Skip to content

chore: 네트워크 디버깅을 위한 Chucker 라이브러리 연동 #286

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
easyhooon merged 2 commits into from
Mar 9, 2026
Merged

chore: 네트워크 디버깅을 위한 Chucker 라이브러리 연동 #286

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a367d46
[BOOK-520] chore: 네트워크 디버깅을 위한 Chucker 라이브러리 연동
easyhooon Mar 9, 2026
43154fc
[BOOK-520] chore: app version update
easyhooon Mar 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions core/network/build.gradle.kts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,4 +33,7 @@ dependencies {
libs.kotlinx.coroutines.core,
libs.logger,
)

debugImplementation(libs.chucker)
releaseImplementation(libs.chucker.no.op)
}
12 changes: 12 additions & 0 deletions core/network/src/main/kotlin/com/ninecraft/booket/core/network/di/NetworkGraph.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
package com.ninecraft.booket.core.network.di

import android.content.Context
import android.util.Log
import com.chuckerteam.chucker.api.ChuckerInterceptor
import com.ninecraft.booket.core.di.ApplicationContext
import com.ninecraft.booket.core.di.DataScope
import com.ninecraft.booket.core.network.BuildConfig
import com.ninecraft.booket.core.network.TokenAuthenticator
Expand Down Expand Up @@ -83,18 +86,27 @@ interface NetworkGraph {
return interceptor
}

@Provides
fun provideChuckerInterceptor(
@ApplicationContext context: Context,
): ChuckerInterceptor {
return ChuckerInterceptor(context)
}

@Provides
fun provideOkHttpClient(
httpLoggingInterceptor: HttpLoggingInterceptor,
tokenInterceptor: TokenInterceptor,
tokenAuthenticator: TokenAuthenticator,
chuckerInterceptor: ChuckerInterceptor,
): OkHttpClient {
return OkHttpClient.Builder()
.connectTimeout(MaxTimeoutMillis, TimeUnit.MILLISECONDS)
.readTimeout(MaxTimeoutMillis, TimeUnit.MILLISECONDS)
.writeTimeout(MaxTimeoutMillis, TimeUnit.MILLISECONDS)
.addInterceptor(tokenInterceptor)
.authenticator(tokenAuthenticator)
.addInterceptor(chuckerInterceptor)
Comment on lines +89 to +109
Copy link

@coderabbitai coderabbitai bot Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

Chucker 4.3.1 ChuckerInterceptor Builder redactHeaders Authorization Cookie Set-Cookie Android OkHttp

💡 Result:

In Chucker, header redaction is configured on ChuckerInterceptor.Builder via redactHeaders(vararg String)—so to hide auth/cookie values you can do:

val chucker = ChuckerInterceptor.Builder(context)
  .redactHeaders("Authorization", "Cookie", "Set-Cookie")
  .build()

val okHttp = OkHttpClient.Builder()
  .addInterceptor(chucker)
  .build()

Chucker will replace the values of those headers with ** in the Chucker UI/logged transactions. [1]

Also, I couldn’t find a Chucker 4.3.1 artifact published to common indexes; the latest listed in early 2026 appears to be 4.3.0. [2]

Sources: [1] [2]

🏁 Script executed:

# Find build configuration files to identify Chucker version
find . -type f \( -name "*.gradle" -o -name "*.gradle.kts" -o -name "*.toml" \) | head -20

Repository: YAPP-Github/Reed-Android

Length of output: 696

🏁 Script executed:

# Search for Chucker dependency declaration
rg "chucker|Chucker" -t gradle -t kotlin | head -30

Repository: YAPP-Github/Reed-Android

Length of output: 959

🏁 Script executed:

# Read the actual NetworkGraph.kt file
cat -n core/network/src/main/kotlin/com/ninecraft/booket/core/network/di/NetworkGraph.kt | sed -n '80,120p'

Repository: YAPP-Github/Reed-Android

Length of output: 1676

🏁 Script executed:

# Find version catalog/libs definition
find . -type f -name "*.versions.toml" -o -name "libs.gradle.kts"

Repository: YAPP-Github/Reed-Android

Length of output: 95

🏁 Script executed:

# Search for Chucker version definition in gradle files
rg "chucker.*=" -A 2 -B 2 --type gradle --type kotlin

Repository: YAPP-Github/Reed-Android

Length of output: 50

🏁 Script executed:

# Read the version catalog
cat gradle/libs.versions.toml

Repository: YAPP-Github/Reed-Android

Length of output: 11177

인증 헤더는 Chucker 수집 대상에서 제외해 주세요.

현재 코드는 ChuckerInterceptor(context) 기본 생성자로 생성되어 Authorization, Cookie, Set-Cookie 같은 민감 헤더가 그대로 저장될 수 있습니다. 디버그 빌드여도 기기에서 열람·공유 가능한 네트워크 캡처가 남기 때문에 보안/프라이버시 관점에서 위험합니다. 93번 줄에서 Builder로 변경하면서 인증 관련 헤더를 마스킹하세요.

민감 헤더 마스킹 예시 
     fun provideChuckerInterceptor(
         `@ApplicationContext` context: Context,
     ): ChuckerInterceptor {
-        return ChuckerInterceptor(context)
+        return ChuckerInterceptor.Builder(context)
+            .redactHeaders("Authorization", "Cookie", "Set-Cookie")
+            .build()
     }
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
@Provides
fun provideChuckerInterceptor(
@ApplicationContext context: Context,
): ChuckerInterceptor {
return ChuckerInterceptor(context)
}
@Provides
fun provideOkHttpClient(
httpLoggingInterceptor: HttpLoggingInterceptor,
tokenInterceptor: TokenInterceptor,
tokenAuthenticator: TokenAuthenticator,
chuckerInterceptor: ChuckerInterceptor,
): OkHttpClient {
return OkHttpClient.Builder()
.connectTimeout(MaxTimeoutMillis, TimeUnit.MILLISECONDS)
.readTimeout(MaxTimeoutMillis, TimeUnit.MILLISECONDS)
.writeTimeout(MaxTimeoutMillis, TimeUnit.MILLISECONDS)
.addInterceptor(tokenInterceptor)
.authenticator(tokenAuthenticator)
.addInterceptor(chuckerInterceptor)
`@Provides`
fun provideChuckerInterceptor(
`@ApplicationContext` context: Context,
): ChuckerInterceptor {
return ChuckerInterceptor.Builder(context)
.redactHeaders("Authorization", "Cookie", "Set-Cookie")
.build()
}
`@Provides`
fun provideOkHttpClient(
httpLoggingInterceptor: HttpLoggingInterceptor,
tokenInterceptor: TokenInterceptor,
tokenAuthenticator: TokenAuthenticator,
chuckerInterceptor: ChuckerInterceptor,
): OkHttpClient {
return OkHttpClient.Builder()
.connectTimeout(MaxTimeoutMillis, TimeUnit.MILLISECONDS)
.readTimeout(MaxTimeoutMillis, TimeUnit.MILLISECONDS)
.writeTimeout(MaxTimeoutMillis, TimeUnit.MILLISECONDS)
.addInterceptor(tokenInterceptor)
.authenticator(tokenAuthenticator)
.addInterceptor(chuckerInterceptor)
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@core/network/src/main/kotlin/com/ninecraft/booket/core/network/di/NetworkGraph.kt`
around lines 89 - 109, provideChuckerInterceptor 및 OkHttp 클라이언트 설정에서
ChuckerInterceptor를 기본 생성자로 사용해 민감 헤더가 수집되고 있으니, provideChuckerInterceptor에서
ChuckerInterceptor(context) 대신 ChuckerInterceptor.Builder(context)로 생성하고
addHeaderToMask("Authorization"), addHeaderToMask("Cookie"),
addHeaderToMask("Set-Cookie") 등을 호출해 인증 관련 헤더를 마스킹하도록 변경한 뒤 provideOkHttpClient의
인자로 넘기도록 수정하세요; 대상 식별자는 provideChuckerInterceptor, provideOkHttpClient,
ChuckerInterceptor(context)/ChuckerInterceptor.Builder를 참고하세요.

.addInterceptor(httpLoggingInterceptor)
.build()
}
Expand Down
7 changes: 5 additions & 2 deletions gradle/libs.versions.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@
minSdk = "28"
targetSdk = "36"
compileSdk = "36"
versionName = "1.3.0"
versionCode = "9"
versionName = "1.4.0"
versionCode = "11"
packageName = "com.ninecraft.booket"

## Android gradle plugin
Expand Down Expand Up @@ -40,6 +40,7 @@ metro = "0.10.2"
## Network
okhttp = "5.3.2"
retrofit = "3.0.0"
chucker = "4.3.1"

## Circuit
circuit = "0.32.0"
Expand Down Expand Up @@ -114,6 +115,8 @@ compose-keyboard-state = { group = "tech.thdev", name = "extensions-compose-keyb
retrofit = { group = "com.squareup.retrofit2", name = "retrofit", version.ref = "retrofit" }
retrofit-kotlinx-serialization-converter = { module = "com.squareup.retrofit2:converter-kotlinx-serialization", version.ref = "retrofit" }
okhttp-logging-interceptor = { group = "com.squareup.okhttp3", name = "logging-interceptor", version.ref = "okhttp" }
chucker = { group = "com.github.chuckerteam.chucker", name = "library", version.ref = "chucker" }
chucker-no-op = { group = "com.github.chuckerteam.chucker", name = "library-no-op", version.ref = "chucker" }

coil-compose = { group = "io.coil-kt", name = "coil-compose", version.ref = "coil-compose" }
landscapist-bom = { group = "com.github.skydoves", name = "landscapist-bom", version.ref = "landscapist" }
Expand Down