Hide potentially sensitive information from api system/env
This commit is contained in:
abdulmohsen
@@ -6,13 +6,23 @@ namespace App\API\System;
|
|||||||
|
|
||||||
use App\Libs\Attributes\Route\Get;
|
use App\Libs\Attributes\Route\Get;
|
||||||
use App\Libs\HTTP_STATUS;
|
use App\Libs\HTTP_STATUS;
|
||||||
|
use App\Libs\Uri;
|
||||||
use Psr\Http\Message\ResponseInterface;
|
use Psr\Http\Message\ResponseInterface;
|
||||||
use Psr\Http\Message\ServerRequestInterface;
|
use Psr\Http\Message\ServerRequestInterface;
|
||||||
|
use Throwable;
|
||||||
|
|
||||||
#[Get(self::URL . '[/]', name: 'system.env')]
|
#[Get(self::URL . '[/]', name: 'system.env')]
|
||||||
final class Env
|
final class Env
|
||||||
{
|
{
|
||||||
public const URL = '%{api.prefix}/system/env';
|
public const URL = '%{api.prefix}/system/env';
|
||||||
|
private const BLACKLIST = [
|
||||||
|
'WS_API_KEY'
|
||||||
|
];
|
||||||
|
private const BLACKLIST_PARSE_URL = [
|
||||||
|
'WS_CACHE_URL' => [
|
||||||
|
'password',
|
||||||
|
],
|
||||||
|
];
|
||||||
|
|
||||||
public function __invoke(ServerRequestInterface $request, array $args = []): ResponseInterface
|
public function __invoke(ServerRequestInterface $request, array $args = []): ResponseInterface
|
||||||
{
|
{
|
||||||
@@ -21,10 +31,38 @@ final class Env
|
|||||||
'data' => [],
|
'data' => [],
|
||||||
];
|
];
|
||||||
|
|
||||||
foreach (getenv() as $key => $val) {
|
foreach ($_ENV as $key => $val) {
|
||||||
if (false === str_starts_with($key, 'WS_') && $key !== 'HTTP_PORT') {
|
if (false === str_starts_with($key, 'WS_') && $key !== 'HTTP_PORT') {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
if (array_key_exists($key, self::BLACKLIST_PARSE_URL)) {
|
||||||
|
$val = new Uri($val);
|
||||||
|
$query = $val->getQuery();
|
||||||
|
$auth = $val->getUserInfo();
|
||||||
|
if (!empty($auth) && str_contains($auth, ':')) {
|
||||||
|
$val = $val->withUserInfo(before($auth, ':'), '__hidden__');
|
||||||
|
}
|
||||||
|
if (!empty($query)) {
|
||||||
|
parse_str($query, $q);
|
||||||
|
foreach ($q ?? [] as $k => $v) {
|
||||||
|
if (false === in_array(strtolower($k), self::BLACKLIST_PARSE_URL[$key], true)) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
$q[$k] = '__hidden__';
|
||||||
|
}
|
||||||
|
$val = $val->withQuery(http_build_query($q));
|
||||||
|
}
|
||||||
|
$val = (string)$val;
|
||||||
|
}
|
||||||
|
} catch (Throwable) {
|
||||||
|
}
|
||||||
|
|
||||||
|
if (in_array($key, self::BLACKLIST, true)) {
|
||||||
|
$val = '__hidden__';
|
||||||
|
}
|
||||||
|
|
||||||
$response['data'][] = [
|
$response['data'][] = [
|
||||||
'key' => $key,
|
'key' => $key,
|
||||||
'value' => $val,
|
'value' => $val,
|
||||||
|
|||||||
Reference in New Issue
Block a user