corrivate/magento2-rest-api-logger 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

corrivate/magento2-rest-api-logger

Composer 安装命令:

composer require corrivate/magento2-rest-api-logger

包简介

Advanced and convenient logging

README 文档

README

Latest Version on Packagist MIT Licensed

Goal

Get logging visibility on the use of the Magento REST API:

  • Which requests are made, by which IP & user agent, to what endpoints?
  • What is in those requests?
  • What are they getting as responses?

At HYPR we've found this to be quite useful, because you often run into questions such as:

  • Which external integration interacted with this product's data?
  • The third party warehouse claims to have set product qty to X, but it's showing as Y. Have they really set it to X?
  • Product image roles are configured strangely. Has someone used the wrong store code when updating them through the API?

IMPORTANT!

Improper use of logging can expose security- and personally-sensitive data.

This module is a "power tool" for debugging API issues, it is not entirely possible to prevent this. Being careful what you log is YOUR responsibility. Setting this module to "always on" is not a good idea.

The module has several filters that allow you to narrow down the scope of what you're logging.

Installation

composer require corrivate/magento2-rest-api-logger
bin/magento module:enable Corrivate_RestApiLogger
bin/magento setup:di:compile

Configuration

Most of this module's power is in the configuration. That's where you decide what kind of requests you want to log.

You can configure the logger in Admin > Stores > Configuration > Services > REST API Logger.

The following configurations are available:

  • Enable/Disable logging
  • Enable/Disable safer mode (which censors some privacy-sensitive payloads)
  • Include request/response headers
  • Setting up filters

Configure what to filter on

  • HTTP method (GET, POST, PUT, DELETE)
  • API endpoint (https://developer.adobe.com/commerce/webapi/rest/quick-reference/)
  • Route: can be used for query string arguments, or if you want all endpoints relating to products for example
  • Requester's IP address
  • Requester's user agent
  • Text in the request body
  • HTTP status of the response
  • Text in the response body

Configure consequences when a filter matches

  • Forbid logging this request/response/both. If this filter matches it overrules all other filters.
  • Require that this specific filter matches, otherwise don't log the request/response/both. If "require" filters are specified, all of them need to match to log this.
  • Allow logging this if the filter matches. If any "allow" filters are configured, at least one of them has to match, but not all of them.
  • Censor the body of the request/response/both, but log that it took place and information about who sent it, response codes etc.
  • Whenever a filter matches you can also add tags. This is useful for example to tag all requests coming from a particular IP address so that you know it came from company X. They could also be used for later post-processing of the logs.

Security

The module will not log the body of incoming auth requests. If headers are logged, credentials will be hashed.

When "safer mode" is active in the configuration, the following additional filters are applied to reduce the risk of logging sensitive data:

  • Header logging is disabled.
  • request body contains "street" => censor both
  • response body contains "street" => censor response
  • Request URLs containing these parts => censor both
    • /V1/applepay
    • /V1/braintree
    • /V1/carts
    • /V1/creditmemo
    • /V1/customers
    • /V1/guest-carts
    • /V1/inventory/get-latlng-from-address
    • /V1/inventory/get-latslngs-from-address
    • /V1/invoices
    • /V1/orders
    • /V1/shipment
    • /V1/tfa

Credits

HYPR

This module was originally created at HYPER. With their permission it has been open-sourced and been developed further.

The design of the module builds on previous loggers, in particular https://github.com/vladflonta/magento2-webapi-log ; however, that module appears to be no longer actively supported.

Corrivate

(en.wiktionary.org)

Etymology

From Latin corrivatus, past participle of corrivare ("to corrivate").

Verb

corrivate (third-person singular simple present corrivates, present participle corrivating, simple past and past participle corrivated)

(obsolete) To cause to flow together, as water drawn from several streams.

corrivate/magento2-rest-api-logger 适用场景与选型建议

corrivate/magento2-rest-api-logger 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 57.89k 次下载、GitHub Stars 达 20, 最近一次更新时间为 2024 年 01 月 09 日, 在 PHP 生态内属于活跃度较高的组件。

我们在过去多个企业项目中使用过 corrivate/magento2-rest-api-logger 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 corrivate/magento2-rest-api-logger 我们能提供哪些服务?
定制开发 / 二次开发

基于 corrivate/magento2-rest-api-logger 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 57.89k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 21
  • 点击次数: 26
  • 依赖项目数: 1
  • 推荐数: 0

GitHub 信息

  • Stars: 20
  • Watchers: 1
  • Forks: 1
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2024-01-09