improve: add security feature

Author: ugoliniriccardo

Model/Config.php

@@ -17,6 +17,10 @@ class Config
      * string
      */
     protected const WEBAPI_LOGS_IS_ENABLED_CONFIG_PATH = 'webapi_logs/log/enabled';
+    /**
+     * string
+     */
+    protected const WEBAPI_LOGS_LOG_SECRET_MODE = 'webapi_logs/log/secret_mode';
 
     /**
      * @var ScopeConfigInterface
@@ -42,4 +46,15 @@ public function isEnabled(): bool
             ScopeInterface::SCOPE_WEBSITE
         );
     }
+
+    /**
+     * @return bool
+     */
+    public function isSecretMode(): bool
+    {
+        return $this->scopeConfig->isSetFlag(
+            self::WEBAPI_LOGS_LOG_SECRET_MODE,
+            ScopeInterface::SCOPE_WEBSITE
+        );
+    }
 }

Model/Config/Source/Code.php

@@ -14,7 +14,7 @@
 
 class Code implements OptionSourceInterface
 {
-    private LogCollectionFactory $logCollectionFactory;
+    private $logCollectionFactory;
 
     /**
      * @param LogCollectionFactory $logCollectionFactory

Model/Config/Source/Methods.php

@@ -14,7 +14,7 @@
 
 class Methods implements OptionSourceInterface
 {
-    private LogCollectionFactory $logCollectionFactory;
+    private $logCollectionFactory;
 
     /**
      * @param LogCollectionFactory $logCollectionFactory

Model/Config/Source/RequestorIp.php

@@ -14,7 +14,7 @@
 
 class RequestorIp implements OptionSourceInterface
 {
-    private LogCollectionFactory $logCollectionFactory;
+    private $logCollectionFactory;
 
     /**
      * @param LogCollectionFactory $logCollectionFactory

Model/LogHandle.php

@@ -31,19 +31,35 @@ class LogHandle
      */
     private $logger;
 
+    /**
+     * @var Config
+     */
+    private $config;
+
+    /**
+     * @var SecretParser
+     */
+    private $secretParser;
+
     /**
      * @param LogFactory $logFactory
      * @param LogResourceModel $logResourceModel
+     * @param SecretParser $secretParser
+     * @param Config $config
      * @param LoggerInterface $logger
      */
     public function __construct(
         LogFactory $logFactory,
         LogResourceModel $logResourceModel,
+        SecretParser $secretParser,
+        Config $config,
         LoggerInterface $logger
     ) {
         $this->logFactory = $logFactory;
         $this->logResourceModel = $logResourceModel;
+        $this->config = $config;
         $this->logger = $logger;
+        $this->secretParser = $secretParser;
     }
 
     /**
@@ -64,6 +80,14 @@ public function before(
     ) {
         try {
             $newLog = $this->logFactory->create();
+
+            if ($this->config->isSecretMode()) {
+                $requestorIp = $this->secretParser->ipParser();
+                $requestHeaders = $this->secretParser->headersParser($requestHeaders);
+                $requestBody = $this->secretParser->bodyParser($requestBody);
+                $requestPath = $this->secretParser->pathParser($requestPath);
+            }
+
             $newLog->setData([
                 'request_method' => $requestMethod,
                 'requestor_ip' => $requestorIp,

Model/SecretParser.php

@@ -0,0 +1,58 @@
+<?php
+/*
+ * Copyright © Ghost Unicorns snc. All rights reserved.
+ * See LICENSE for license details.
+ */
+
+declare(strict_types=1);
+
+namespace GhostUnicorns\WebapiLogs\Model;
+
+
+class SecretParser
+{
+    /**
+     * @param string $requestBody
+     * @return string
+     */
+    public function bodyParser(string $requestBody): string
+    {
+        $result = $requestBody;
+        return $result;
+    }
+
+    /**
+     * @param string $requestHeaders
+     * @return string
+     */
+    public function headersParser(string $requestHeaders): string
+    {
+        $result = preg_replace('/Cookie:(.*)/', 'Cookie: ********', $requestHeaders);
+        $result = preg_replace('/User-Agent:(.*)/', 'User-Agent: ********', $result);
+        $result = preg_replace('/Authorization:(.*)/', 'Authorization: ********', $result);
+        return preg_replace('/Host:(.*)/', 'Host: ********', $result);
+    }
+
+    /**
+     * @return string
+     */
+    public function ipParser(): string
+    {
+        return '***.***.***.***';
+    }
+
+    /**
+     * @param string $requestPath
+     * @return string
+     */
+    public function pathParser(string $requestPath): string
+    {
+        $segments = parse_url($requestPath);
+
+        if (array_key_exists('path', $segments)) {
+            return $segments['path'];
+        }
+
+        return $requestPath;
+    }
+}

etc/adminhtml/system.xml

@@ -17,6 +17,11 @@
                     <label>Enable Webapi Logs</label>
                     <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
                 </field>
+                <field id="secret_mode" translate="label" type="select" sortOrder="10" showInDefault="1" showInWebsite="0" showInStore="0">
+                    <label>Enable Secret Mode</label>
+                    <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
+                    <comment><![CDATA[If enabled, the module will not save any sensitive data, showing only secure logs.]]></comment>
+                </field>
             </group>
         </section>
     </system>

etc/config.xml

@@ -10,6 +10,7 @@
         <webapi_logs>
             <log>
                 <enabled>1</enabled>
+                <secret_mode>1</secret_mode>
             </log>
         </webapi_logs>
     </default>