 changed files with 67 additions and 13 deletions
--- a/backend/.deployment
+++ b/backend/.deployment
@@ -0,0 +1,2 @@
+[config]
+SCM_DO_BUILD_DURING_DEPLOYMENT=true
--- a/backend/app/core/operation.py
+++ b/backend/app/core/operation.py
@@ -1,4 +1,5 @@

+from urllib.parse import parse_qs, urlencode
 from fastapi import Request
 from fastapi.responses import JSONResponse
 from starlette.middleware.base import BaseHTTPMiddleware
@@ -33,6 +34,48 @@ class LoggingMiddleware(BaseHTTPMiddleware):
            await self.log_request(request, response,state)

        return response
+    
+    def sanitize_password(self,data):
+        """
+        データ内の password パラメータをフィルタリングする機能。
+        dict、JSON 文字列、URL エンコード文字列、QueryDict をサポート。
+        """
+        if data is None:
+            return data
+        elif isinstance(data, dict):
+            data.pop('password', None)
+            return data
+        elif isinstance(data, list):
+            return [self.sanitize_password(item) for item in data]
+        elif isinstance(data, (str, bytes)):
+            if isinstance(data, bytes):
+                data = data.decode('utf-8')  # bytes to str
+            # JSON解析
+            try:
+                parsed_json = json.loads(data)
+                sanitized_json = self.sanitize_password(parsed_json)
+                return json.dumps(sanitized_json, separators=(',', ':'))
+            except json.JSONDecodeError:
+                # URL 解析
+                try:
+                    parsed_dict = parse_qs(data)
+                    parsed_dict.pop('password', None)
+                    return urlencode(parsed_dict, doseq=True)
+                except:
+                    parts = data.split('&')
+                    filtered_parts = []
+                    for part in parts:
+                        if '=' in part:
+                            key, _ = part.split('=', 1)
+                            if key == 'password':
+                                continue
+                        filtered_parts.append(part)
+                    return '&'.join(filtered_parts)
+        #  QueryDict 例えば FastAPI の request.query_params）
+        elif hasattr(data, 'items'): 
+            return {k: v for k, v in data.items() if k != 'password'}
+        return data
+

    async def log_request(self, request: Request, response,state):
        try:
@@ -42,15 +85,26 @@ class LoggingMiddleware(BaseHTTPMiddleware):
                path_template = route.path
            else:
                path_template = request.url.path
-
-            db_operation = OperationLog(tenantid =request.state.tenant,
-                                            clientip = request.client.host if request.client else None,
-                                            useragent =headers.get("user-agent", ""),
-                                            userid = request.state.user,
-                                            operation = request.method,
-                                            function = path_template,
-                                            parameters = str({"path": request.path_params,"query": dict(request.query_params),"body": request.state.body}),
-                                            response = f"status_code:{response.status_code }"  )
+          
+            # passwordのパラメータを除外する
+            safe_query = self.sanitize_password(request.query_params.items())
+               
+            # passwordのパラメータを除外する
+            safe_body = self.sanitize_password(request.state.body)
+           
+            db_operation = OperationLog(
+                tenantid =request.state.tenant,
+                clientip = request.client.host if request.client else None,
+                useragent =headers.get("user-agent", ""),
+                userid = request.state.user,
+                operation = request.method,
+                function = path_template,
+                parameters = str({
+                    "path": request.path_params,
+                    "query": safe_query,
+                    "body": safe_body
+                }),
+                response = f"status_code:{response.status_code }"  )
            
            db = request.state.db
            if db:
@@ -71,5 +125,3 @@ class LoggingMiddleware(BaseHTTPMiddleware):
    async def write_log_to_db(self, db_operation,db):
        db.add(db_operation)
        db.commit()
-
-    
--- a/frontend/.env
+++ b/frontend/.env
@@ -1,6 +1,6 @@
 #開発環境
-#KAB_BACKEND_URL="https://kab-backend.azurewebsites.net/"
+KAB_BACKEND_URL="https://ktune-backend-dev-eba8fkeyffegc3cz.japanwest-01.azurewebsites.net/"
 #単体テスト環境
 #KAB_BACKEND_URL="https://kab-backend-unittest.azurewebsites.net/"
 #ローカル開発環境
-KAB_BACKEND_URL="http://127.0.0.1:8000/"
+#KAB_BACKEND_URL="http://127.0.0.1:8000/"
Author	SHA1	Message	Date
Shohtetsu Ma	3c6e4a6faa	Merged PR 164: BUG916:ユーザーのパスワードをログに出さないようにする BUG916:ユーザーのパスワードをログに出さないようにする Related work items: #916	2025-03-26 10:14:44 +00:00
馬	e1b416060f	BUG916:ユーザーのパスワードをログに出さないようにする	2025-03-25 17:09:08 +09:00
Shohtetsu Ma	a78f403d29	Merged PR 161: BUG919：文言修正 BUG919：画面の文言を修正しました。	2025-03-18 04:30:46 +00:00
馬	47a2fd588e	Merge branch 'dev3' into dev2	2025-03-18 13:11:04 +09:00
馬	3279959bdb	Merge branch 'dev3' into dev2	2025-03-04 16:53:41 +09:00
馬	b68d58fd0f	deploy change	2025-02-01 14:29:59 +09:00