feat(audit): harden API audit log redaction and schema
- Change query_json column from TEXT to JSON, ip/user_agent to CHAR(64) for PII redaction compliance - Update repository, service, and views for hardened schema - Add architecture contract test for security logging redaction - Add search resource provider test coverage - Include DB migration script for existing installs Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -2,6 +2,7 @@
|
||||
|
||||
namespace MintyPHP\Tests\Module\Audit\Service;
|
||||
|
||||
use MintyPHP\Http\ApiAuth;
|
||||
use MintyPHP\Http\RequestContext;
|
||||
use MintyPHP\Http\RequestRuntime;
|
||||
use MintyPHP\Module\Audit\Repository\ApiAuditLogRepository;
|
||||
@@ -18,6 +19,7 @@ class ApiAuditServiceTest extends TestCase
|
||||
$this->serverBackup = $_SERVER;
|
||||
$this->getBackup = $_GET;
|
||||
RequestContext::resetForTests();
|
||||
ApiAuth::authenticate();
|
||||
}
|
||||
|
||||
protected function tearDown(): void
|
||||
@@ -25,6 +27,7 @@ class ApiAuditServiceTest extends TestCase
|
||||
$_SERVER = $this->serverBackup;
|
||||
$_GET = $this->getBackup;
|
||||
RequestContext::resetForTests();
|
||||
ApiAuth::authenticate();
|
||||
}
|
||||
|
||||
public function testCurrentRequestIdIsNullBeforeStart(): void
|
||||
@@ -73,4 +76,67 @@ class ApiAuditServiceTest extends TestCase
|
||||
|
||||
$this->assertNull($service->currentRequestId());
|
||||
}
|
||||
|
||||
public function testFinishStoresOnlyAllowlistedQueryKeysAndHashedNetworkMetadata(): void
|
||||
{
|
||||
$_SERVER['REQUEST_METHOD'] = 'GET';
|
||||
$_SERVER['REQUEST_URI'] = '/api/v1/users?active=1&email=user@example.com&token=secret&search=max';
|
||||
$_SERVER['REMOTE_ADDR'] = '203.0.113.10';
|
||||
$_SERVER['HTTP_USER_AGENT'] = 'TestAgent/1.0';
|
||||
$_GET = [
|
||||
'active' => '1',
|
||||
'email' => 'user@example.com',
|
||||
'token' => 'secret',
|
||||
'search' => 'max',
|
||||
];
|
||||
|
||||
$captured = null;
|
||||
$repository = $this->createMock(ApiAuditLogRepository::class);
|
||||
$repository->expects($this->once())
|
||||
->method('create')
|
||||
->willReturnCallback(static function (array $payload) use (&$captured): int {
|
||||
$captured = $payload;
|
||||
return 1;
|
||||
});
|
||||
|
||||
$service = new ApiAuditService($repository, new RequestRuntime());
|
||||
$service->startRequestContext();
|
||||
$service->finish(204);
|
||||
|
||||
$this->assertIsArray($captured);
|
||||
$decodedQuery = json_decode((string) ($captured['query_json'] ?? ''), true);
|
||||
$this->assertSame(['keys' => ['active', 'search']], $decodedQuery);
|
||||
$this->assertSame(RequestContext::hashValue('203.0.113.10'), $captured['ip']);
|
||||
$this->assertSame(RequestContext::hashValue('TestAgent/1.0'), $captured['user_agent']);
|
||||
$this->assertNotSame('203.0.113.10', $captured['ip']);
|
||||
$this->assertNotSame('TestAgent/1.0', $captured['user_agent']);
|
||||
}
|
||||
|
||||
public function testFinishSkipsQueryMetadataWhenNoAllowlistedKeyExists(): void
|
||||
{
|
||||
$_SERVER['REQUEST_METHOD'] = 'GET';
|
||||
$_SERVER['REQUEST_URI'] = '/api/v1/users?email=user@example.com&token=secret';
|
||||
$_SERVER['REMOTE_ADDR'] = '203.0.113.20';
|
||||
$_SERVER['HTTP_USER_AGENT'] = 'NoAllowlistAgent/1.0';
|
||||
$_GET = [
|
||||
'email' => 'user@example.com',
|
||||
'token' => 'secret',
|
||||
];
|
||||
|
||||
$captured = null;
|
||||
$repository = $this->createMock(ApiAuditLogRepository::class);
|
||||
$repository->expects($this->once())
|
||||
->method('create')
|
||||
->willReturnCallback(static function (array $payload) use (&$captured): int {
|
||||
$captured = $payload;
|
||||
return 1;
|
||||
});
|
||||
|
||||
$service = new ApiAuditService($repository, new RequestRuntime());
|
||||
$service->startRequestContext();
|
||||
$service->finish(200);
|
||||
|
||||
$this->assertIsArray($captured);
|
||||
$this->assertNull($captured['query_json'] ?? null);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user