使用config.filter_parameters自定义Rails 3中的参数过滤 [英] Custom filtering of parameters in rails 3 using config.filter_parameters
问题描述
我正在尝试从Rails 2.3.11升级到3.0.10,并且无法转换ApplicationController
的filter_parameter_logging
中的内容.我要过滤两个参数,如果它们出现在:referrer
标记之类的值中,也要过滤它们.
I'm working on upgrading from Rails 2.3.11 to 3.0.10, and am having trouble converting what is in the ApplicationController
's filter_parameter_logging
. I want to filter both certain parameters, and also filter them if they appear in the value of something like a :referrer
tag.
我可以在application.rb
config.filter_parameters += [:password, :oauth, ...]
但是我遇到的麻烦是我们也在filter_parameter_logging中传递的块.它还会过滤掉看起来像url的任何值中的参数,因此http://example.com?password=foobar&oauth=123foo&page=2
之类的内容将记录为http://example.com?password=[FILTERED]&oauth=[FILTERED]&page=2
.我需要Rails既可以过滤指定的参数,又可以从其他值中仅过滤那些参数的方法,例如上面的url.
But what I'm having trouble with is the block that we also pass in filter_parameter_logging. It also filters out the parameters in any value that looks like a url, so something like http://example.com?password=foobar&oauth=123foo&page=2
would be logged as http://example.com?password=[FILTERED]&oauth=[FILTERED]&page=2
. I need a way for rails to both filter the specified params, and also filter only those params out from other values, like in the url above.
这是filter_parameter_logging中的样子:
Here's what it looked like in filter_parameter_logging:
FILTER_WORDS = %{password oauth email ...}
FILTER_WORDS_REGEX = /#{FILTER_WORDS.join("|")}/i
#Captures param in $1 (would also match things like old_password, new_password), and value in $2
FILTER_WORDS_GSUB_REGEX = /((?:#{FILTER_WORDS.join("|")})[^\/?]*?)(?:=|%3D).*?(&|%26|$)/i
filter_parameter_logging(*FILTER_WORDS) do |k,v|
begin
# Bail immediately if we can
next unless v =~ FILTER_WORDS_REGEX && (v.index("=") || v.index("%3D"))
#Filters out values for params that match
v.gsub!(FILTER_WORDS_GSUB_REGEX) do
"#{$1}=[FILTERED]#{$2}"
end
rescue Exception => e
logger.error e
end
end
是否有一种方法可以使用application.rb
中的config.filter_parameters
以这种方式进行轨道滤波?我似乎找不到任何有关如何在Rails 3中自定义过滤的优秀文档.
Is there a way to make rails filter in this way using config.filter_parameters
in application.rb
? I can't seem to find any good documentation on how to customize filtering in rails 3.
推荐答案
弄清楚了.您可以将lambda语句传递给config.filter_parameters
,因此,在我添加了要过滤的参数之后,现在有了这个语句:
Figured it out. You can pass a lambda statement to config.filter_parameters
, so after I add the parameters to filter, I have this now:
config.filter_parameters << lambda do |k,v|
begin
# Bail immediately if we can
next unless v =~ FILTER_WORDS_REGEX && (v.index("=") || v.index("%3D"))
#Filters out values for params that match
v.gsub!(FILTER_WORDS_GSUB_REGEX) do
"#{$1}=[FILTERED]#{$2}"
end
rescue Exception => e
logger.error e
end
end
这篇关于使用config.filter_parameters自定义Rails 3中的参数过滤的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!