From e1bbceb9a63e2eeb927c945476c529607f752da0 Mon Sep 17 00:00:00 2001
From: Philipinho <16838612+Philipinho@users.noreply.github.com>
Date: Tue, 7 Apr 2026 10:10:41 +0100
Subject: [PATCH] fix: logs

---
 apps/server/src/common/helpers/utils.ts      | 12 ++++++++++++
 apps/server/src/common/logger/pino.config.ts |  3 ++-
 apps/server/src/ee                           |  2 +-
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/apps/server/src/common/helpers/utils.ts b/apps/server/src/common/helpers/utils.ts
index 36ff5b63..c37e9a47 100644
--- a/apps/server/src/common/helpers/utils.ts
+++ b/apps/server/src/common/helpers/utils.ts
@@ -142,6 +142,18 @@ export function isUserDisabled(user: {
   return !!(user.deactivatedAt || user.deletedAt);
 }
 
+const SENSITIVE_URL_PREFIXES = ['/api/sso/'];
+
+export function redactSensitiveUrl(url: string): string {
+  if (url && SENSITIVE_URL_PREFIXES.some((prefix) => url.includes(prefix))) {
+    const qsIndex = url.indexOf('?');
+    if (qsIndex !== -1) {
+      return url.substring(0, qsIndex);
+    }
+  }
+  return url;
+}
+
 export function createByteCountingStream(source: Readable) {
   let bytesRead = 0;
   const stream = new Transform({
diff --git a/apps/server/src/common/logger/pino.config.ts b/apps/server/src/common/logger/pino.config.ts
index 0b8cd11a..4c3b1993 100644
--- a/apps/server/src/common/logger/pino.config.ts
+++ b/apps/server/src/common/logger/pino.config.ts
@@ -1,5 +1,6 @@
 import { Params } from 'nestjs-pino';
 import { stdTimeFunctions } from 'pino';
+import { redactSensitiveUrl } from '../helpers/utils';
 
 const CONTEXTS_TO_IGNORE = [
   'InstanceLoader',
@@ -52,7 +53,7 @@ export function createPinoConfig(): Params {
       serializers: {
         req: (req) => ({
           method: req.method,
-          url: req.url,
+          url: redactSensitiveUrl(req.url),
           ip: req.ip || req.remoteAddress,
           userAgent: req.headers?.['user-agent'],
         }),
diff --git a/apps/server/src/ee b/apps/server/src/ee
index 38158a5a..dc7ae0e3 160000
--- a/apps/server/src/ee
+++ b/apps/server/src/ee
@@ -1 +1 @@
-Subproject commit 38158a5ab6a4c12c90a3124604b88f05d76efd7d
+Subproject commit dc7ae0e3b066df842248b2295ccfad190a0c5a93