Add copy logs button with PII/secret sanitization

Add a copy button to individual container logs that strips sensitive data before copying to clipboard. Includes sanitization for emails, database URLs with passwords, JWT tokens, API keys, private key blocks, and git access tokens.
2026-04-17 15:20:40 +00:00 · 2025-12-16 10:43:18 +08:00
parent 6b88481ce2
commit 327e8181af
4 changed files with 147 additions and 0 deletions
--- a/bootstrap/helpers/shared.php
+++ b/bootstrap/helpers/shared.php
@@ -653,6 +653,30 @@ function removeAnsiColors($text)
    return preg_replace('/\e[[][A-Za-z0-9];?[0-9]*m?/', '', $text);
 }

+function sanitizeLogsForExport(string $text): string
+{
+    // Use existing helper for tokens and ANSI codes
+    $text = remove_iip($text);
+
+    // Database URLs with passwords - must run before email regex to prevent false matches
+    // (postgres://user:password@host → postgres://user:<REDACTED>@host)
+    $text = preg_replace('/((?:postgres|mysql|mongodb|rediss?|mariadb):\/\/[^:]+:)[^@]+(@)/i', '$1'.REDACTED.'$2', $text);
+
+    // Email addresses
+    $text = preg_replace('/[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/', REDACTED, $text);
+
+    // Bearer/JWT tokens
+    $text = preg_replace('/Bearer\s+[A-Za-z0-9\-_]+\.[A-Za-z0-9\-_]+\.[A-Za-z0-9\-_]+/i', 'Bearer '.REDACTED, $text);
+
+    // API keys (common patterns)
+    $text = preg_replace('/(api[_-]?key|apikey|api[_-]?secret|secret[_-]?key)[=:]\s*[\'"]?[A-Za-z0-9\-_]{16,}[\'"]?/i', '$1='.REDACTED, $text);
+
+    // Private key blocks
+    $text = preg_replace('/-----BEGIN [A-Z ]*PRIVATE KEY-----[\s\S]*?-----END [A-Z ]*PRIVATE KEY-----/', REDACTED, $text);
+
+    return $text;
+}
+
 function getTopLevelNetworks(Service|Application $resource)
 {
    if ($resource->getMorphClass() === \App\Models\Service::class) {