From 87d4db66086bed0abb1423605c6a81d9c85ee35b Mon Sep 17 00:00:00 2001
From: Jacob McSwain <jacob@mcswain.dev>
Date: Sun, 28 Jul 2024 14:19:06 -0500
Subject: [PATCH] logger: allow skipping query string output

This is useful for APIs that might have sensitive information in the query string, such as API keys.

This patch does not change the default behavior of the code unless the new `SkipQueryString` config option is passed in.

The "skip" term is a bit of a misnomer here, as this doesn't actually skip that log, but modifies the output. I'm open to suggestions for a more appropriate name.
---
 docs/doc.md    | 15 +++++++++++++++
 logger.go      |  7 ++++++-
 logger_test.go | 14 ++++++++++++++
 3 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/docs/doc.md b/docs/doc.md
index 51366409..143e01e6 100644
--- a/docs/doc.md
+++ b/docs/doc.md
@@ -22,6 +22,7 @@
   - [How to write log file](#how-to-write-log-file)
   - [Custom Log Format](#custom-log-format)
   - [Controlling Log output coloring](#controlling-log-output-coloring)
+  - [Avoid logging query strings](#avoid-loging-query-strings)
   - [Model binding and validation](#model-binding-and-validation)
   - [Custom Validators](#custom-validators)
   - [Only Bind Query String](#only-bind-query-string)
@@ -589,6 +590,20 @@ func main() {
 }
 ```
 
+### Avoid logging query strings
+
+```go
+func main() {
+  router := gin.New()
+  
+  // SkipQueryString indicates that the logger should not log the query string.
+  // For example, /path?q=1 will be logged as /path
+  loggerConfig := gin.LoggerConfig{SkipQueryString: true}
+  
+  router.Use(gin.LoggerWithConfig(loggerConfig))
+}
+```
+
 ### Model binding and validation
 
 To bind a request body into a type, use model binding. We currently support binding of JSON, XML, YAML, TOML and standard form values (foo=bar&boo=baz).
diff --git a/logger.go b/logger.go
index db2c6832..251acf05 100644
--- a/logger.go
+++ b/logger.go
@@ -44,6 +44,11 @@ type LoggerConfig struct {
 	// Optional. Default value is gin.DefaultWriter.
 	Output io.Writer
 
+	// SkipQueryString indicates that query strings should not be written
+	// for cases such as when API keys are passed via query strings.
+	// Optional. Default value is false.
+	SkipQueryString bool
+
 	// SkipPaths is an url path array which logs are not written.
 	// Optional.
 	SkipPaths []string
@@ -270,7 +275,7 @@ func LoggerWithConfig(conf LoggerConfig) HandlerFunc {
 
 		param.BodySize = c.Writer.Size()
 
-		if raw != "" {
+		if raw != "" && !conf.SkipQueryString {
 			path = path + "?" + raw
 		}
 
diff --git a/logger_test.go b/logger_test.go
index b05df740..03c8d069 100644
--- a/logger_test.go
+++ b/logger_test.go
@@ -454,3 +454,17 @@ func TestForceConsoleColor(t *testing.T) {
 	// reset console color mode.
 	consoleColorMode = autoColor
 }
+
+func TestLoggerWithConfigSkipQueryString(t *testing.T) {
+	buffer := new(strings.Builder)
+	router := New()
+	router.Use(LoggerWithConfig(LoggerConfig{
+		Output:          buffer,
+		SkipQueryString: true,
+	}))
+	router.GET("/logged", func(c *Context) { c.Status(http.StatusOK) })
+
+	PerformRequest(router, "GET", "/logged?a=21")
+	assert.Contains(t, buffer.String(), "200")
+	assert.NotContains(t, buffer.String(), "a=21")
+}