LogoSkills

HTTP Logging Rules

TalkerDioLogger configuration and security guide for HTTP request/response logging.

TalkerDioLogger configuration and security guide for HTTP request/response logging.

HttpModule Interceptor Order#

package/openapi_service/lib/src/http/http_module.dartof the Interceptor chain:

OrderInterceptorRole
1DioCacheInterceptorResponse caching (HiveStore/MemStore)
2Setting interceptorsCustom setting interceptors
3AuthInterceptorAuth token injection
4RateLimitInterceptorRequest rate limiting
5TalkerDioLoggerHTTP Logging (Debug mode only)
6RetryInterceptorRetry on failure

TalkerDioLogger Configuration#

Default Configuration# 

import 'package:flutter/foundation.dart' show kDebugMode;
import 'package:talker_dio_logger/talker_dio_logger.dart';

// Enabled only in debug mode
if (kDebugMode) {
  dio.interceptors.add(
    TalkerDioLogger(
      settings: const TalkerDioLoggerSettings(
        printRequestHeaders: true,
        printResponseHeaders: true,
      ),
    ),
  );
}

Configuration Options#

OptionDefaultDescription
printRequestHeadersfalsePrint request headers
printResponseHeadersfalsePrint response headers
printResponseMessagetruePrint response message
printRequestDatatruePrint request body
printResponseDatatruePrint response body

Extended Configuration (if needed)# 

TalkerDioLogger(
  settings: TalkerDioLoggerSettings(
    printRequestHeaders: true,
    printResponseHeaders: true,
    // ์—๋Ÿฌ๋งŒ ์ถœ๋ ฅ
    printErrorData: true,
    printErrorHeaders: true,
    printErrorMessage: true,
    // Request/response data filtering
    requestFilter: (options) => !options.path.contains('/health'),
    responseFilter: (response) => response.statusCode != 200,
  ),
)

Security Rules#

Sensitive Information Logging Prohibited# 

// โŒ Prohibited: Including sensitive info in logs
Log.d('๐Ÿ” ๋กœ๊ทธ์ธ: userId=$userId, password=$password');
Log.d('๐Ÿ”„ ํ† ํฐ: accessToken=$accessToken');

// โœ… ๊ถŒ์žฅ: ์ƒํƒœ๋งŒ ๊ธฐ๋ก
Log.d('๐Ÿ” ๋กœ๊ทธ์ธ API ํ˜ธ์ถœ');
Log.d('๐Ÿ”„ ํ† ํฐ ๊ฐฑ์‹  ์™„๋ฃŒ');

Sensitive Information List#

TypeExampleLogging
Credentialspassword, pin, userPwโŒ Prohibited
TokensaccessToken, refreshToken, idTokenโŒ Prohibited
IdentificationuserId, loginId (except debugging)โš ๏ธ Caution
Personal InfophoneNumber, email, addressโŒ Prohibited
Auth CodessmsCode, verificationCodeโŒ Prohibited

kDebugMode Pattern#

Correct Usage#

import 'package:flutter/foundation.dart' show kDebugMode;

// โœ… Compile-time constant, removed from production code
if (kDebugMode) {
  // Debug-only code
}

Precautions#

// โŒ ๊ธˆ์ง€: Runtime check (code included in production)
final isDebug = !const bool.fromEnvironment('dart.vm.product');
if (isDebug) { ... }

// โœ… ๊ถŒ์žฅ: kDebugMode ์‚ฌ์šฉ
if (kDebugMode) { ... }

Checklist#

When Adding a Logger#

  • kDebugMode Add logger within condition
  • Verify logging is disabled in production builds
  • Review for sensitive information logging

During PR Review#

  • No sensitive info in new logs
  • kDebugMode Conditional logging usage
  • No unnecessary verbose logging

Logging Style for Mapper and Repository Mixin#

Log Message Hierarchy#

LayerPatternExample
Mapper Structured logging only Log.e('msg', error: e, stackTrace: st)
Repository start Fixed message Log.d('๐Ÿ“ API Call')
Repository Success Including result Log.d('โœ… Complete: ${count}๊ฐœ')
Repository Error Structured logging Log.e('msg', error: e, stackTrace: st)

Structured Logging Pattern (Required)# 

// โœ… CORRECT: error ํŒŒ๋ผ๋ฏธํ„ฐ ํฌํ•จ
Log.e('โŒ Homework API Error', error: error, stackTrace: stackTrace);

// โŒ WRONG: error ํŒŒ๋ผ๋ฏธํ„ฐ ๋ˆ„๋ฝ
Log.e('โŒ Homework API Error: $error');
Log.e('โŒ Homework API Error');

// โŒ WRONG: stackTrace ๋ˆ„๋ฝ
Log.e('โŒ Homework API Error', error: error);

Reason#

  1. Consistency: All error logging follows the same structure
  2. Parsing: Log aggregation tools (Stack Driver, etc.) can parse error field
  3. Information preservation: stackTrace stored as structured field