├── .gitignore ├── LICENSE.md ├── README.md ├── composer.json ├── phpunit.xml ├── src ├── ArrayRedactor.php ├── Exceptions │ └── ArrayRedactorException.php ├── Facades │ └── ArrayRedactor.php ├── Providers │ └── ArrayRedactorServiceProvider.php ├── config │ └── arrayredactor.php └── helpers.php └── tests └── ArrayRedactorTest.php /.gitignore: -------------------------------------------------------------------------------- 1 | composer.lock 2 | vendor 3 | .DS_Store -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) Mark Townsend 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | A PHP package to redact an array's values by their keys no matter how deep the array. 2 | 3 | 4 |

5 | 6 |

7 | 8 | ## Why? 9 | 10 | Have you ever built or interacted with an api and needed to log all outgoing and incoming calls? Chances are that somewhere in that process is an authentication, either by an app or on behalf of a user. Logs are useful for debugging, but storing sensitive information such as passwords or api keys is not something you want to have in your logs for anyone to see. The usage goes beyond just this example, but that is what prompted me to create the ArrayRedactor package. 11 | 12 | Whatever your usage needs may be, this package aims to provide a dead-simple, lightweight way to censor sensitive information in an array no matter how deeply it is nested. 13 | 14 | ## Installation 15 | 16 | Install via composer: 17 | 18 | ``` 19 | composer require mtownsend/array-redactor 20 | ``` 21 | 22 | *This package is designed to work with any PHP 5.6+ application but has special Facade support for Laravel.* 23 | 24 | ### Registering the service provider (Laravel users) 25 | 26 | For Laravel 5.4 and lower, add the following line to your ``config/app.php``: 27 | 28 | ```php 29 | /* 30 | * Package Service Providers... 31 | */ 32 | Mtownsend\ArrayRedactor\Providers\ArrayRedactorServiceProvider::class, 33 | ``` 34 | 35 | For Laravel 5.5 and greater, the package will auto register the provider for you. 36 | 37 | ### Using Lumen 38 | 39 | To register the service provider, add the following line to ``app/bootstrap/app.php``: 40 | 41 | ```php 42 | $app->register(Mtownsend\ArrayRedactor\Providers\ArrayRedactorServiceProvider::class); 43 | ``` 44 | 45 | ### Publishing the config file (Laravel users) 46 | 47 | ```` 48 | php artisan vendor:publish --provider="Mtownsend\ArrayRedactor\Providers\ArrayRedactorServiceProvider" 49 | ```` 50 | 51 | Once your ``arrayredactor.php`` has been published to your config folder, you will see a file with 2 keys in it: ``keys`` and ``ink``. You can replace these values with anything you want, but please note: **these values will only be applied when using the Laravel Facade**. 52 | 53 | ## Quick start 54 | 55 | ### Using the class 56 | 57 | ```php 58 | use Mtownsend\ArrayRedactor\ArrayRedactor; 59 | 60 | // An example array, maybe a request being made to/from an API application you wish to log in your database 61 | $login = [ 62 | 'email' => 'john_doe@domain.com', 63 | 'password' => 'secret123', 64 | 'data' => [ 65 | 'session_id' => 'z481jf0an4kasnc8a84aj831' 66 | ], 67 | ]; 68 | 69 | $redactor = (new ArrayRedactor($login, ['password', 'session_id']))->redact(); 70 | 71 | // $redactor will return: 72 | [ 73 | 'email' => 'john_doe@domain.com', 74 | 'password' => '[REDACTED]', 75 | 'data' => [ 76 | 'session_id' => '[REDACTED]' 77 | ], 78 | ]; 79 | ``` 80 | 81 | ### Advanced usage 82 | 83 | Array Redactor can also receive valid json instead of an array of content. 84 | 85 | ```php 86 | $json = json_encode([ 87 | 'email' => 'john_doe@domain.com', 88 | 'password' => 'secret123', 89 | 'data' => [ 90 | 'session_id' => 'z481jf0an4kasnc8a84aj831' 91 | ], 92 | ]); 93 | 94 | $redactor = (new ArrayRedactor($json, ['password', 'session_id']))->redact(); 95 | 96 | // $redactor will return: 97 | [ 98 | 'email' => 'john_doe@domain.com', 99 | 'password' => '[REDACTED]', 100 | 'data' => [ 101 | 'session_id' => '[REDACTED]' 102 | ], 103 | ]; 104 | ``` 105 | 106 | You can also receive your content back as json instead of an array. 107 | 108 | ```php 109 | $login = [ 110 | 'email' => 'john_doe@domain.com', 111 | 'password' => 'secret123', 112 | 'data' => [ 113 | 'session_id' => 'z481jf0an4kasnc8a84aj831' 114 | ], 115 | ]; 116 | 117 | $redactor = (new ArrayRedactor($login, ['password', 'session_id']))->redactToJson(); 118 | 119 | // $redactor will return: 120 | "{ 121 | "email": "john_doe@domain.com", 122 | "password": "[REDACTED]", 123 | "data": { 124 | "session_id": "[REDACTED]" 125 | } 126 | }" 127 | ``` 128 | 129 | You can change the redaction value (default: [REDACTED]), known as the ``ink``, by passing it as the third argument of the constructor, or using the dedicated ``->ink()`` method. 130 | 131 | ```php 132 | $login = [ 133 | 'email' => 'john_doe@domain.com', 134 | 'password' => 'secret123', 135 | 'data' => [ 136 | 'session_id' => 'z481jf0an4kasnc8a84aj831' 137 | ], 138 | ]; 139 | 140 | $redactor = (new ArrayRedactor($login, ['password', 'session_id'], null))->redact(); 141 | // or... 142 | $redactor = (new ArrayRedactor($login, ['password', 'session_id']))->ink(null)->redact(); 143 | 144 | // $redactor will return: 145 | [ 146 | 'email' => 'john_doe@domain.com', 147 | 'password' => null, 148 | 'data' => [ 149 | 'session_id' => null 150 | ], 151 | ]; 152 | ``` 153 | 154 | You can call the ``ArrayRedactor`` as a function and the magic ``__invoke()`` method will call the ``redact`` method for you. 155 | 156 | ```php 157 | $login = [ 158 | 'email' => 'john_doe@domain.com', 159 | 'password' => 'secret123', 160 | 'data' => [ 161 | 'session_id' => 'z481jf0an4kasnc8a84aj831' 162 | ], 163 | ]; 164 | 165 | $redactor = (new ArrayRedactor($login, ['password', 'session_id'], null))(); 166 | 167 | // $redactor will return: 168 | [ 169 | 'email' => 'john_doe@domain.com', 170 | 'password' => null, 171 | 'data' => [ 172 | 'session_id' => null 173 | ], 174 | ]; 175 | ``` 176 | 177 | Lastly, you can skip the constructor arguments entirely if you prefer. 178 | 179 | ```php 180 | $login = [ 181 | 'email' => 'john_doe@domain.com', 182 | 'password' => 'secret123', 183 | 'data' => [ 184 | 'session_id' => 'z481jf0an4kasnc8a84aj831' 185 | ], 186 | ]; 187 | 188 | $redactor = (new ArrayRedactor)->content($login)->keys(['password'])->ink(null)->redact(); 189 | 190 | // $redactor will return: 191 | [ 192 | 'email' => 'john_doe@domain.com', 193 | 'password' => null, 194 | 'data' => [ 195 | 'session_id' => 'z481jf0an4kasnc8a84aj831' 196 | ], 197 | ]; 198 | ``` 199 | 200 | ### Using the global helper 201 | 202 | This package provides a convenient helper function which is globally accessible. 203 | 204 | ```php 205 | array_redactor($array, $keys, $ink)->redact(); 206 | // or... 207 | array_redactor()->content($array)->keys(['current_password', 'new_password'])->ink('████████')->redact(); 208 | ``` 209 | 210 | ### Using the facade (Laravel users) 211 | 212 | If you are using Laravel, this package provides a facade. To register the facade add the following line to your ``config/app.php`` under the ``aliases`` key. 213 | 214 | **Please note:** this is the only method for Laravel users that will prefill your ``keys`` and ``ink`` from your ``arrayredactor.php`` config file. The global helper and direct instantiation of the class will not prefill these values for you. 215 | 216 | ````php 217 | 'ArrayRedactor' => Mtownsend\ArrayRedactor\Facades\ArrayRedactor::class, 218 | ```` 219 | 220 | ```php 221 | use ArrayRedactor; 222 | 223 | // Laravel prefills our keys() and ink() methods for us from the config file 224 | ArrayRedactor::content($array)->redact(); 225 | ``` 226 | 227 | ## Error handling 228 | 229 | In the event you pass content that is not valid json or an array, an ``ArrayRedactorException`` will be thrown. 230 | 231 | ```php 232 | try { 233 | $redactor = (new ArrayRedactor('i am an invalid argument', ['password']))->redact(); 234 | } catch (\Mtownsend\ArrayRedactor\Exceptions\ArrayRedactorException $exception) { 235 | // do something... 236 | } 237 | ``` 238 | 239 | ## Credits 240 | 241 | - Mark Townsend 242 | - [All Contributors](../../contributors) 243 | 244 | ## Testing 245 | 246 | You can run the tests with: 247 | 248 | ```bash 249 | ./vendor/bin/phpunit 250 | ``` 251 | 252 | ## License 253 | 254 | The MIT License (MIT). Please see [License File](LICENSE.md) for more information. 255 | -------------------------------------------------------------------------------- /composer.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "mtownsend/array-redactor", 3 | "description": "A PHP package to redact array values by their keys.", 4 | "keywords": [ 5 | "array", 6 | "redact", 7 | "redactor", 8 | "sensitive", 9 | "censor", 10 | "log", 11 | "logger", 12 | "recursive" 13 | ], 14 | "license": "MIT", 15 | "authors": [ 16 | { 17 | "name": "Mark Townsend", 18 | "email": "mtownsend5512@gmail.com", 19 | "role": "Developer" 20 | } 21 | ], 22 | "autoload": { 23 | "psr-4": { 24 | "Mtownsend\\ArrayRedactor\\": "src" 25 | }, 26 | "files": [ 27 | "src/helpers.php" 28 | ] 29 | }, 30 | "require": { 31 | "php": ">=5.6" 32 | }, 33 | "require-dev": { 34 | "phpunit/phpunit": "^6.4" 35 | }, 36 | "autoload-dev": { 37 | "psr-4": { 38 | "Mtownsend\\ArrayRedactor\\Test\\": "tests/" 39 | } 40 | }, 41 | "extra": { 42 | "laravel": { 43 | "providers": [ 44 | "Mtownsend\\ArrayRedactor\\Providers\\ArrayRedactorServiceProvider" 45 | ] 46 | } 47 | }, 48 | "minimum-stability": "stable" 49 | } 50 | -------------------------------------------------------------------------------- /phpunit.xml: -------------------------------------------------------------------------------- 1 | 2 | 12 | 13 | 14 | tests 15 | 16 | 17 | 18 | 19 | src/ 20 | 21 | 22 | -------------------------------------------------------------------------------- /src/ArrayRedactor.php: -------------------------------------------------------------------------------- 1 | content = $content; 44 | $this->keys = $keys; 45 | $this->ink = $ink; 46 | } 47 | 48 | /** 49 | * Provide the content to undergo redaction 50 | * 51 | * @param mixed array|string $content The content to redact (either array of json) 52 | * @return object \Mtownsend\ArrayRedactor\ArrayRedactor 53 | */ 54 | public function content($content = []) 55 | { 56 | $this->content = $content; 57 | return $this; 58 | } 59 | 60 | /** 61 | * Set the keys to redact 62 | * 63 | * @param array $keys A non-associative array of keys that should be redacted in the content 64 | * @return object \Mtownsend\ArrayRedactor\ArrayRedactor 65 | */ 66 | public function keys($keys = []) 67 | { 68 | $this->keys = $keys; 69 | return $this; 70 | } 71 | 72 | /** 73 | * Set the value to replace redacted key values with 74 | * 75 | * @param mixed $ink What should replace the redacted data 76 | * @return object \Mtownsend\ArrayRedactor\ArrayRedactor 77 | */ 78 | public function ink($ink = '[REDACTED]') 79 | { 80 | $this->ink = is_callable($ink) ? $ink() : $ink; 81 | return $this; 82 | } 83 | 84 | /** 85 | * Apply recursive array redaction to the content 86 | * 87 | * @return array 88 | */ 89 | public function redact() 90 | { 91 | if (is_string($this->content) && $this->isValidJson($this->content)) { 92 | $this->content = json_decode($this->content, true); 93 | } 94 | 95 | if (!is_array($this->content) || !$this->isAssocArray($this->content)) { 96 | throw new ArrayRedactorException("ArrayRedactor received invalid content `{$this->content}`"); 97 | } 98 | 99 | // Recursively traverse the array and redact the specified keys 100 | array_walk_recursive($this->content, function (&$value, $key) { 101 | if (in_array($key, $this->keys, true)) { 102 | $value = $this->ink; 103 | } 104 | }); 105 | 106 | return $this->content; 107 | } 108 | 109 | /** 110 | * Return a json string 111 | * 112 | * @return string 113 | */ 114 | public function redactToJson() 115 | { 116 | return json_encode($this->redact()); 117 | } 118 | 119 | public function __toString() 120 | { 121 | return $this->redactToJson(); 122 | } 123 | 124 | public function __invoke() 125 | { 126 | return $this->redact(); 127 | } 128 | 129 | /** 130 | * Determine if the given array is associative or non-associative 131 | * 132 | * @param array $array 133 | * @return boolean 134 | */ 135 | protected function isAssocArray(array $array) 136 | { 137 | $keys = array_keys($array); 138 | return array_keys($keys) !== $keys; 139 | } 140 | 141 | /** 142 | * Check if the string received is valid json 143 | * 144 | * @param string $string Assumed json string 145 | * @return boolean 146 | */ 147 | protected function isValidJson($string) 148 | { 149 | json_decode($string); 150 | return (json_last_error() === JSON_ERROR_NONE); 151 | } 152 | } 153 | -------------------------------------------------------------------------------- /src/Exceptions/ArrayRedactorException.php: -------------------------------------------------------------------------------- 1 | publishes([ 18 | __DIR__ . '/../config/arrayredactor.php' => config_path('arrayredactor.php') 19 | ], 'config'); 20 | } 21 | 22 | /** 23 | * Register any application services. 24 | * 25 | * @return void 26 | */ 27 | public function register() 28 | { 29 | $this->app->bind('array_redactor', function () { 30 | return new ArrayRedactor([], config('arrayredactor.keys'), config('arrayredactor.ink')); 31 | }); 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /src/config/arrayredactor.php: -------------------------------------------------------------------------------- 1 | [ 9 | 'password', 10 | ], 11 | 12 | /* 13 | * What you will replace redacted content with 14 | */ 15 | 'ink' => '[REDACTED]', 16 | 17 | ]; -------------------------------------------------------------------------------- /src/helpers.php: -------------------------------------------------------------------------------- 1 | content = [ 12 | 'email' => 'mtownsend5512@gmail.com', 13 | 'password' => 'secret123', 14 | 'changes' => [ 15 | 'account' => [ 16 | 'old_password' => 'secret321', 17 | 'new_password' => 'secret789' 18 | ], 19 | ] 20 | ]; 21 | } 22 | 23 | /** @test */ 24 | public function can_instantiate_class_through_helper() 25 | { 26 | $result = array_redactor($this->content, ['password'], '[REDACTED]')->redact(); 27 | $this->assertEquals(array_merge($this->content, [ 28 | 'password' => '[REDACTED]' 29 | ]), $result); 30 | } 31 | 32 | /** @test */ 33 | public function can_accept_array_content() 34 | { 35 | $result = (new ArrayRedactor($this->content, ['password'], '[REDACTED]'))->redact(); 36 | $this->assertEquals(array_merge($this->content, [ 37 | 'password' => '[REDACTED]' 38 | ]), $result); 39 | } 40 | 41 | /** @test */ 42 | public function can_accept_json_content() 43 | { 44 | $result = (new ArrayRedactor(json_encode($this->content), ['password'], '[REDACTED]'))->redact(); 45 | $this->assertEquals(array_merge($this->content, [ 46 | 'password' => '[REDACTED]' 47 | ]), $result); 48 | } 49 | 50 | /** @test */ 51 | public function can_be_invoked() 52 | { 53 | $result = new ArrayRedactor($this->content, ['password'], '[REDACTED]'); 54 | $this->assertEquals(array_merge($this->content, [ 55 | 'password' => '[REDACTED]' 56 | ]), $result()); 57 | } 58 | 59 | /** @test */ 60 | public function can_be_cast_as_json() 61 | { 62 | $result = new ArrayRedactor($this->content, ['password'], '[REDACTED]'); 63 | $this->assertEquals(json_encode(array_merge($this->content, [ 64 | 'password' => '[REDACTED]' 65 | ])), (string) $result); 66 | } 67 | 68 | /** @test */ 69 | public function can_redact_nested_keys() 70 | { 71 | $result = (new ArrayRedactor($this->content, ['old_password', 'new_password'], '[REDACTED]'))->redact(); 72 | $this->assertEquals(array_merge($this->content, [ 73 | 'changes' => ['account' => [ 74 | 'old_password' => '[REDACTED]', 75 | 'new_password' => '[REDACTED]' 76 | ]] 77 | ]), $result); 78 | } 79 | 80 | /** @test */ 81 | public function can_change_redaction_ink() 82 | { 83 | $result = (new ArrayRedactor($this->content, ['password'], null))->redact(); 84 | $this->assertEquals(array_merge($this->content, [ 85 | 'password' => null 86 | ]), $result); 87 | } 88 | 89 | /** @test */ 90 | public function can_omit_constructor_arguments_in_favor_of_methods() 91 | { 92 | $result = (new ArrayRedactor())->content($this->content)->keys(['password'])->ink(null)->redact(); 93 | $this->assertEquals(array_merge($this->content, [ 94 | 'password' => null 95 | ]), $result); 96 | } 97 | 98 | /** @test */ 99 | public function can_accept_closure_in_ink() 100 | { 101 | $array = $this->content; 102 | $result = (new ArrayRedactor())->content($this->content)->keys(['email'])->ink(function() use ($array) { 103 | return substr($array['email'], stripos($array['email'], '@')); 104 | })->redact(); 105 | $this->assertEquals(array_merge($this->content, [ 106 | 'email' => '@gmail.com' 107 | ]), $result); 108 | } 109 | } 110 | --------------------------------------------------------------------------------