From 68f31a9da244a8110173ac6d0abd80a519786d6c Mon Sep 17 00:00:00 2001
From: Ilya Averyanov <av@rubybox.dev>
Date: Wed, 11 Oct 2023 16:32:13 +0300
Subject: [PATCH] fix(authn): do not trace authn requests

---
 apps/emqx_bridge_http/src/emqx_bridge_http.app.src  |  2 +-
 .../src/emqx_bridge_http_connector.erl              | 13 +++++++++----
 changes/ee/fix-11750.en.md                          |  1 +
 3 files changed, 11 insertions(+), 5 deletions(-)
 create mode 100644 changes/ee/fix-11750.en.md

diff --git a/apps/emqx_bridge_http/src/emqx_bridge_http.app.src b/apps/emqx_bridge_http/src/emqx_bridge_http.app.src
index c74e3dde4..e5c559bd5 100644
--- a/apps/emqx_bridge_http/src/emqx_bridge_http.app.src
+++ b/apps/emqx_bridge_http/src/emqx_bridge_http.app.src
@@ -1,6 +1,6 @@
 {application, emqx_bridge_http, [
     {description, "EMQX HTTP Bridge and Connector Application"},
-    {vsn, "0.1.3"},
+    {vsn, "0.1.4"},
     {registered, []},
     {applications, [kernel, stdlib, emqx_connector, emqx_resource, ehttpc]},
     {env, []},
diff --git a/apps/emqx_bridge_http/src/emqx_bridge_http_connector.erl b/apps/emqx_bridge_http/src/emqx_bridge_http_connector.erl
index 0191d5e45..5d1b1947c 100644
--- a/apps/emqx_bridge_http/src/emqx_bridge_http_connector.erl
+++ b/apps/emqx_bridge_http/src/emqx_bridge_http_connector.erl
@@ -57,6 +57,8 @@
 -define(DEFAULT_PIPELINE_SIZE, 100).
 -define(DEFAULT_REQUEST_TIMEOUT_MS, 30_000).
 
+-define(READACT_REQUEST_NOTE, "the request body is redacted due to security reasons").
+
 %%=====================================================================
 %% Hocon schema
 
@@ -303,7 +305,8 @@ on_query(
         "QUERY",
         "http_connector_received",
         #{
-            request => redact(Request),
+            request => redact_request(Request),
+            note => ?READACT_REQUEST_NOTE,
             connector => InstId,
             state => redact(State)
         }
@@ -329,7 +332,7 @@ on_query(
         {error, #{status_code := StatusCode}} ->
             ?SLOG(error, #{
                 msg => "http_connector_do_request_received_error_response",
-                note => "the body will be redacted due to security reasons",
+                note => ?READACT_REQUEST_NOTE,
                 request => redact_request(NRequest),
                 connector => InstId,
                 status_code => StatusCode
@@ -338,7 +341,8 @@ on_query(
         {error, Reason} ->
             ?SLOG(error, #{
                 msg => "http_connector_do_request_failed",
-                request => redact(NRequest),
+                note => ?READACT_REQUEST_NOTE,
+                request => redact_request(NRequest),
                 reason => Reason,
                 connector => InstId
             }),
@@ -379,7 +383,8 @@ on_query_async(
         "QUERY_ASYNC",
         "http_connector_received",
         #{
-            request => redact(Request),
+            request => redact_request(Request),
+            note => ?READACT_REQUEST_NOTE,
             connector => InstId,
             state => redact(State)
         }
diff --git a/changes/ee/fix-11750.en.md b/changes/ee/fix-11750.en.md
new file mode 100644
index 000000000..82dcd1d1e
--- /dev/null
+++ b/changes/ee/fix-11750.en.md
@@ -0,0 +1 @@
+Eliminated logging and tracing of HTTP request bodies in HTTP authentification and HTTP bridges.