From 35eb11091f6d6341da2f5cff4fc08d72b051d67d Mon Sep 17 00:00:00 2001
From: pmc <740076875@qq.com>
Date: Fri, 8 May 2026 10:26:13 +0800
Subject: [PATCH] =?UTF-8?q?feat(03-02):=20qy=5Flty/settings.py=20LOGGING?=
 =?UTF-8?q?=20=E6=B3=A8=E5=86=8C=20access=5Ftoken=5Fmask=20filter?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 新增 LOGGING.filters 段，用 dictConfig 工厂语法 "()" 引用 AccessTokenMaskFilter
- LOGGING.handlers.aliyun 与 LOGGING.handlers.console 各加 filters: ['access_token_mask']
- loggers 段 5 条 logger 完全未动 (django / django.request / aiapp / common / userapp)
- Django setup() 不报 ValueError；端到端 logger.info('access_token=...') 输出脱敏 (***...ABCD)
---
 qy_lty/qy_lty/settings.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/qy_lty/qy_lty/settings.py b/qy_lty/qy_lty/settings.py
index 365f6c8..7b8634d 100644
--- a/qy_lty/qy_lty/settings.py
+++ b/qy_lty/qy_lty/settings.py
@@ -372,14 +372,25 @@ setup_logging()
 LOGGING = {
     'version': 1,
     'disable_existing_loggers': False,
+    # Phase 3 — Access Token 日志脱敏 filter（CRED-06）
+    # 挂载策略：filter 注册在 LOGGING.filters，再由 LOGGING.handlers 引用；
+    # 不挂在 loggers 段（per RESEARCH Pitfall 1：挂 logger 仅过滤直接通过该 logger 的 record，
+    # 挂 handler 才统一覆盖所有 logger → handler 路径）
+    'filters': {
+        'access_token_mask': {
+            '()': 'common.logging.filters.AccessTokenMaskFilter',
+        },
+    },
     'handlers': {
         'aliyun': {
             'level': 'INFO',
             'class': 'common.aliyun_logging.AliyunLogHandler',
+            'filters': ['access_token_mask'],
         },
         'console': {
             'level': 'DEBUG',
             'class': 'logging.StreamHandler',
+            'filters': ['access_token_mask'],
         },
     },
     'loggers': {