Skip to content

fix: contextualize email redaction in audit logs and error reports#862

Merged
RUKAYAT-CODER merged 1 commit into
rinafcode:mainfrom
AbuJulaybeeb:feat/781-refactor-logging-email
Jun 29, 2026
Merged

fix: contextualize email redaction in audit logs and error reports#862
RUKAYAT-CODER merged 1 commit into
rinafcode:mainfrom
AbuJulaybeeb:feat/781-refactor-logging-email

Conversation

@AbuJulaybeeb

Copy link
Copy Markdown
Contributor

What was done

Removed email from the global SENSITIVE_KEYS list and Pino logger redact paths in src/lib/logging/index.ts.
Implemented targeted email redaction inside the src/app/api/errors/report/route.ts handler to protect deeply nested PII.
Applied contextual email redaction logic to ensure form data handlers can safely filter email addresses before persisting error state.
Updated the assertions in src/lib/logging/logger.test.ts to confirm that valid audit emails are now retained without compromising credential redaction behaviors.
Why it was done To resolve an over-redaction bug where audit logs were stripping the actor's email (a critical identifier for security investigations), while still maintaining strict PII redaction for user-submitted form state and error payloads.

How it was verified Manually analyzed form payloads and executed npx vitest run src/lib/logging/logger.test.ts which verified that standard credential strings and objects are appropriately masked, while basic logging contexts (like actor emails) pass unredacted.

✅ Required line:
Closes #781

@drips-wave

drips-wave Bot commented Jun 29, 2026

Copy link
Copy Markdown

@AbuJulaybeeb Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@RUKAYAT-CODER

Copy link
Copy Markdown
Contributor

Thank you for contributing to the project

@RUKAYAT-CODER RUKAYAT-CODER merged commit 6b2c5e8 into rinafcode:main Jun 29, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Refactor] Logging module SENSITIVE_KEYS includes email — valid audit data is over-redacted

3 participants