Remove pii (#2602)

* Remove JWT tokens and ip addresses from records * Use save exact * Fix * Fix * Rename * Downgrade status code * Check if dev * Make server stats still accessible in maintenance Co-authored-by: Jack <jack@monkeytype.com>
2025-03-06 19:54:39 +08:00 · 2022-02-28 09:13:59 -05:00 · 2022-02-28 09:13:59 -05:00 · 999e8636e1
commit 999e8636e1
parent 053ca05d00
4 changed files with 963 additions and 31 deletions
--- a/backend/api/routes/index.ts
+++ b/backend/api/routes/index.ts
@ -29,6 +29,31 @@ const API_ROUTE_MAP = {
 function addApiRoutes(app: Application): void {
  let requestsProcessed = 0;

+  app.use(
+    swStats.getMiddleware({
+      name: "Monkeytype API",
+      // hostname: process.env.MODE === "dev" ? "localhost": process.env.STATS_HOSTNAME,
+      // ip: process.env.MODE === "dev" ? "127.0.0.1": process.env.STATS_IP,
+      uriPath: "/stats",
+      authentication: process.env.MODE !== "dev",
+      onAuthenticate: (_req, username, password) => {
+        return (
+          username === process.env.STATS_USERNAME &&
+          password === process.env.STATS_PASSWORD
+        );
+      },
+      onResponseFinish: (_req, _res, rrr) => {
+        if (process.env.MODE === "dev") {
+          return;
+        }
+        const authHeader = rrr.http.request.headers.authorization ?? "None";
+        const authType = authHeader.split(" ");
+        rrr.http.request.headers.authorization = authType[0];
+        rrr.http.request.headers["x-forwarded-for"] = "";
+      },
+    })
+  );
+
  app.use(
    (req: MonkeyTypes.Request, res: Response, next: NextFunction): void => {
      const inMaintenance =
@ -44,22 +69,6 @@ function addApiRoutes(app: Application): void {
    }
  );

-  app.use(
-    swStats.getMiddleware({
-      name: "Monkeytype API",
-      // hostname: process.env.MODE === "dev" ? "localhost": process.env.STATS_HOSTNAME,
-      // ip: process.env.MODE === "dev" ? "127.0.0.1": process.env.STATS_IP,
-      uriPath: "/stats",
-      authentication: process.env.MODE === "dev" ? false : true,
-      onAuthenticate: function (req, username, password) {
-        return (
-          username === process.env.STATS_USERNAME &&
-          password === process.env.STATS_PASSWORD
-        );
-      },
-    })
-  );
-
  app.get(
    "/",
    asyncHandler(async (_req, _res) => {
--- a/backend/middlewares/api-utils.ts
+++ b/backend/middlewares/api-utils.ts
@ -133,7 +133,7 @@ function validateRequest(validationSchema: ValidationSchema): RequestHandler {
        if (error) {
          const errorMessage = error.details[0].message;
          throw new MonkeyError(
-            500,
+            400,
            validationErrorMessage ??
              `${errorMessage} (${error.details[0].context.value})`
          );
--- a/backend/package-lock.json
+++ b/backend/package-lock.json
--- a/backend/package.json
+++ b/backend/package.json
@ -30,10 +30,10 @@
    "node-object-hash": "2.3.10",
    "nodemon": "2.0.7",
    "path": "0.12.7",
-    "prom-client": "^12.0.0",
+    "prom-client": "14.0.1",
    "simple-git": "2.45.1",
    "string-similarity": "4.0.4",
-    "swagger-stats": "^0.99.2",
+    "swagger-stats": "0.99.2",
    "ua-parser-js": "0.7.28",
    "uuid": "8.3.2"
  },
@ -43,6 +43,7 @@
    "@types/lodash": "4.14.178",
    "@types/mongodb": "4.0.7",
    "@types/node": "17.0.18",
+    "@types/swagger-stats": "0.95.4",
    "@types/uuid": "8.3.4"
  }
 }