Merge pull request #2 from TheDragonCode/1.x

Added the ability to hide secret fields

Author: Andrey Helldar

config/http-logger.php

@@ -6,4 +6,12 @@
     'connection' => env('DB_CONNECTION'),
 
     'table' => 'http_logs',
+
+    'hide' => [
+        'authorization',
+        'token',
+        'access_token',
+        'password',
+        'password_confirmation',
+    ],
 ];

src/Casts/Hide.php

@@ -0,0 +1,60 @@
+<?php
+
+declare(strict_types=1);
+
+namespace DragonCode\LaravelHttpLogger\Casts;
+
+use Illuminate\Contracts\Database\Eloquent\CastsAttributes;
+use Illuminate\Support\Str;
+use JetBrains\PhpStorm\Pure;
+
+class Hide implements CastsAttributes
+{
+    protected string $mask = '*';
+
+    public function get($model, string $key, $value, array $attributes): array
+    {
+        return json_decode($value, true);
+    }
+
+    public function set($model, string $key, $value, array $attributes): string
+    {
+        $value = $this->process((array) $value);
+
+        return json_encode($value);
+    }
+
+    protected function process(array $values): array
+    {
+        foreach ($values as $k => &$val) {
+            if (is_array($val)) {
+                $val = $this->process($val);
+                continue;
+            }
+
+            if ($this->toHide($k)) {
+                $val = $this->hide($val);
+            }
+        }
+
+        return $values;
+    }
+
+    protected function toHide(mixed $key): bool
+    {
+        return in_array(Str::lower((string) $key), $this->hides(), true);
+    }
+
+    #[Pure]
+    protected function hide(mixed $value): string
+    {
+        $length = Str::length($value);
+
+        return str_pad('', $length, $this->mask);
+    }
+
+    protected function hides(): array
+    {
+        return config('http-logger.hide', []);
+    }
+}

src/Casts/HideHeader.php

@@ -0,0 +1,21 @@
+<?php
+
+declare(strict_types=1);
+
+namespace DragonCode\LaravelHttpLogger\Casts;
+
+use Illuminate\Contracts\Database\Eloquent\CastsAttributes;
+
+class HideHeader extends Hide implements CastsAttributes
+{
+    protected function process(array $values): array
+    {
+        foreach ($values as $key => &$value) {
+            if ($this->toHide($key)) {
+                $value = [$this->hide($value[0])];
+            }
+        }
+
+        return $values;
+    }
+}

src/Models/HttpLog.php

@@ -4,6 +4,8 @@
 
 namespace DragonCode\LaravelHttpLogger\Models;
 
+use DragonCode\LaravelHttpLogger\Casts\Hide;
+use DragonCode\LaravelHttpLogger\Casts\HideHeader;
 use DragonCode\LaravelHttpLogger\Casts\Method;
 use DragonCode\LaravelHttpLogger\Concerns\HasTable;
 use DragonCode\Support\Facades\Http\Builder;
@@ -32,9 +34,9 @@ class HttpLog extends Model
 
         'port' => 'int',
 
-        'query'   => 'json',
-        'payload' => 'json',
-        'headers' => 'json',
+        'query'   => Hide::class,
+        'payload' => Hide::class,
+        'headers' => HideHeader::class,
     ];
 
     public function __construct(array $attributes = [])

src/Services/Logger.php

@@ -5,6 +5,7 @@
 namespace DragonCode\LaravelHttpLogger\Services;
 
 use DragonCode\LaravelHttpLogger\Models\HttpLog;
+use DragonCode\Support\Facades\Helpers\Arr;
 use Illuminate\Http\Request;
 
 class Logger
@@ -19,23 +20,23 @@ public static function save(Request $request): void
             $request->getPort(),
             $request->path(),
             $request->query(),
-            $request->all(),
+            Arr::except($request->all(), array_keys($request->query())),
             $request->headers->all(),
             $request?->getClientIp() ?: $request?->ip()
         );
     }
 
     protected static function store(
-        ?string $name,
-        string $method,
-        string $scheme,
-        string $host,
-        int|string|null $port,
-        string $path,
+        ?string           $name,
+        string            $method,
+        string            $scheme,
+        string            $host,
+        int|string|null   $port,
+        string            $path,
         array|string|null $query,
-        array $payload,
-        array $headers,
-        ?string $ip
+        array             $payload,
+        array             $headers,
+        ?string           $ip
     ): void {
         HttpLog::create(compact(
             'name',

tests/Concerns/HasDatabase.php

@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tests\Concerns;
+
+use DragonCode\LaravelHttpLogger\Models\HttpLog;
+
+trait HasDatabase
+{
+    protected function assertDatabaseLogsCount(int $count): void
+    {
+        $this->assertSame($count, HttpLog::query()->count());
+    }
+
+    protected function assertDatabaseHasRecord(string $method, string $name, string $path, int $expected = 1): void
+    {
+        $count = HttpLog::where(compact('method', 'name', 'path'))->count();
+
+        $message = $method . ' ' . $path . ' ' . $name;
+
+        $this->assertSame($expected, $count, $message);
+    }
+}

tests/HideTest.php

@@ -0,0 +1,73 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tests;
+
+use DragonCode\LaravelHttpLogger\Models\HttpLog;
+
+class HideTest extends TestCase
+{
+    public function testLogging(): void
+    {
+        $method = 'POST';
+        $name   = 'api.pages.create';
+        $path   = 'api/pages';
+
+        $uri = $path . '?' . http_build_query([
+                'foo'          => 'Foo',
+                'token'        => 123,
+                'access_token' => 456,
+            ]);
+
+        $this->assertDatabaseLogsCount(0);
+
+        $response = $this->post($uri, [
+            'bar' => 'Bar',
+
+            'password'              => 'q123456',
+            'password_confirmation' => 'q123456',
+        ], [
+            'Authorization' => 'Bearer QwErTy',
+        ]);
+
+        $response->assertNoContent();
+
+        $this->assertDatabaseLogsCount(1);
+        $this->assertDatabaseHasRecord($method, $name, $path);
+
+        $log = HttpLog::where(compact('method', 'name'))->first();
+
+        $this->assertSame($method, $log->method);
+        $this->assertSame($name, $log->name);
+        $this->assertSame($path, $log->path);
+
+        $this->assertSame('http', $log->scheme);
+        $this->assertSame('localhost', $log->host);
+        $this->assertSame(80, $log->port);
+        $this->assertSame('127.0.0.1', $log->ip);
+
+        $this->assertSame([
+            'foo'          => 'Foo',
+            'token'        => '***',
+            'access_token' => '***',
+        ], $log->query);
+
+        $this->assertSame([
+            'bar' => 'Bar',
+
+            'password'              => '*******',
+            'password_confirmation' => '*******',
+        ], $log->payload);
+
+        $this->assertSame([
+            'host'            => ['localhost'],
+            'user-agent'      => ['Symfony'],
+            'accept'          => ['text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'],
+            'accept-language' => ['en-us,en;q=0.5'],
+            'accept-charset'  => ['ISO-8859-1,utf-8;q=0.7,*;q=0.7'],
+            'authorization'   => ['*************'],
+            'content-type'    => ['application/x-www-form-urlencoded'],
+        ], $log->headers);
+    }
+}

tests/FeatureTest.php renamed to tests/MainTest.php

@@ -4,10 +4,9 @@
 
 namespace Tests;
 
-use DragonCode\LaravelHttpLogger\Models\HttpLog;
 use Illuminate\Support\Str;
 
-class FeatureTest extends TestCase
+class MainTest extends TestCase
 {
     public function testLogging()
     {
@@ -26,28 +25,12 @@ public function testLogging()
             $response->assertNoContent();
 
             $this->assertDatabaseLogsCount(++$count);
-            $this->assertDatabaseHasRecord($method, $name, $uri);
+            $this->assertDatabaseHasRecord(Str::upper($method), $name, $uri);
         }
     }
 
     public function testUnknownRoute()
     {
         $this->get('foo')->assertNotFound();
     }
-
-    protected function assertDatabaseLogsCount(int $count): void
-    {
-        $this->assertSame($count, HttpLog::query()->count());
-    }
-
-    protected function assertDatabaseHasRecord(string $method, string $name, string $path, int $expected = 1): void
-    {
-        $method = Str::upper($method);
-
-        $count = HttpLog::where(compact('method', 'name', 'path'))->count();
-
-        $message = $method . ' ' . $path . ' ' . $name;
-
-        $this->assertSame($expected, $count, $message);
-    }
 }

tests/TestCase.php

@@ -9,9 +9,11 @@
 use Illuminate\Foundation\Testing\RefreshDatabase;
 use Illuminate\Routing\Router;
 use Orchestra\Testbench\TestCase as BaseTestCase;
+use Tests\Concerns\HasDatabase;
 
 class TestCase extends BaseTestCase
 {
+    use HasDatabase;
     use RefreshDatabase;
 
     protected string $host = 'https://localhost';