Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/glaivepro/hidevara

Laravel millipackage that hides your variables from getting dumped in the Whoops page when your app crashes.
https://github.com/glaivepro/hidevara

hacktoberfest laravel whoops-page

Last synced: 7 days ago
JSON representation

Laravel millipackage that hides your variables from getting dumped in the Whoops page when your app crashes.

Host: GitHub
URL: https://github.com/glaivepro/hidevara
Owner: GlaivePro
License: mit
Created: 2018-11-06T20:50:06.000Z (almost 6 years ago)
Default Branch: master
Last Pushed: 2021-05-14T20:59:47.000Z (over 3 years ago)
Last Synced: 2024-09-23T09:32:40.923Z (10 days ago)
Topics: hacktoberfest, laravel, whoops-page
Language: PHP
Homepage:
Size: 21.5 KB
Stars: 26
Watchers: 3
Forks: 1
Open Issues: 1
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE.md

Awesome Lists containing this project

README

        # Hidevara

> Even though Laravel >=6.x includes Ignition which no longer dumps your variables, it requires Whoops itself. And in some cases you can still get to the old error page with variables dumped.

> This package works fine with Laravel 8. I haven't updated it lately because it just works as fine as it did before.

Laravel millipackage that hides your variables from getting dumped in the Whoops page when your app crashes.

`Hidevara` is japonese for `hide the damn vars`.

## Usage

Install it:

``` bash

$ composer require glaivepro/hidevara

```

To deal with the cases where the app crashes before loading providers, you should open your `bootstrap/app.php` and extend the handler. Find these rows (or something similar with another namespace if you've changed that):

```php

// This is already there

$app->singleton(

    Illuminate\Contracts\Debug\ExceptionHandler::class,

    App\Exceptions\Handler::class

);

```

Immediately after that insert these lines to extend the handler:

```php

// Enable only outside testing as this does not work well with phpunit... see below

if ('testing' != env('APP_ENV'))  // this will work even with config caching

	$app->extend(

		Illuminate\Contracts\Debug\ExceptionHandler::class,

		function($handler) {

			return new GlaivePro\Hidevara\HidingHandler($handler);

	});

```

By default this package will:

- leave your GET and FILES intact;

- hide value of any POST field that has a name containing `password`;

- hide values of SESSION and COOKIE;

- remove almost all SERVER variables (except REDIRECT_STATUS, REQUEST_METHOD, QUERY_STRING, REQUEST_URI);

- remove all ENV variables.

"Hide" means that the value will be replaced with a string. By default it's empty string for null/emptystring values and `[hidden]` for everything else.

## Customization

Publish the config:

``` bash

$ php artisan vendor:publish --provider="GlaivePro\Hidevara\Provider"

```

Now you've got your very own `config/hidevara.php` file to edit. 

You'll see a set of rules (`'action' => $test`) associated with each of the variables. The test can be an array of exact field names, string with a regex or `true` to take this action for anything.

Here's an example:

```php

	'_GET' => [                   //this is the ruleset for fields in GET

		'expose' => true,         // show all fields

	],

	'_ENV' => [

		'remove' => ['APP_KEY'],  // remove key field entirely

		'hide' => '/password/i',  // hide anything that matches regex contains password

		'trash' => '/PUSHER/'     // anything that's not 'expose' or 'hide' will remove matched fields

		'expose' => true,         // expose all that remains

	],

	

	'_SERVER' => [

		'expose' => ['REQUEST_METHOD'],  // show the REQUEST_METHOD

		                                 // everything that hasn't matched a rule will be removed

	],

```

There are also `replaceHiddenValueWith` and `replaceHiddenEmptyValueWith` where you can supply whatever strings you love (like 🍑).

## Changes to error handling

To hide the global variables from Whoops, they are hijacked/ruined just before calling your `Handler::render()`. If you need access to the original global at that method, you can get them in `$GLOBALS['hidevara']`. For example, `$GLOBALS['hidevara']['_SERVER']` is what `$_SERVER` was.

## Working with PHPUnit

Sometimes (supposedly when an exception is raised) this package crashes PHPUnit. To prevent this, we are not enabling the custom handling when the environment is `testing`.

If you do need to enable this while running PHPUnit, the errors can be prevented by setting `processIsolation="true"` on the `` tag in your `phpunit.xml`.

## Collaboration

Pls help! Here are the open problems and questions:

- We should make a console command that fixes `app\bootstrap.php`. Can we force calling it in the provider if needed?

- What should the default config be?

- Should config allow repeating the same type of rule? It's possible but would make config syntax more complicated.

- Are there better ways to do this in Laravel? 

- Can we intercept directly in the Whoopsies `PrettyPageHandler` and make this not Laravel specific?

## Change log

Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently.

## License

The MIT License (MIT). Please see [License File](LICENSE.md) for more information.

[link-packagist]: https://packagist.org/packages/GlaivePro/Ajaxable

[link-author]: https://github.com/tontonsb

[link-contributors]: ../../contributors