aubes / shadow-logger-bundle
Monolog processor for anonymization
Installs: 25
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Type:symfony-bundle
Requires
- php: >=7.4
- monolog/monolog: ^2.0 | ^3.0
- symfony/http-foundation: ^5.4 |^6.0
- symfony/http-kernel: ^5.4 |^6.0
- symfony/polyfill-php80: ^1.0
- symfony/property-access: ^5.4 | ^6.0
Requires (Dev)
- friendsofphp/php-cs-fixer: ^3.1
- phpmd/phpmd: ^2.10
- phpspec/prophecy-phpunit: >=v2.0.1
- phpunit/phpunit: >=9.6
- vimeo/psalm: ^5.9
README
This Symfony bundle provides a monolog processor to transform log data, in order to respect GDPR or to anonymize sensitive data.
It allows Ip anonymization, encoding or removing data in the log.
Installation
composer require aubes/shadow-logger-bundle
Configuration
The configuration looks as follows :
# config/packages/shadow-logger.yaml shadow_logger: # If enabled, add "shadow-debug" on "extra" with debug information when exception occurred debug: '%kernel.debug%' # If enabled, remove value when exception occurred strict: true # Register ShadowProcessor on channels or handlers, not both # To configure channels or handlers is recommended for performance reason # Logging channels the ShadowProcessor should be pushed to handlers: ['app'] # Logging handlers the ShadowProcessor should be pushed to #channels: ['app'] encoder: salt: '%env(SHADOW_LOGGER_ENCODER_SALT)%' mapping: # Context fields context: custom_field: [] # Array of Transformer aliases # Examples: user_ip: ['ip'] user_name: ['hash'] user_birthdate: ['remove'] # Extra fields extra: custom_field: [] # Array of Transformer aliases
Mapping
Field name could contain dot to dive into array.
For example, if 'extra' contains the array :
'user' => [ 'id' => /* ... */, 'name' => [ 'first' => /* ... */, 'last' => /* ... */, ], ]
It is possible to modify ip
and name
fields :
# config/packages/shadow-logger.yaml shadow_logger: mapping: extra: user.ip: ['ip'] user.name.first: ['hash'] user.name.last: ['remove']
Warning, it is better to use field name without dot for performance. Internally, when a field name contains a dot the PropertyAccessor is used instead of a simple array key access.
Transformer
Currently, this bundle provides these transformers :
- ip: Anonymize IP v4 or v6 (cf:
Symfony\Component\HttpFoundation\IpUtils::anonymize
) - hash: Encode the value using hash function
- string: Cast a
scalar
intostring
or call__toString
on object - remove: Remove value (replaced by
--obfuscated--
) - encrypt: Encrypt the value (available only if encryptor is configured, cf: Encrypt transformer)
Chain transformers
You can chain transformers, for example to encode a "Stringable" object :
# config/packages/shadow-logger.yaml shadow_logger: # [...] mapping: context: custom_field: ['string', 'hash']
Hash transformer
Encoder configuration :
# config/packages/shadow-logger.yaml shadow_logger: # [...] encoder: algo: 'sha256' # cf: https://www.php.net/manual/fr/function.hash-algos.php salt: '%env(SHADOW_LOGGER_ENCODER_SALT)%' binary: false
Encrypt transformer
The bundle does not provide an encryption class.
To use the "encrypt" transformer, you need to manually configure the encryptor.
First, you need to create an Adapter class and extends EncryptorInterface :
// src/Encryptor/EncryptorAdapter.php namespace App\Encryptor; use Aubes\ShadowLoggerBundle\Encryptor\EncryptorInterface; class EncryptorAdapter implements EncryptorInterface { // [...] public function encrypt(string $data, string $iv): string { // [...] return $encryptedValue; } public function generateIv(): string { // [...] return $iv; } }
Next, register your class as a service (if service discovery is not used):
# config/services.yaml services: App\Encryptor\EncryptorAdapter: ~
Finally, configure your service Id in the ShadowLoggerBundle :
# config/packages/shadow-logger.yaml shadow_logger: # [...] encryptor: 'App\Encryptor\EncryptorAdapter'
This transformer replaces the value with an array :
[ 'iv' => , // Random IV used to encrypt the value 'value' => , // Encrypted value ]
Custom transformer
First you need to create a Transformer class and extends TransformerInterface :
// src/Transformer/CustomTransformer.php namespace App\Transformer; class CustomTransformer implements TransformerInterface { public function transform($data) { // [...] return $value; } }
Next, register your class as a service with 'shadow_logger.transformer' tag :
# config/services.yaml services: App\Transformer\CustomTransformer: tags: - { name: 'shadow_logger.transformer', alias: 'custom' }