bennetgallein/vat-api.eu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: anonymize IPs via HMAC before persisting to MongoDB

Browse Source 
GDPR compliance — IPs are HMAC-SHA256'd (truncated to 16 hex chars)
before being pushed to the Redis queue, so only pseudonymous tokens
are ever stored.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Bennet Gallein
2026-02-14 10:30:20 +01:00
parent f2b690f3f5
commit b0e78086f4
2 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/middleware/requestLogger.ts
View File

@@ -8,7 +8,7 @@ export default defineEventHandler((event) => {
event.node.res.on("finish", () => { event.node.res.on("finish", () => {
logRequest({ logRequest({
ip, ip: anonymizeIp(ip),
path, path,
method, method,
statusCode: event.node.res.statusCode, statusCode: event.node.res.statusCode,

7
server/utils/requestLogger.ts
View File

@@ -1,3 +1,5 @@
import { createHmac } from "node:crypto";
export interface RequestLogEntry { export interface RequestLogEntry {
ip: string; ip: string;
path: string; path: string;
@@ -7,6 +9,11 @@ export interface RequestLogEntry {
timestamp: string; timestamp: string;
} }
export function anonymizeIp(ip: string): string {
const secret = useRuntimeConfig().adminPassword || "default-hmac-key";
return createHmac("sha256", secret).update(ip).digest("hex").slice(0, 16);
}
export function logRequest(data: RequestLogEntry): void { export function logRequest(data: RequestLogEntry): void {
try { try {
const redis = getRedis(); const redis = getRedis();