使用 config.filter_parameters 对 Rails 3 中的参数进行自定义过滤
我正在努力从 Rails 2.3.11 升级到 3.0.10,但在转换 ApplicationController 的 filter_parameter_logging 中的内容时遇到问题。我想过滤某些参数,如果它们出现在 :referrer 标记之类的值中,也可以过滤它们。
我可以在我的 application.rb 中过滤掉常规参数,
config.filter_parameters += [:password, :oauth, ...]
但我遇到的问题是我们在 filter_parameter_logging 中传递的块。它还过滤掉任何看起来像 url 的值中的参数,因此像 http://example.com?password=foobar&oauth=123foo&page=2 这样的内容将被记录为 http://example.com?password=[FILTERED]&oauth=[FILTERED]&page=2。我需要一种方法让 Rails 既可以过滤指定的参数,又可以仅从其他值中过滤掉这些参数,如上面的 url 所示。
这是它在filter_parameter_logging中的样子:
FILTER_WORDS = %{password oauth email ...}
FILTER_WORDS_REGEX = /#{FILTER_WORDS.join("|")}/i
#Captures param in $1 (would also match things like old_password, new_password), and value in $2
FILTER_WORDS_GSUB_REGEX = /((?:#{FILTER_WORDS.join("|")})[^\/?]*?)(?:=|%3D).*?(&|%26|$)/i
filter_parameter_logging(*FILTER_WORDS) do |k,v|
begin
# Bail immediately if we can
next unless v =~ FILTER_WORDS_REGEX && (v.index("=") || v.index("%3D"))
#Filters out values for params that match
v.gsub!(FILTER_WORDS_GSUB_REGEX) do
"#{$1}=[FILTERED]#{$2}"
end
rescue Exception => e
logger.error e
end
end
有没有办法在application.rb中使用config.filter_parameters以这种方式制作rails过滤器?我似乎找不到任何关于如何在 Rails 3 中自定义过滤的好文档。
I'm working on upgrading from Rails 2.3.11 to 3.0.10, and am having trouble converting what is in the ApplicationController's filter_parameter_logging. I want to filter both certain parameters, and also filter them if they appear in the value of something like a :referrer tag.
I can get the regular parameters filtered out in my application.rb
config.filter_parameters += [:password, :oauth, ...]
But what I'm having trouble with is the block that we also pass in filter_parameter_logging. It also filters out the parameters in any value that looks like a url, so something like http://example.com?password=foobar&oauth=123foo&page=2 would be logged as http://example.com?password=[FILTERED]&oauth=[FILTERED]&page=2. I need a way for rails to both filter the specified params, and also filter only those params out from other values, like in the url above.
Here's what it looked like in filter_parameter_logging:
FILTER_WORDS = %{password oauth email ...}
FILTER_WORDS_REGEX = /#{FILTER_WORDS.join("|")}/i
#Captures param in $1 (would also match things like old_password, new_password), and value in $2
FILTER_WORDS_GSUB_REGEX = /((?:#{FILTER_WORDS.join("|")})[^\/?]*?)(?:=|%3D).*?(&|%26|$)/i
filter_parameter_logging(*FILTER_WORDS) do |k,v|
begin
# Bail immediately if we can
next unless v =~ FILTER_WORDS_REGEX && (v.index("=") || v.index("%3D"))
#Filters out values for params that match
v.gsub!(FILTER_WORDS_GSUB_REGEX) do
"#{$1}=[FILTERED]#{$2}"
end
rescue Exception => e
logger.error e
end
end
Is there a way to make rails filter in this way using config.filter_parameters in application.rb? I can't seem to find any good documentation on how to customize filtering in rails 3.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
想通了。您可以将 lambda 语句传递给 config.filter_parameters,因此在将参数添加到过滤器后,我现在得到了以下内容:
Figured it out. You can pass a lambda statement to
config.filter_parameters, so after I add the parameters to filter, I have this now: