committing to insanit

1 files changed, 31 insertions, 0 deletions

diff --git a/backend/seckelapi/config/logging.toml b/backend/seckelapi/config/logging.toml
new file mode 100644
index 0000000..fdfc08a
--- /dev/null
+++ b/backend/seckelapi/config/logging.toml
@@ -0,0 +1,31 @@
+# Logging Configuration
+[logging]
+# all logs can be commented out to disable them if you want yk, because you probably dont need more than the combined log
+request_log = "./logs/request.log"
+query_log = "./logs/queries.log"
+error_log = "./logs/error.log"
+warning_log = "./logs/warning.log"
+info_log = "./logs/info.log"
+combined_log = "./logs/sequel.log"
+
+# Log levels: debug, info, warn, error
+level = "info"
+
+# mask fields that are sensitive in logs (they are hashed anyways but why log bcrypt hashes in ur logs thats dumb)
+mask_passwords = true
+
+# other values that we might not want in query logs (also applies to request logs)
+sensitive_fields = ["login_string", "password_reset_token", "pin_code"]
+
+# Custom log filters, route specific log entries to separate files using regex ... yes I have autism why are you asking?
+[[logging.custom_filters]]
+name = "security_violations"
+output_file = "./logs/security_violations.log"
+pattern = "(Permission denied|Too many WHERE|Authentication failed|invalid credentials|invalid PIN|invalid token)"
+enabled = true
+
+[[logging.custom_filters]]
+name = "admin_transactions"
+output_file = "./logs/admin_activity.log"
+pattern = "user=admin|power=100"
+enabled = true