From c0a04a23972ddb40ad7d9dec372c2e95739ee1da Mon Sep 17 00:00:00 2001
From: "Abdulmhsen B. A. A" <admin@arabcoders.org>
Date: Mon, 18 Jul 2022 22:31:37 +0300
Subject: [PATCH] Mask apikey in access_log messages.

---
 src/Libs/Initializer.php | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/src/Libs/Initializer.php b/src/Libs/Initializer.php
index f150c07c..6b340227 100644
--- a/src/Libs/Initializer.php
+++ b/src/Libs/Initializer.php
@@ -664,13 +664,26 @@ final class Initializer
             return;
         }
 
+        $params = $request->getServerParams();
+
+        $uri = new Uri((string)ag($params, 'REQUEST_URI', '/'));
+
+        if (false === empty($uri->getQuery())) {
+            $query = [];
+            parse_str($uri->getQuery(), $query);
+            if (true === ag_exists($query, 'apikey')) {
+                $query['apikey'] = '(removed_api_key)';
+                $uri = $uri->withQuery(http_build_query($query));
+            }
+        }
+
         $context = array_replace_recursive(
             [
                 'request' => [
-                    'id' => ag($request->getServerParams(), 'X_REQUEST_ID'),
-                    'ip' => ag($request->getServerParams(), 'REMOTE_ADDR'),
-                    'agent' => ag($request->getServerParams(), 'HTTP_USER_AGENT'),
-                    'uri' => ag($request->getServerParams(), 'REQUEST_URI'),
+                    'id' => ag($params, 'X_REQUEST_ID'),
+                    'ip' => ag($params, 'REMOTE_ADDR'),
+                    'agent' => ag($params, 'HTTP_USER_AGENT'),
+                    'uri' => (string)$uri,
                 ],
             ],
             $context