proper logging of http

clavery · clavery · commit 273dbc788525 · 2025-11-28T17:41:41.000-05:00
diff --git a/packages/b2c-tooling/src/auth/api-key.ts b/packages/b2c-tooling/src/auth/api-key.ts
@@ -1,10 +1,16 @@
 import type {AuthStrategy} from './types.js';
+import {getLogger} from '../logging/logger.js';
 
 export class ApiKeyStrategy implements AuthStrategy {
   constructor(
     private key: string,
     private headerName = 'x-api-key',
-  ) {}
+  ) {
+    const logger = getLogger();
+    // Show partial key for identification (first 8 chars)
+    const keyPreview = key.length > 8 ? `${key.slice(0, 8)}...` : key;
+    logger.debug({headerName}, `[Auth] Using API Key authentication (${headerName}): ${keyPreview}`);
+  }
 
   async fetch(url: string, init: RequestInit = {}): Promise<Response> {
     const headers = new Headers(init.headers);
diff --git a/packages/b2c-tooling/src/auth/basic.ts b/packages/b2c-tooling/src/auth/basic.ts
@@ -1,10 +1,17 @@
 import type {AuthStrategy} from './types.js';
+import {getLogger} from '../logging/logger.js';
 
 export class BasicAuthStrategy implements AuthStrategy {
   private encoded: string;
 
-  constructor(user: string, pass: string) {
+  constructor(
+    private user: string,
+    pass: string,
+  ) {
     this.encoded = Buffer.from(`${user}:${pass}`).toString('base64');
+
+    const logger = getLogger();
+    logger.debug({username: user}, `[Auth] Using Basic authentication for user: ${user}`);
   }
 
   async fetch(url: string, init: RequestInit = {}): Promise<Response> {
diff --git a/packages/b2c-tooling/src/auth/oauth.ts b/packages/b2c-tooling/src/auth/oauth.ts
@@ -1,5 +1,5 @@
 import type {AuthStrategy, AccessTokenResponse, DecodedJWT} from './types.js';
-import {getLogger} from '../logger.js';
+import {getLogger} from '../logging/logger.js';
 
 const DEFAULT_ACCOUNT_MANAGER_HOST = 'account.demandware.com';
 
@@ -109,7 +109,8 @@ export class OAuthStrategy implements AuthStrategy {
    */
   private async clientCredentialsGrant(): Promise<AccessTokenResponse> {
     const logger = getLogger();
-    logger.debug('Getting access token from client credentials');
+    const url = `https://${this.accountManagerHost}/dwsso/oauth2/access_token`;
+    const method = 'POST';
 
     const params = new URLSearchParams({
       grant_type: 'client_credentials',
@@ -120,18 +121,44 @@ export class OAuthStrategy implements AuthStrategy {
     }
 
     const credentials = Buffer.from(`${this.config.clientId}:${this.config.clientSecret}`).toString('base64');
+    const requestHeaders = {
+      Authorization: `Basic ${credentials}`,
+      'Content-Type': 'application/x-www-form-urlencoded',
+    };
+
+    logger.debug(
+      {clientId: this.config.clientId},
+      `[Auth] Using OAuth client_credentials grant for client: ${this.config.clientId}`,
+    );
+    // Debug: Log request start
+    logger.debug({method, url}, `[Auth REQ] ${method} ${url}`);
+
+    // Trace: Log request details
+    logger.trace({headers: requestHeaders, body: params.toString()}, `[Auth REQ BODY] ${method} ${url}`);
 
-    const response = await fetch(`https://${this.accountManagerHost}/dwsso/oauth2/access_token`, {
-      method: 'POST',
-      headers: {
-        Authorization: `Basic ${credentials}`,
-        'Content-Type': 'application/x-www-form-urlencoded',
-      },
+    const startTime = Date.now();
+    const response = await fetch(url, {
+      method,
+      headers: requestHeaders,
       body: params.toString(),
     });
+    const duration = Date.now() - startTime;
+
+    // Debug: Log response summary
+    logger.debug(
+      {method, url, status: response.status, duration},
+      `[Auth RESP] ${method} ${url} ${response.status} ${duration}ms`,
+    );
+
+    // Get response headers
+    const responseHeaders: Record<string, string> = {};
+    response.headers.forEach((value, key) => {
+      responseHeaders[key] = value;
+    });
 
     if (!response.ok) {
       const errorText = await response.text();
+      logger.trace({headers: responseHeaders, body: errorText}, `[Auth RESP BODY] ${method} ${url}`);
       throw new Error(`Failed to get access token: ${response.status} ${response.statusText} - ${errorText}`);
     }
 
@@ -141,8 +168,11 @@ export class OAuthStrategy implements AuthStrategy {
       scope?: string;
     };
 
+    // Trace: Log response details
+    logger.trace({headers: responseHeaders, body: data}, `[Auth RESP BODY] ${method} ${url}`);
+
     const jwt = decodeJWT(data.access_token);
-    logger.debug(`JWT payload: ${JSON.stringify(jwt.payload, null, 2)}`);
+    logger.trace({jwt: jwt.payload}, '[Auth] JWT payload');
 
     const now = new Date();
     const expiration = new Date(now.getTime() + data.expires_in * 1000);
diff --git a/packages/b2c-tooling/src/clients/ocapi.ts b/packages/b2c-tooling/src/clients/ocapi.ts
@@ -62,26 +62,30 @@ export function createAuthMiddleware(auth: AuthStrategy): Middleware {
 }
 
 /**
- * Creates logging middleware for openapi-fetch.
- *
- * Logs HTTP requests at debug level (summary) and trace level (full details).
- *
- * @returns Middleware that logs requests and responses
+ * Converts Headers to a plain object for logging.
  */
+function headersToObject(headers: Headers): Record<string, string> {
+  const result: Record<string, string> = {};
+  headers.forEach((value, key) => {
+    result[key] = value;
+  });
+  return result;
+}
+
 export function createLoggingMiddleware(): Middleware {
   return {
     async onRequest({request, options}) {
       const logger = getLogger();
-      const url = new URL(request.url);
-      const path = url.pathname;
+      const url = request.url;
 
       // Debug: Log request start
-      logger.debug({method: request.method, path}, `[OCAPI REQ] ${request.method} ${path}`);
+      logger.debug({method: request.method, url}, `[OCAPI REQ] ${request.method} ${url}`);
 
-      // Trace: Log request body
-      if (options.body) {
-        logger.trace({body: options.body}, `[OCAPI REQ BODY] ${request.method} ${path}`);
-      }
+      // Trace: Log request details
+      logger.trace(
+        {headers: headersToObject(request.headers), body: options.body},
+        `[OCAPI REQ BODY] ${request.method} ${url}`,
+      );
 
       // Store start time for duration calculation
       (request as Request & {_startTime?: number})._startTime = Date.now();
@@ -93,17 +97,15 @@ export function createLoggingMiddleware(): Middleware {
       const logger = getLogger();
       const startTime = (request as Request & {_startTime?: number})._startTime ?? Date.now();
       const duration = Date.now() - startTime;
-
-      const url = new URL(request.url);
-      const path = url.pathname;
+      const url = request.url;
 
       // Debug: Log response summary
       logger.debug(
-        {method: request.method, path, status: response.status, duration},
-        `[OCAPI RESP] ${request.method} ${path} ${response.status} ${duration}ms`,
+        {method: request.method, url, status: response.status, duration},
+        `[OCAPI RESP] ${request.method} ${url} ${response.status} ${duration}ms`,
       );
 
-      // Trace: Log response body
+      // Trace: Log response details
       const clonedResponse = response.clone();
       let responseBody: unknown;
       try {
@@ -112,7 +114,10 @@ export function createLoggingMiddleware(): Middleware {
         responseBody = await clonedResponse.text();
       }
 
-      logger.trace({body: responseBody}, `[OCAPI RESP BODY] ${request.method} ${path}`);
+      logger.trace(
+        {headers: headersToObject(response.headers), body: responseBody},
+        `[OCAPI RESP BODY] ${request.method} ${url}`,
+      );
 
       return response;
     },
diff --git a/packages/b2c-tooling/src/clients/webdav.ts b/packages/b2c-tooling/src/clients/webdav.ts
@@ -69,33 +69,57 @@ export class WebDavClient {
     const method = init?.method ?? 'GET';
 
     // Debug: Log request start
-    logger.debug({method, path}, `[WebDAV REQ] ${method} ${path}`);
+    logger.debug({method, url}, `[WebDAV REQ] ${method} ${url}`);
 
-    // Trace: Log request body
-    if (init?.body) {
-      logger.trace({body: this.formatBody(init.body)}, `[WebDAV REQ BODY] ${method} ${path}`);
-    }
+    // Trace: Log request details
+    logger.trace(
+      {headers: this.headersToObject(init?.headers), body: this.formatBody(init?.body)},
+      `[WebDAV REQ BODY] ${method} ${url}`,
+    );
 
     const startTime = Date.now();
     const response = await this.auth.fetch(url, init);
     const duration = Date.now() - startTime;
 
     // Debug: Log response summary
     logger.debug(
-      {method, path, status: response.status, duration},
-      `[WebDAV RESP] ${method} ${path} ${response.status} ${duration}ms`,
+      {method, url, status: response.status, duration},
+      `[WebDAV RESP] ${method} ${url} ${response.status} ${duration}ms`,
     );
 
-    // Trace: Log response body (only for non-binary responses)
+    // Trace: Log response details
+    const responseHeaders = this.headersToObject(response.headers);
+    let responseBody: string | undefined;
     if (response.headers.get('content-type')?.includes('xml')) {
       const clonedResponse = response.clone();
-      const responseBody = await clonedResponse.text();
-      logger.trace({body: responseBody}, `[WebDAV RESP BODY] ${method} ${path}`);
+      responseBody = await clonedResponse.text();
     }
+    logger.trace({headers: responseHeaders, body: responseBody}, `[WebDAV RESP BODY] ${method} ${url}`);
 
     return response;
   }
 
+  /**
+   * Converts Headers to a plain object for logging.
+   */
+  private headersToObject(headers?: HeadersInit | Headers): Record<string, string> | undefined {
+    if (!headers) return undefined;
+
+    const result: Record<string, string> = {};
+    if (headers instanceof Headers) {
+      headers.forEach((value, key) => {
+        result[key] = value;
+      });
+    } else if (Array.isArray(headers)) {
+      for (const [key, value] of headers) {
+        result[key] = value;
+      }
+    } else {
+      Object.assign(result, headers);
+    }
+    return result;
+  }
+
   /**
    * Formats body for logging, describing binary data.
    */
diff --git a/packages/b2c-tooling/src/logging/logger.ts b/packages/b2c-tooling/src/logging/logger.ts
@@ -19,13 +19,39 @@ const REDACT_FIELDS = [
   'token',
   'secret',
   'authorization',
+  'Authorization',
 ];
 
 const REDACT_PATHS = REDACT_FIELDS.flatMap((field) => [field, `*.${field}`]);
 
-function censor(value: unknown): string {
+function censor(value: unknown, path: string[]): string {
+  // Special handling for authorization headers
+  if (path[path.length - 1].toLowerCase() === 'authorization' && typeof value === 'string') {
+    const parts = value.split(' ');
+    if (parts.length === 2) {
+      const [scheme, credentials] = parts;
+
+      // For Basic auth, decode, redact password, and re-encode
+      if (scheme.toLowerCase() === 'basic') {
+        try {
+          const decoded = Buffer.from(credentials, 'base64').toString('utf-8');
+          const colonIndex = decoded.indexOf(':');
+          if (colonIndex !== -1) {
+            const username = decoded.slice(0, colonIndex);
+            const redacted = Buffer.from(`${username}:REDACTED`).toString('base64');
+            return `Basic ${redacted}`;
+          }
+        } catch {
+          // If decoding fails, fall through to default behavior
+        }
+      }
+
+      // For other schemes (Bearer, etc.), show scheme and partial token
+      return `${scheme} ${credentials.slice(0, 6)}...REDACTED`;
+    }
+  }
   if (typeof value === 'string' && value.length > 10) {
-    return `${value.slice(0, 4)}REDACTED`;
+    return `${value.slice(0, 4)}...REDACTED`;
   }
   return 'REDACTED';
 }
