Strip configured query items from URI for secure logging (also affects the logged uri in the context)

Author: WyriHaximus

src/LoggerMiddleware.php

@@ -6,6 +6,7 @@
 use ApiClients\Foundation\Middleware\MiddlewareInterface;
 use Psr\Http\Message\RequestInterface;
 use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\UriInterface;
 use Psr\Log\LoggerInterface;
 use React\Promise\CancellablePromiseInterface;
 use Throwable;
@@ -43,7 +44,7 @@ public function pre(
         }
 
         $this->context[$transactionId][self::REQUEST]['method'] = $request->getMethod();
-        $this->context[$transactionId][self::REQUEST]['uri'] = (string)$request->getUri();
+        $this->context[$transactionId][self::REQUEST]['uri'] = (string)$this->stripQueryItems($request->getUri(), $options);
         $this->context[$transactionId][self::REQUEST]['protocol_version'] = (string)$request->getProtocolVersion();
         $ignoreHeaders = $options[self::class][Options::IGNORE_HEADERS] ?? [];
         $this->context[$transactionId] = $this->iterateHeaders(
@@ -171,4 +172,14 @@ private function addResponseToContext(
 
         return $context;
     }
+
+    private function stripQueryItems(UriInterface $uri, array $options): UriInterface
+    {
+        parse_str($uri->getQuery(), $query);
+        foreach ($options[self::class][Options::IGNORE_URI_QUERY_ITEMS] ?? [] as $item) {
+            unset($query[$item], $query[$item . '[]']);
+        }
+
+        return $uri->withQuery(http_build_query($query));
+    }
 }

src/Options.php

@@ -4,8 +4,9 @@
 
 final class Options
 {
-    public const IGNORE_HEADERS = 'ignore_headers';
-    public const LEVEL          = 'level';
-    public const ERROR_LEVEL    = 'error_level';
-    public const URL_LEVEL      = 'url_level';
+    public const IGNORE_HEADERS         = 'ignore_headers';
+    public const IGNORE_URI_QUERY_ITEMS = 'ignoreuri_query_items';
+    public const LEVEL                  = 'level';
+    public const ERROR_LEVEL            = 'error_level';
+    public const URL_LEVEL              = 'url_level';
 }

tests/LoggerMiddlewareTest.php

@@ -55,11 +55,14 @@ public function testLog()
                     'X-Ignore-Request',
                     'X-Ignore-Response',
                 ],
+                Options::IGNORE_URI_QUERY_ITEMS => [
+                    'strip_this_item',
+                ],
             ],
         ];
         $request = new Request(
             'GET',
-            'https://example.com/',
+            'https://example.com/?strip_this_item=0&dont_strip_this_item=1',
             [
                 'X-Foo' => 'bar',
                 'X-Ignore-Request' => 'nope',
@@ -79,11 +82,11 @@ public function testLog()
         $logger = $this->prophesize(LoggerInterface::class);
         $logger->log(
             LogLevel::DEBUG,
-            'Requesting: https://example.com/',
+            'Requesting: https://example.com/?dont_strip_this_item=1',
             [
                 'request' => [
                     'method' => 'GET',
-                    'uri' => 'https://example.com/',
+                    'uri' => 'https://example.com/?dont_strip_this_item=1',
                     'protocol_version' => '1.1',
                     'headers' => [
                         'Host' => ['example.com'],
@@ -98,7 +101,7 @@ public function testLog()
             [
                 'request' => [
                     'method' => 'GET',
-                    'uri' => 'https://example.com/',
+                    'uri' => 'https://example.com/?dont_strip_this_item=1',
                     'protocol_version' => '1.1',
                     'headers' => [
                         'Host' => ['example.com'],