RI-7200 add request metadata to session metadata and exclude it from logs

Author: ArtemHoruzhenko

redisinsight/api/src/common/decorators/client-metadata/client-metadata.decorator.ts

@@ -46,6 +46,8 @@ export const clientMetadataParamFactory = (
     db: options?.ignoreDbIndex
       ? undefined
       : req?.headers?.[API_HEADER_DATABASE_INDEX],
+  }, {
+    groups: ['security'],
   });
 
   const errors = validator.validateSync(clientMetadata, {

redisinsight/api/src/common/decorators/session/session-metadata.decorator.ts

@@ -24,16 +24,17 @@ export const sessionMetadataFromRequest = (
     'correlationId',
   ]);
   const correlationId = request.res?.locals?.session?.correlationId || uuidv4();
+  const requestMetadata = request.res?.locals?.session?.requestMetadata;
 
   const requestSession = {
     userId,
     data,
     sessionId,
     correlationId,
+    requestMetadata,
   };
 
-  // todo: do not forget to deal with session vs sessionMetadata property
-  const session = plainToInstance(SessionMetadata, requestSession);
+  const session = plainToInstance(SessionMetadata, requestSession, { groups: ['security'] });
 
   const errors = validator.validateSync(session, {
     whitelist: false, // we need this to allow additional fields if needed for flexibility

redisinsight/api/src/common/logger/app-logger.ts

@@ -2,6 +2,7 @@ import { LoggerService, Injectable } from '@nestjs/common';
 import { WinstonModule, WinstonModuleOptions } from 'nest-winston';
 import { cloneDeep, isString } from 'lodash';
 import { ClientMetadata, SessionMetadata } from 'src/common/models';
+import { instanceToPlain } from 'class-transformer';
 
 type LogMeta = object;
 
@@ -106,8 +107,8 @@ export class AppLogger implements LoggerService {
       message,
       context,
       error,
-      ...userMetadata,
-      data: optionalParamsCopy?.length ? optionalParamsCopy : undefined,
+      ...instanceToPlain(userMetadata),
+      data: optionalParamsCopy?.length ? instanceToPlain(optionalParamsCopy) : undefined,
     };
   }
 

redisinsight/api/src/common/models/client-metadata.ts

@@ -1,4 +1,4 @@
-import { Session, SessionMetadata } from 'src/common/models/session';
+import { SessionMetadata } from 'src/common/models/session';
 import { Type } from 'class-transformer';
 import {
   IsEnum,
@@ -23,7 +23,7 @@ export enum ClientContext {
 
 export class ClientMetadata {
   @IsNotEmpty()
-  @Type(() => Session)
+  @Type(() => SessionMetadata)
   sessionMetadata: SessionMetadata;
 
   @IsNotEmpty()

redisinsight/api/src/common/models/session.ts

@@ -1,6 +1,7 @@
 import { IsNotEmpty, IsObject, IsOptional, IsString } from 'class-validator';
 import { BadRequestException } from '@nestjs/common';
 import ERROR_MESSAGES from 'src/constants/error-messages';
+import { Expose } from 'class-transformer';
 
 export interface ISessionMetadata {
   userId: string;
@@ -9,21 +10,31 @@ export interface ISessionMetadata {
 }
 
 export class SessionMetadata implements ISessionMetadata {
+  @Expose()
   @IsNotEmpty()
   @IsString()
   userId: string;
 
+  @Expose()
   @IsObject()
   data?: Record<string, any> = {};
 
+  @Expose({ groups: ['security'] })
+  @IsObject()
+  @IsOptional()
+  requestMetadata?: Record<string, any> = {};
+
+  @Expose()
   @IsNotEmpty()
   @IsString()
   sessionId: string;
 
+  @Expose()
   @IsOptional()
   @IsString()
   uniqueId?: string;
 
+  @Expose()
   @IsOptional()
   @IsString()
   correlationId?: string;