[Feature] dont log request #9

gpibarra · 2021-05-15T23:34:40Z

gpibarra
May 15, 2021

In configure file add boolean values for setting if save request and if save response. For example

return [
    ....
    'dont_log' => [
        'request' => env('HTTP_CLIENT_LOGGER_DONT_LOG_REQUEST ', false),
        'response' => env('HTTP_CLIENT_LOGGER_DONT_LOG_RESPONSE', false),
    ],
    ...
];

In function "getMessage" and "logToDisk" check those values.

A possible need for this is when the request contains confidential data

Alternatively, after getting the data from psrMessageStringConverter, some interceptor can be implemented to sanitize confidential data.

bilfeldt · 2021-05-18T14:43:12Z

bilfeldt
May 18, 2021
Maintainer

@gpibarraI like your thoughts 👍 As I see it you are touching on two subjects:

Sanitizing request/reponses

As you mention it is often needed to sanitize the request (or response) for any confident data like authentication credentials.

This can actually already be done in two different ways:

Simply replace of strings

It is possible to replace strings from the request/response by Providing on-demand configuration and using the undocumented configuration replace as can be seen here:

laravel-http-client-logger/src/HttpLogger.php

Lines 50 to 53 in bc1eded

    
           protected function getReplace(): array 
        
           { 
        
               return Arr::get($this->config, 'replace', []); 
        
           }

Example:

Http::log([], ['replace' => ['secret123456' => 'INTERCEPTED-APIKEY']])->get('https://example.com?apikey=secret123456');

Note that this does not work with preg_replace unfortunately.

Custom logger

If you need a more advanced solution than the one above, going for a custom logger might be what you need.

$logger = new CustomLogger('secret123456'); // This must implement HttpLoggerInterface but could be a class extending HttpLogger and implementing some advanced sanitize method
Http::log([], [], $logger)->get('https://example.com?apikey=secret123456');

Logging only request/response

In some situations it might be relevant to only log responses in which case there is not really that much need for this package as you can do that without this package:

$response = Http::get('https://example.com?apikey=secret123456');
\Log::debug(\GuzzleHttp\Psr7\Message::toString($response->toPsrResponse())

On the other hand only logging the requests might be relevant sometimes but I consider that more of a niche and hence I am reluctant to add configuration for that use case, especially since this can already be done using a custom logger I described above.

Let me know if this can be used or not.

1 reply

gpibarra May 18, 2021
Author

Thank you very much for your answers.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Feature] dont log request #9

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 1 comment 1 reply

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

Select a reply

[Feature] dont log request #9

gpibarra May 15, 2021

Replies: 1 comment · 1 reply

bilfeldt May 18, 2021 Maintainer

Sanitizing request/reponses

Simply replace of strings

Custom logger

Logging only request/response

gpibarra May 18, 2021 Author

gpibarra
May 15, 2021

Replies: 1 comment 1 reply

bilfeldt
May 18, 2021
Maintainer

gpibarra May 18, 2021
Author