diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2023-01-11 23:27:14 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2023-01-11 23:27:14 +0100 |
| commit | 075cf4c800063e3cc65c3d41a9c23222e8ebb554 (patch) | |
| tree | 6fb7d9c66fdbafea83f160c9043d9fd688844c1b /p/api/greader.php | |
| parent | c75baefe40952e6ae80aa8570c0acfc9baf7d997 (diff) | |
API avoid logging passwords (#5001)
* API avoid logging passwords
* Strip passwords and tokens from API logs
* Only log failed requests information when in debug mode
* Remove debug SHA
* Clean also Apache logs
* Better comments
* Redact also token parameters
* shfmt
* Simplify whitespace
* redacted
Diffstat (limited to 'p/api/greader.php')
| -rw-r--r-- | p/api/greader.php | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/p/api/greader.php b/p/api/greader.php index afca1afaf..a3dad880e 100644 --- a/p/api/greader.php +++ b/p/api/greader.php @@ -97,27 +97,29 @@ function debugInfo() { } } global $ORIGINAL_INPUT; - return print_r( - array( + $log = sensitive_log([ 'date' => date('c'), 'headers' => $ALL_HEADERS, '_SERVER' => $_SERVER, '_GET' => $_GET, '_POST' => $_POST, '_COOKIE' => $_COOKIE, - 'INPUT' => $ORIGINAL_INPUT - ), true); + 'INPUT' => $ORIGINAL_INPUT, + ]); + return print_r($log, true); } function badRequest() { - Minz_Log::warning('badRequest() ' . debugInfo(), API_LOG); + Minz_Log::warning('GReader API: ' . __METHOD__, API_LOG); + Minz_Log::debug('badRequest() ' . debugInfo(), API_LOG); header('HTTP/1.1 400 Bad Request'); header('Content-Type: text/plain; charset=UTF-8'); die('Bad Request!'); } function unauthorized() { - Minz_Log::warning('unauthorized() ' . debugInfo(), API_LOG); + Minz_Log::warning('GReader API: ' . __METHOD__, API_LOG); + Minz_Log::debug('unauthorized() ' . debugInfo(), API_LOG); header('HTTP/1.1 401 Unauthorized'); header('Content-Type: text/plain; charset=UTF-8'); header('Google-Bad-Token: true'); @@ -125,21 +127,24 @@ function unauthorized() { } function notImplemented() { - Minz_Log::warning('notImplemented() ' . debugInfo(), API_LOG); + Minz_Log::warning('GReader API: ' . __METHOD__, API_LOG); + Minz_Log::debug('notImplemented() ' . debugInfo(), API_LOG); header('HTTP/1.1 501 Not Implemented'); header('Content-Type: text/plain; charset=UTF-8'); die('Not Implemented!'); } function serviceUnavailable() { - Minz_Log::warning('serviceUnavailable() ' . debugInfo(), API_LOG); + Minz_Log::warning('GReader API: ' . __METHOD__, API_LOG); + Minz_Log::debug('serviceUnavailable() ' . debugInfo(), API_LOG); header('HTTP/1.1 503 Service Unavailable'); header('Content-Type: text/plain; charset=UTF-8'); die('Service Unavailable!'); } function checkCompatibility() { - Minz_Log::warning('checkCompatibility() ' . debugInfo(), API_LOG); + Minz_Log::warning('GReader API: ' . __METHOD__, API_LOG); + Minz_Log::debug('checkCompatibility() ' . debugInfo(), API_LOG); header('Content-Type: text/plain; charset=UTF-8'); if (PHP_INT_SIZE < 8 && !function_exists('gmp_init')) { die('FAIL 64-bit or GMP extension! Wrong PHP configuration.'); @@ -172,8 +177,7 @@ function authorizationToUser() { if ($headerAuthX[1] === sha1(FreshRSS_Context::$system_conf->salt . $user . FreshRSS_Context::$user_conf->apiPasswordHash)) { return $user; } else { - Minz_Log::warning('Invalid API authorisation for user ' . $user . ': ' . $headerAuthX[1], API_LOG); - Minz_Log::warning('Invalid API authorisation for user ' . $user . ': ' . $headerAuthX[1]); + Minz_Log::warning('Invalid API authorisation for user ' . $user); unauthorized(); } } else { |