logs usertoken lookup attempts

src/server.ts

@@ -25,9 +25,7 @@ app.use(
   pinoHttp({
     quietReqLogger: true,
     logger,
-    autoLogging: {
-      ignore: ({ url }) => ["/health"].includes(url as string),
-    },
+    autoLogging: { ignore: ({ url }) => ["/health"].includes(url as string) },
     redact: {
       paths: [
         "req.headers.cookie",
@@ -40,6 +38,11 @@ app.use(
       ],
       censor: "********",
     },
+    customProps: (req) => {
+      const user = (req as express.Request).user;
+      if (user) return { userToken: `...${user.token.slice(-5)}` };
+      return {};
+    },
   })
 );
 

src/user/web/self-service.ts

@@ -31,6 +31,10 @@ router.get("/lookup", (_req, res) => {
 router.post("/lookup", (req, res) => {
   const token = req.body.token;
   const user = userStore.getUser(token);
+  req.log.info(
+    { token: truncateToken(token), success: !!user },
+    "User self-service lookup"
+  );
   if (!user) {
     req.session.flash = { type: "error", message: "Invalid user token." };
     return res.redirect("/user/lookup");
@@ -67,4 +71,9 @@ router.post("/edit-nickname", (req, res) => {
   return res.redirect("/user/lookup");
 });
 
+function truncateToken(token: string) {
+  const sliceLength = Math.max(Math.floor(token.length / 8), 1);
+  return `${token.slice(0, sliceLength)}...${token.slice(-sliceLength)}`;
+}
+
 export { router as selfServiceRouter };