Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[4.x] Feature: Add masking request/response parameters using Closures #1417

Closed
wants to merge 3 commits into from
Closed

[4.x] Feature: Add masking request/response parameters using Closures #1417

wants to merge 3 commits into from

Conversation

adamczykpiotr
Copy link
Contributor

@adamczykpiotr adamczykpiotr commented Dec 9, 2023
edited
Loading

This PR allows Telescope to customize the way request and response parameters / headers are hidden. By default, Telescope can only hide params by replacing them with '********'. With support for 'param' => Closure syntax, it would be possible to tailor how the params are anonymized.

Real world example is handling of personal numbers - it might be safe to store first 8 characters (year, month, date) but not the rest.

What is handled:

  • request parameters
  • request headers
  • response parameters

Design decision:
Closures vs callables: My approach uses closures as not to intruduce any breaking changes. Supporting callables would result in different behaviors for parameters named the same as functions (i.e. 'cookie' is a default parameter and a callable as well - Laravel's CookieJar helper).

Proposed syntax:

Telescope::hideRequestParameters([
    '_token',
    'personalNumber' => fn($value) => Str::substrReplace($value, '****', -4),
]);

Before:
image

After:
image

@taylorotwell
Copy link
Member

Thanks for your pull request to Laravel!

Unfortunately, I'm going to delay merging this code for now. To preserve our ability to adequately maintain the framework, we need to be very careful regarding the amount of code we include.

If possible, please consider releasing your code as a package so that the community can still take advantage of your contributions!

If you feel absolutely certain that this code corrects a bug in the framework, please "@" mention me in a follow-up comment with further explanation so that GitHub will send me a notification of your response.

@adamczykpiotr
Copy link
Contributor Author

I'd say this is a very simple addition that would make using Telescope much better.

Extending default watcher & substituting it in config/telescope.php results in "This watcher is turned off." message unless you leave the default watcher in config and then bind your implementation as RequestWatcher::class in service provider.

I know everyone is busy but it would be great if someone could take a second look at this proposal.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@adamczykpiotr @taylorotwell