secure-express-setup/lib/logger.js

Military-grade one-command security setup for Express.js applications

const morgan = require('morgan');
const fs = require('fs');
const path = require('path');

function setupLogger() {
  const logsDir = path.join(process.cwd(), 'logs');
  if (!fs.existsSync(logsDir)) {
    fs.mkdirSync(logsDir);
  }

  const securityLogStream = fs.createWriteStream(
    path.join(logsDir, 'security.log'),
    { flags: 'a' }
  );

  morgan.token('security-event', (req) => {
    const suspicious = [
      req.body && JSON.stringify(req.body).match(/\$|\<script|SELECT.*FROM|UNION.*SELECT/i),
      req.query && JSON.stringify(req.query).match(/\<script|\.\./),
      req.headers['user-agent'] && req.headers['user-agent'].match(/bot|crawler|spider/i),
      req.ip && req.ip.includes('tor-exit')
    ];
    return suspicious.some(Boolean) ? '🚨 SUSPICIOUS' : '✅ NORMAL';
  });

  return morgan(
    ':remote-addr - :method :url :status - :security-event - :response-time ms - :user-agent',
    { stream: securityLogStream }
  );
}

module.exports = setupLogger;