Added defaults to environment variables.

Author: neonexus

README.md

@@ -31,16 +31,16 @@ This repo is not installable via `npm`. Instead, Github provides a handy "Use th
 |npm run coverage | Runs [NYC](https://www.npmjs.com/package/nyc) coverage reporting of the Mocha tests, which generates HTML in `test/coverage`.
 
 ### Environment Variables used for remote servers:
-| Variable      | Description
-|---------------|----------------------
-| ASSETS_URL    | Webpack is configured to modify static asset URLs to point to a CDN, like CloudFront. MUST end with a slash " / ".
-| BASE_URL      | The address of the Sails instance.
-| DB_HOST       | The hostname of the datastore.
-| DB_USER       | Username for the datastore.
-| DB_PASS       | Password for the datastore.
-| DB_NAME       | The name of the database inside the datastore.
-| DB_PORT       | The port number for datastore.
-| DB_SSL        | If the datastore requires SSL, set this to "true".
+| Variable   | DEV default          | PROD default            | Description
+|------------|----------------------|-------------------------|----------------------
+| ASSETS_URL | "" (empty string)    | "" (empty string)       | Webpack is configured to modify static asset URLs to point to a CDN, like CloudFront. MUST end with a slash " / ".
+| BASE_URL   | raw:https://my‑api.app   | raw:https://my‑api.app      | The address of the Sails instance.
+| DB_HOST    | localhost            | localhost              | The hostname of the datastore.
+| DB_USER    | root                 | produser               | Username for the datastore.
+| DB_PASS    | mypass               | myprodpassword         | Password for the datastore.
+| DB_NAME    | myapp                | proddatabase           | The name of the database inside the datastore.
+| DB_PORT    | 3306                 | 3306                   | The port number for datastore.
+| DB_SSL     | false                | false                  | If the datastore requires SSL, set this to "true".
 
 ## Request Logging
 Automatic incoming request logging, is a 2 part process. First, the [`request-logger` hook](api/hooks/request-logger.js) gathers info from the request, and creates a new [`RequestLog` record](api/models/RequestLog.js), making sure to mask anything that may be sensitive, such as passwords. Then, a custom response gathers information from the response, again, scrubbing sensitive data (using the [customToJSON](https://sailsjs.com/documentation/concepts/models-and-orm/model-settings?identity=#customtojson) feature of Sails models) to prevent leaking of password hashes, or anything else that should never be publicly accessible. The [`keepModelsSafe` helper](api/helpers/keep-models-safe.js) and the custom responses (such as [ok](api/responses/ok.js) or [serverError](api/responses/serverError.js)) are responsible for the final leg of request logs.
@@ -85,7 +85,7 @@ module.exports.bootstrap = function(next) {
 + [Sails Professional / Enterprise Options](https://sailsjs.com/enterprise)
 + [`react-bootstrap` Documentation](https://react-bootstrap.netlify.app/)
 + [Webpack Documentation](https://webpack.js.org/)
-+ [Simple data fixtures for testing Sails.js](https://www.npmjs.com/package/fixted)
++ [Simple data fixtures for testing Sails.js (the npm package `fixted`)](https://www.npmjs.com/package/fixted)
 
 
 ### Version info

test/unit/hooks/request-logger.test.js

@@ -7,6 +7,9 @@ describe('Request Logger', function() {
     before( function() {
         logger = requestLogger(sails);
 
+        // sanity check
+        sails.models.should.have.property('requestlog');
+
         hook = logger.routes.before['*'];
         hook.should.be.a('function');
     });
@@ -73,11 +76,40 @@ describe('Request Logger', function() {
         const defaultReq = {
             method: 'GET',
             path: '/',
-            body: {},
-            query: {},
-            headers: {}
+            hostname: 'localtest',
+            body: {
+                password: 'password1',
+                password2: 'password2',
+                currentPassword: 'currentPassword',
+                newPassword: 'newPassword',
+                newPassword2: 'newPassword2',
+                pass: 'lamepassword'
+            },
+            query: {
+                securityToken: 'somelongsecuritytoken'
+            },
+            headers: {
+                securityToken: 'somelongsecuritytokenintheheaders'
+            }
         };
+        const defaultRes = {};
+        const defaultCb = chai.spy();
+
+        before(function() {
+            // force this, just in-case
+            sails.config.logSensitiveData = false;
+        });
 
+        it('Not log sensitive information', function() {
+            let thisReq = _.merge({}, defaultReq);
 
+            hook = hook.bind(this);
+            hook(thisReq, defaultRes, defaultCb);
+
+            defaultCb.should.have.been.called();
+
+            thisReq.should.have.property('requestId');
+            thisReq.should.have.property('_customStartTime');
+        });
     });
 });