45 lines
1.4 KiB
PHP
45 lines
1.4 KiB
PHP
<?php
|
|
/**
|
|
* Logger - thin wrapper over Gravity Forms' add-on logging, with mandatory
|
|
* redaction on every write. The Basic auth header and any password must never
|
|
* reach a log line or a transaction record.
|
|
*
|
|
* @package ESP\Instanda
|
|
*/
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace ESP\Instanda;
|
|
|
|
final class Logger {
|
|
|
|
public static function debug(string $message): void {
|
|
self::write('debug', $message);
|
|
}
|
|
|
|
public static function error(string $message): void {
|
|
self::write('error', $message);
|
|
}
|
|
|
|
private static function write(string $level, string $message): void {
|
|
$message = self::redact($message);
|
|
|
|
$addon = class_exists(__NAMESPACE__ . '\\Instanda_AddOn')
|
|
? Instanda_AddOn::get_instance()
|
|
: null;
|
|
|
|
if ($addon !== null) {
|
|
$level === 'error' ? $addon->log_error($message) : $addon->log_debug($message);
|
|
} elseif (function_exists('error_log')) {
|
|
error_log("ESP INSTANDA [{$level}] {$message}");
|
|
}
|
|
}
|
|
|
|
/** Strip Basic auth headers and password-like values from any string before it is written. */
|
|
public static function redact(string $text): string {
|
|
$text = (string) preg_replace('/(Authorization:\s*Basic\s+)\S+/i', '$1[redacted]', $text);
|
|
$text = (string) preg_replace('/("?(?:password|pass|pwd)"?\s*[:=]\s*)"?[^",\s}]+/i', '$1[redacted]', $text);
|
|
return $text;
|
|
}
|
|
}
|