How to remove sensitive info. in structs from exceptions?

svilen · February 5, 2018, 12:05pm

In my production Phoenix config, I currently have

config :phoenix, :filter_parameters, [
  "password", "password_confirmation",
  "first_name", "last_name",
  "email"
]

However, when an exception occurs when handling a %User{} struct, whole struct is printed out, so the fields are leaked out and logged.

Is there way to plug into Phoenix’s exception handling and ensure these fields are never printed out? I’d like to keep the exception for debugging purposes, but ensure fields in specific structs are white/blacklisted.

Thanks!

voltone · February 5, 2018, 12:41pm

You can define a custom implementation for the Inspect protocol for your %User{} struct that masks the sensitive values.

For example:

  defmodule User do
    # [...]

    defimpl Inspect do
      def inspect(%User{} = u, opts) do
        u
        |> Map.put(:password, "***")
        |> Inspect.Any.inspect(opts)
      end
    end

  end

svilen · February 5, 2018, 12:59pm

Awesome! Exactly what I needed. Thanks a lot