I worked out a kibana plugin to protect kibana 6.2. I created a cookie-based authentication strategy as below, so it will be invoked for each request, basically it's working well.
const cookieConfig = { password: 'fake_password_12345_to_protect_cookie', cookie: 'example_cookie', isSecure: false, validateFunc: async (request, session, callback) => { try { server.log(['example', 'info'], `method:path = ${request.method}: ${request.url.path}`); server.log(['example', 'info'], 'request query string = ' + JSON.stringify(request.query)); server.log(['example', 'info'], 'request payload = ' + JSON.stringify(request.payload)); ...... } catch (error) { ...... } }, ttl: 60 * 60 * 1000 };
But when I tried to get each request's payload using request.payload, I got nothing. For example, When I opened a dashboard on kibana UI, the above validationFunc geneated the following log entries. From the browser's developer console, I saw there were some payload for the requests, but why I can't get the payload in the plugin? What did I miss? Note that the plugin is based on kibana 6.2, and the hapijs verson used by kibana is 14.2.0. Thanks.
server log [08:21:47.868] [info][example] method:path = post: /api/saved_objects/bulk_get
server log [08:21:47.868] [info][example] request query string = {}
server log [08:21:47.868] [info][example] request payload = nullserver log [08:21:49.083] [info][example] method:path = post: /api/saved_objects/bulk_get
server log [08:21:49.084] [info][example] request query string = {}
server log [08:21:49.084] [info][example] request payload = nullserver log [08:21:50.180] [info][example] method:path = post: /elasticsearch/_msearch
server log [08:21:50.184] [info][example] request query string = {}
server log [08:21:50.184] [info][example] request payload = nullserver log [08:21:50.668] [info][example] method:path = post: /elasticsearch/_msearch
server log [08:21:50.670] [info][example] request query string = {}
server log [08:21:50.670] [info][example] request payload = null