使用config.filter_parameters自定义Rails 3中的参数过滤 [英] Custom filtering of parameters in rails 3 using config.filter_parameters

问题描述

我正在尝试从Rails 2.3.11升级到3.0.10，并且无法转换ApplicationController的filter_parameter_logging中的内容.我要过滤两个参数，如果它们出现在:referrer标记之类的值中，也要过滤它们.

I'm working on upgrading from Rails 2.3.11 to 3.0.10, and am having trouble converting what is in the ApplicationController's filter_parameter_logging. I want to filter both certain parameters, and also filter them if they appear in the value of something like a :referrer tag.

我可以在application.rb

config.filter_parameters += [:password, :oauth, ...]

但是我遇到的麻烦是我们也在filter_parameter_logging中传递的块.它还会过滤掉看起来像url的任何值中的参数，因此http://example.com?password=foobar&oauth=123foo&page=2之类的内容将记录为http://example.com?password=[FILTERED]&oauth=[FILTERED]&page=2.我需要Rails既可以过滤指定的参数，又可以从其他值中仅过滤那些参数的方法，例如上面的url.

But what I'm having trouble with is the block that we also pass in filter_parameter_logging. It also filters out the parameters in any value that looks like a url, so something like http://example.com?password=foobar&oauth=123foo&page=2 would be logged as http://example.com?password=[FILTERED]&oauth=[FILTERED]&page=2. I need a way for rails to both filter the specified params, and also filter only those params out from other values, like in the url above.

这是filter_parameter_logging中的样子:

Here's what it looked like in filter_parameter_logging:

FILTER_WORDS = %{password oauth email ...} 
FILTER_WORDS_REGEX = /#{FILTER_WORDS.join("|")}/i

#Captures param in $1 (would also match things like old_password, new_password), and value in $2
FILTER_WORDS_GSUB_REGEX = /((?:#{FILTER_WORDS.join("|")})[^\/?]*?)(?:=|%3D).*?(&|%26|$)/i

filter_parameter_logging(*FILTER_WORDS) do |k,v|
  begin
    # Bail immediately if we can
    next unless v =~ FILTER_WORDS_REGEX && (v.index("=") || v.index("%3D"))

    #Filters out values for params that match
    v.gsub!(FILTER_WORDS_GSUB_REGEX) do
      "#{$1}=[FILTERED]#{$2}"
    end
  rescue Exception => e
    logger.error e
  end
end

是否有一种方法可以使用application.rb中的config.filter_parameters以这种方式进行轨道滤波?我似乎找不到任何有关如何在Rails 3中自定义过滤的优秀文档.

Is there a way to make rails filter in this way using config.filter_parameters in application.rb? I can't seem to find any good documentation on how to customize filtering in rails 3.

推荐答案

弄清楚了.您可以将lambda语句传递给config.filter_parameters，因此，在我添加了要过滤的参数之后，现在有了这个语句:

Figured it out. You can pass a lambda statement to config.filter_parameters, so after I add the parameters to filter, I have this now:

config.filter_parameters << lambda do |k,v|
  begin
    # Bail immediately if we can
    next unless v =~ FILTER_WORDS_REGEX && (v.index("=") || v.index("%3D"))

    #Filters out values for params that match
    v.gsub!(FILTER_WORDS_GSUB_REGEX) do
      "#{$1}=[FILTERED]#{$2}"
    end
  rescue Exception => e
    logger.error e
  end
end

这篇关于使用config.filter_parameters自定义Rails 3中的参数过滤的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！