Improve logging of rate-limited requests

The logging code was updated to handle anonymous customers differently than authenticated ones when logging rate limit errors. For anonymous requests, the obscured customer ID is replaced with the string "anonymous" instead of attempting to obscure an empty email address. This avoids exceptions and provides clearer logs when anonymous users hit API limits.
onetimesecret · Apr 30, 2024 · 77f7494 · 77f7494
1 parent c1dd317
commit 77f7494
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/lib/onetime/app/helpers.rb b/lib/onetime/app/helpers.rb
@@ -60,7 +60,11 @@ def carefully redirect=nil
       secret_not_found_response
 
     rescue OT::LimitExceeded => ex
-      obscured = OT::Utils.obscure_email(cust.custid)
+      obscured = if cust.anonymous?
+                   'anonymous'
+                 else
+                   OT::Utils.obscure_email(cust.custid)
+                 end
       err "[limit-exceeded] #{obscured}(#{sess.ipaddress}): #{ex.event}(#{ex.count}) #{sess.identifier.shorten(10)}"
       err req.current_absolute_uri
       err ex.backtrace