feat: anonymize IPs via HMAC before persisting to MongoDB

GDPR compliance — IPs are HMAC-SHA256'd (truncated to 16 hex chars) before being pushed to the Redis queue, so only pseudonymous tokens are ever stored. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-14 10:30:20 +01:00
parent f2b690f3f5
commit b0e78086f4
2 changed files with 8 additions and 1 deletions
--- a/server/middleware/requestLogger.ts
+++ b/server/middleware/requestLogger.ts
@@ -8,7 +8,7 @@ export default defineEventHandler((event) => {

  event.node.res.on("finish", () => {
    logRequest({
-      ip,
+      ip: anonymizeIp(ip),
      path,
      method,
      statusCode: event.node.res.statusCode,