feat: improved the uri mask used in the http client aspect and in the middleware tracker (#30)

gabrieldosscarvalho · web-flow · commit df171329f5f6 · 2025-10-01T11:02:57.000-03:00
diff --git a/src/Aspect/HttpClientAspect.php b/src/Aspect/HttpClientAspect.php
@@ -72,12 +72,16 @@ public function process(ProceedingJoinPoint $proceedingJoinPoint)
         $method = strtoupper($arguments['keys']['method'] ?? '');
         $uri = $arguments['keys']['uri'] ?? '';
         $host = $base_uri === null ? (parse_url($uri, PHP_URL_HOST) ?? '') : $base_uri->getHost();
+        $uriMask = $this->getUriMask($instance);
+        $uri = $this->shouldIgnoreUri($instance)
+            ? '<IGNORED>'
+            : SupportUri::sanitize(parse_url($uri, PHP_URL_PATH) ?? '/', $uriMask);
         $span = $this->startSpan(
             sprintf(
                 '%s %s/%s',
                 $method,
-                rtrim((string) ($base_uri ?? ''), '/'),
-                ltrim(parse_url(SupportUri::sanitize($uri), PHP_URL_PATH) ?? '', '/')
+                $host,
+                $uri
             )
         );
 
@@ -117,6 +121,22 @@ public function process(ProceedingJoinPoint $proceedingJoinPoint)
         return $result;
     }
 
+    private function shouldIgnoreUri(Client $instance): bool
+    {
+        return $instance->getConfig('ignore_uri') === true;
+    }
+
+    public function getUriMask(Client $instance): array
+    {
+        $uriMask = $instance->getConfig('uri_mask');
+
+        if (is_array($uriMask) === false) {
+            return [];
+        }
+
+        return $uriMask;
+    }
+
     protected function appendCustomSpan(Span $span, array $options): void
     {
         // just for override
diff --git a/src/Middleware/TraceMiddleware.php b/src/Middleware/TraceMiddleware.php
@@ -124,7 +124,7 @@ protected function appendCustomResponseSpan(Span $span, ServerRequestInterface $
 
     protected function buildSpan(ServerRequestInterface $request): Span
     {
-        $path = $this->getPath($request->getUri());
+        $path = $this->getPath($request);
         $spanName = sprintf('%s %s', $request->getMethod(), $path);
 
         $span = $this->startSpan($spanName, [], SPAN_KIND_RPC_SERVER);
@@ -156,8 +156,20 @@ protected function buildSpan(ServerRequestInterface $request): Span
         return $span;
     }
 
-    protected function getPath(UriInterface $uri): string
+    protected function getPath(ServerRequestInterface $request): string
     {
-        return Uri::sanitize($uri->getPath());
+        $dispatched = $request->getAttribute(Dispatched::class);
+        if (! $dispatched) {
+            return Uri::sanitize($request->getUri()->getPath(), $this->getUriMask());
+        }
+        if (! $dispatched->handler) {
+            return 'not_found';
+        }
+        return $dispatched->handler->route;
+    }
+
+    protected function getUriMask(): array
+    {
+        return is_array($this->config['uri_mask'])? $this->config['uri_mask'] : [];
     }
 }
diff --git a/src/Support/Uri.php b/src/Support/Uri.php
@@ -13,22 +13,36 @@
 
 final class Uri
 {
-    public static function sanitize(string $uri): string
+    public static function sanitize(string $uri, array $uriMask = []): string
     {
         return preg_replace(
-            [
-                '/\/(?<=\/)([A-F0-9]{8}-[A-F0-9]{4}-[A-F0-9]{4}-[A-F0-9]{4}-[A-F0-9]{12})(?=\/)?/i',
-                '/\/(?<=\/)((?=.{7,8}$)|(?=.{7,8}\/))([A-Z]{3}-?\d[0-9A-Z]\d{2})/i',
-                '/\/(?<=\/)[0-9A-F]{24,}(?=\/)?/i',
-                '/\/(?<=\/)\d+(?=\/)?/',
-            ],
-            [
-                '/<UUID>',
-                '/<LICENSE-PLATE>',
-                '/<OID>',
-                '/<NUMBER>',
-            ],
-            $uri
+            array_merge(
+                array_keys($uriMask),
+                [
+                    '/\/(?<=\/)[ED]\d{8}\d{12}[0-9a-zA-Z]{11}(?=\/)?/',
+                    '/\/(?<=\/)[a-f0-9]{40}(?=\/)?/i',
+                    '/\/(?<=\/)([A-F0-9]{8}-[A-F0-9]{4}-[A-F0-9]{4}-[A-F0-9]{4}-[A-F0-9]{12})(?=\/)?/i',
+                    '/\/(?<=\/)([A-Z]{3}-?\d[0-9A-Z]\d{2})(?=\/)?/i',
+                    '/\/(?<=\/)[0-9A-F]{16,24}(?=\/)?/i',
+                    '/\/(?<=\/)\d+(?=\/)?/',
+                    '/\/(?<=\/)R[RN]\d{16}[A-Za-z0-9]{11}/',
+                    '/\/([A-Z]{3,}(?:-[A-Z]{3,})*)-([A-Z0-9]{3}-\d+(?:_\d{3})?|[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|[A-Za-z0-9]{8,})(?=\/|$)/i',
+                ],
+            ),
+            array_merge(
+                array_values($uriMask),
+                [
+                    '/<E2E-ID>',
+                    '/<SHA1>',
+                    '/<UUID>',
+                    '/<LICENSE-PLATE>',
+                    '/<OID>',
+                    '/<NUMBER>',
+                    '/<EXTERNAL-ID>',
+                    '/<PREFIXED-ID>',
+                ],
+            ),
+            '/' . ltrim($uri, '/'),
         );
     }
 }
diff --git a/tests/UriTest.php b/tests/UriTest.php
@@ -69,7 +69,7 @@ public function testClearUriUuids(): void
     public function testClearUriOids(): void
     {
         $oid = '650229807612bba4984d1fc7';
-        $oidLonger = 'ddb21302b3c66b5111bb99a907f783e2a29947f0';
+        $oidShort = '65022612bba84d1f';
 
         self::assertSame('/v1/test', Uri::sanitize('/v1/test'));
         self::assertSame('/v2/test/<OID>', Uri::sanitize("/v2/test/{$oid}"));
@@ -79,7 +79,138 @@ public function testClearUriOids(): void
         self::assertSame('/v6/test/<OID>/<OID>/', Uri::sanitize("/v6/test/{$oid}/{$oid}/"));
         self::assertSame('/v7/test/<OID>/<OID>/<OID>', Uri::sanitize("/v7/test/{$oid}/{$oid}/{$oid}"));
         self::assertSame('/v8/test/<OID>/<OID>/<OID>/', Uri::sanitize("/v8/test/{$oid}/{$oid}/{$oid}/"));
-        self::assertSame('/v2/token/<OID>/foo/<OID>', Uri::sanitize("/v2/token/{$oidLonger}/foo/{$oid}"));
-        self::assertSame('/v3/token/<OID>/foo/<OID>/bar', Uri::sanitize("/v3/token/$oidLonger/foo/{$oid}/bar"));
+        self::assertSame('/v9/test/<OID>/bar/<NUMBER>', Uri::sanitize("/v9/test/{$oidShort}/bar/12345"));
+    }
+
+    public function testAddsInitialSlash(): void
+    {
+        self::assertSame('/v1/', Uri::sanitize('/v1/'));
+        self::assertSame('/v1', Uri::sanitize('v1'));
+        self::assertSame('/v1/', Uri::sanitize('v1/'));
+        self::assertSame('/v1/test/', Uri::sanitize('/v1/test/'));
+        self::assertSame('/v1/test', Uri::sanitize('v1/test'));
+        self::assertSame('/v1/test/', Uri::sanitize('v1/test/'));
+    }
+
+    public function testAndroidId(): void
+    {
+        $this->markTestSkipped();
+
+        self::assertSame('/device/<ANDROID-ID>/user/<NUMBER>', Uri::sanitize('/devices/a436d9ffefef80e8/user/999'));
+        self::assertSame('/device/<ANDROID-ID>/user/<NUMBER>', Uri::sanitize('/devices/7b5d68f217d90ff5/user/999'));
+        self::assertSame('/device/<ANDROID-ID>/user/<NUMBER>', Uri::sanitize('/devices/dc900fb903cc308c/user/999'));
+        self::assertSame('/device/<ANDROID-ID>/user/<NUMBER>', Uri::sanitize('/devices/86d144c9078c8176/user/999'));
+        self::assertSame('/device/<ANDROID-ID>/user/<NUMBER>', Uri::sanitize('/devices/86d144c9078c8176/user/8045169'));
+    }
+
+    public function testSanitizeHashsStrings(): void
+    {
+        self::assertSame('/v1/test', Uri::sanitize('/v1/test'));
+        self::assertSame('/v2/test/<SHA1>', Uri::sanitize('/v2/test/141da78905dcaa7ed8d4da7c3f49a2415ebdc110'));
+        self::assertSame('/v2/test/<SHA1>', Uri::sanitize('/v2/test/7110EDA4D09E062AA5E4A390B0A572AC0D2C0220'));
+        self::assertSame('/v3/test/<SHA1>/bar', Uri::sanitize('/v3/test/81FE8BFE87576C3ECB22426F8E57847382917ACF/bar'));
+        self::assertSame('/v3/test/<SHA1>/bar', Uri::sanitize('/v3/test/7110EDA4D09E062AA5E4A390B0A572AC0D2C0220/bar'));
+        self::assertSame('/v4/test/<SHA1>/bar/<SHA1>/', Uri::sanitize('/v4/test/141da78905dcaa7ed8d4da7c3f49a2415ebdc110/bar/141da78905dcaa7ed8d4da7c3f49a2415ebdc110/'));
+        self::assertSame('/v4/test/<SHA1>/bar/<SHA1>/', Uri::sanitize('/v4/test/7110EDA4D09E062AA5E4A390B0A572AC0D2C0220/bar/7110EDA4D09E062AA5E4A390B0A572AC0D2C0220/'));
+        self::assertSame('/v5/test/<SHA1>/<SHA1>', Uri::sanitize('/v5/test/141da78905dcaa7ed8d4da7c3f49a2415ebdc110/141da78905dcaa7ed8d4da7c3f49a2415ebdc110'));
+        self::assertSame('/v5/test/<SHA1>/<SHA1>', Uri::sanitize('/v5/test/7110EDA4D09E062AA5E4A390B0A572AC0D2C0220/7110EDA4D09E062AA5E4A390B0A572AC0D2C0220'));
+        self::assertSame('/v6/test/<SHA1>/<SHA1>/', Uri::sanitize('/v6/test/141da78905dcaa7ed8d4da7c3f49a2415ebdc110/141da78905dcaa7ed8d4da7c3f49a2415ebdc110/'));
+        self::assertSame('/v6/test/<SHA1>/<SHA1>/', Uri::sanitize('/v6/test/7110EDA4D09E062AA5E4A390B0A572AC0D2C0220/7110EDA4D09E062AA5E4A390B0A572AC0D2C0220/'));
+        self::assertSame('/v7/test/<SHA1>/<SHA1>/<SHA1>', Uri::sanitize('/v7/test/141da78905dcaa7ed8d4da7c3f49a2415ebdc110/141da78905dcaa7ed8d4da7c3f49a2415ebdc110/141da78905dcaa7ed8d4da7c3f49a2415ebdc110'));
+        self::assertSame('/v7/test/<SHA1>/<SHA1>/<SHA1>', Uri::sanitize('/v7/test/7110EDA4D09E062AA5E4A390B0A572AC0D2C0220/7110EDA4D09E062AA5E4A390B0A572AC0D2C0220/7110EDA4D09E062AA5E4A390B0A572AC0D2C0220'));
+        self::assertSame('/v8/test/<SHA1>/<SHA1>/<SHA1>/', Uri::sanitize('/v8/test/141da78905dcaa7ed8d4da7c3f49a2415ebdc110/141da78905dcaa7ed8d4da7c3f49a2415ebdc110/141da78905dcaa7ed8d4da7c3f49a2415ebdc110/'));
+        self::assertSame('/v8/test/<SHA1>/<SHA1>/<SHA1>/', Uri::sanitize('/v8/test/7110EDA4D09E062AA5E4A390B0A572AC0D2C0220/7110EDA4D09E062AA5E4A390B0A572AC0D2C0220/7110EDA4D09E062AA5E4A390B0A572AC0D2C0220/'));
+    }
+
+    public function testSanitizeEndToEndId(): void
+    {
+        $e2eid = 'E99999999202401010000abcDEF12345';
+
+        self::assertSame('/v1/test', Uri::sanitize('/v1/test'));
+        self::assertSame('/v2/test/<E2E-ID>', Uri::sanitize("/v2/test/{$e2eid}"));
+        self::assertSame('/v3/test/<E2E-ID>/bar', Uri::sanitize("/v3/test/{$e2eid}/bar"));
+        self::assertSame('/v4/test/<E2E-ID>/bar/<E2E-ID>/', Uri::sanitize("/v4/test/{$e2eid}/bar/{$e2eid}/"));
+        self::assertSame('/v5/test/<E2E-ID>/<E2E-ID>', Uri::sanitize("/v5/test/{$e2eid}/{$e2eid}"));
+        self::assertSame('/v6/test/<E2E-ID>/<E2E-ID>/', Uri::sanitize("/v6/test/{$e2eid}/{$e2eid}/"));
+        self::assertSame('/v7/test/<E2E-ID>/<E2E-ID>/<E2E-ID>', Uri::sanitize("/v7/test/{$e2eid}/{$e2eid}/{$e2eid}"));
+        self::assertSame('/v8/test/<E2E-ID>/<E2E-ID>/<E2E-ID>/', Uri::sanitize("/v8/test/{$e2eid}/{$e2eid}/{$e2eid}/"));
+    }
+
+    public function testWithMaskParams(): void
+    {
+        $uriMask = [
+            '/\/[a-f0-9]{64}/i' => '/<SHA256-ID>',
+        ];
+
+        self::assertSame('/v1/test', Uri::sanitize('/v1/test', $uriMask));
+        self::assertSame('/v2/test/<SHA256-ID>', Uri::sanitize('/v2/test/54cf575c04fdef4667094b6fc4fab8014dd3fa53576b644ec399452c43b5e7f7', $uriMask));
+        self::assertSame('/v3/test/<SHA256-ID>/bar', Uri::sanitize('/v3/test/54cf575c04fdef4667094b6fc4fab8014dd3fa53576b644ec399452c43b5e7f7/bar', $uriMask));
+        self::assertSame('/v4/test/<SHA256-ID>/bar/<SHA256-ID>/', Uri::sanitize('/v4/test/54cf575c04fdef4667094b6fc4fab8014dd3fa53576b644ec399452c43b5e7f7/bar/54cf575c04fdef4667094b6fc4fab8014dd3fa53576b644ec399452c43b5e7f7/', $uriMask));
+        self::assertSame('/v5/test/<SHA256-ID>/<SHA256-ID>', Uri::sanitize('/v5/test/54cf575c04fdef4667094b6fc4fab8014dd3fa53576b644ec399452c43b5e7f7/54cf575c04fdef4667094b6fc4fab8014dd3fa53576b644ec399452c43b5e7f7', $uriMask));
+        self::assertSame('/v6/test/<SHA256-ID>/<SHA256-ID>/', Uri::sanitize('/v6/test/54cf575c04fdef4667094b6fc4fab8014dd3fa53576b644ec399452c43b5e7f7/54cf575c04fdef4667094b6fc4fab8014dd3fa53576b644ec399452c43b5e7f7/', $uriMask));
+        self::assertSame('/v7/test/<SHA256-ID>/<SHA256-ID>/<SHA256-ID>', Uri::sanitize('/v7/test/54cf575c04fdef4667094b6fc4fab8014dd3fa53576b644ec399452c43b5e7f7/54cf575c04fdef4667094b6fc4fab8014dd3fa53576b644ec399452c43b5e7f7/54cf575c04fdef4667094b6fc4fab8014dd3fa53576b644ec399452c43b5e7f7', $uriMask));
+        self::assertSame('/v8/test/<SHA256-ID>/<SHA256-ID>/<SHA256-ID>/', Uri::sanitize('/v8/test/54cf575c04fdef4667094b6fc4fab8014dd3fa53576b644ec399452c43b5e7f7/54cf575c04fdef4667094b6fc4fab8014dd3fa53576b644ec399452c43b5e7f7/54cf575c04fdef4667094b6fc4fab8014dd3fa53576b644ec399452c43b5e7f7/', $uriMask));
+    }
+
+    public function testClearUriExternalIds(): void
+    {
+        self::assertSame('/v1/test', Uri::sanitize('/v1/test'));
+        self::assertSame('/v1/test/<EXTERNAL-ID>', Uri::sanitize('/v1/test/RR2101818220123720H9KJTERfw1a'));
+        self::assertSame('/v3/test/<EXTERNAL-ID>/bar', Uri::sanitize('/v3/test/RN2401818220250720G4KJTQyU6Ds/bar'));
+        self::assertSame('/v4/test/<EXTERNAL-ID>/bar/<EXTERNAL-ID>/', Uri::sanitize('/v4/test/RR2101818220123720H9KJTERfw1a/bar/RN2401818220250720G4KJTQyU6Ds/'));
+        self::assertSame('/v5/test/<EXTERNAL-ID>/<EXTERNAL-ID>', Uri::sanitize('/v5/test/RR2101818220123720H9KJTERfw1a/RN2401818220250720G4KJTQyU6Ds'));
+        self::assertSame('/v7/test/<EXTERNAL-ID>/<EXTERNAL-ID>/<EXTERNAL-ID>/', Uri::sanitize('/v7/test/RR2101818220123720H9KJTERfw1a/RN2001818220123720H9KJTERBd52/RR2123818220123730H9KJTERBd52/'));
+        self::assertSame('/v9/test/<EXTERNAL-ID>/bar/<NUMBER>', Uri::sanitize('/v9/test/RR2101818220123720H9KJTERfw1a/bar/12345'));
+    }
+
+    public function testClearUriPrefixedId(): void
+    {
+        // Casos de teste específicos solicitados
+        $ecosystemId1 = 'ECOSYSTEM-PPF-0100206721_003';
+        $ecosystemId2 = 'ECOSYSTEM-EPF-0100308183_001';
+        $ecosystemId3 = 'ECOSYSTEM-ESF-105454545';
+        $billUuid = 'BILL-1811cd92-ed15-4b8a-a571-6cfa44002703';
+
+        // Testes básicos
+        self::assertSame('/v1/test', Uri::sanitize('/v1/test'));
+
+        // Testes com ECOSYSTEM-PPF-0100206721_003
+        self::assertSame('/v2/test/<PREFIXED-ID>', Uri::sanitize("/v2/test/{$ecosystemId1}"));
+        self::assertSame('/v3/test/<PREFIXED-ID>/bar', Uri::sanitize("/v3/test/{$ecosystemId1}/bar"));
+        self::assertSame('/v4/test/<PREFIXED-ID>/bar/<PREFIXED-ID>/', Uri::sanitize("/v4/test/{$ecosystemId1}/bar/{$ecosystemId1}/"));
+
+        // Testes com ECOSYSTEM-EPF-0100308183_001
+        self::assertSame('/v5/test/<PREFIXED-ID>', Uri::sanitize("/v5/test/{$ecosystemId2}"));
+        self::assertSame('/v6/test/<PREFIXED-ID>/details', Uri::sanitize("/v6/test/{$ecosystemId2}/details"));
+        self::assertSame('/v7/test/<PREFIXED-ID>/<PREFIXED-ID>', Uri::sanitize("/v7/test/{$ecosystemId2}/{$ecosystemId1}"));
+
+        // Testes com ECOSYSTEM-ESF-105454545
+        self::assertSame('/v8/test/<PREFIXED-ID>', Uri::sanitize("/v8/test/{$ecosystemId3}"));
+        self::assertSame('/v9/test/<PREFIXED-ID>/config', Uri::sanitize("/v9/test/{$ecosystemId3}/config"));
+
+        // Testes com BILL-1811cd92-ed15-4b8a-a571-6cfa44002703
+        self::assertSame('/v10/test/<PREFIXED-ID>', Uri::sanitize("/v10/test/{$billUuid}"));
+        self::assertSame('/v11/test/<PREFIXED-ID>/profile', Uri::sanitize("/v11/test/{$billUuid}/profile"));
+        self::assertSame('/v12/test/<PREFIXED-ID>/bar/<PREFIXED-ID>/', Uri::sanitize("/v12/test/{$billUuid}/bar/{$billUuid}/"));
+
+        // Testes mistos entre os IDs
+        self::assertSame('/v13/test/<PREFIXED-ID>/<PREFIXED-ID>', Uri::sanitize("/v13/test/{$billUuid}/{$ecosystemId3}"));
+        self::assertSame('/v14/test/<PREFIXED-ID>/<PREFIXED-ID>/<PREFIXED-ID>', Uri::sanitize("/v14/test/{$ecosystemId1}/{$ecosystemId2}/{$billUuid}"));
+        self::assertSame('/v15/test/<PREFIXED-ID>/<PREFIXED-ID>/<PREFIXED-ID>/', Uri::sanitize("/v15/test/{$ecosystemId3}/{$billUuid}/{$ecosystemId1}/"));
+
+        // Casos edge: diferentes contextos de API
+        self::assertSame('/users/<PREFIXED-ID>/profile', Uri::sanitize("/users/{$billUuid}/profile"));
+        self::assertSame('/api/v1/bills/<PREFIXED-ID>/details', Uri::sanitize("/api/v1/bills/{$billUuid}/details"));
+        self::assertSame('/ecosystems/<PREFIXED-ID>/platform/<PREFIXED-ID>', Uri::sanitize("/ecosystems/{$ecosystemId1}/platform/{$ecosystemId2}"));
+        self::assertSame('/companies/<PREFIXED-ID>/admin/<PREFIXED-ID>/settings', Uri::sanitize("/companies/{$billUuid}/admin/{$ecosystemId3}/settings"));
+
+        // Casos críticos: evitar falsos positivos
+        self::assertSame('/pic-pay/entry/id/<PREFIXED-ID>', Uri::sanitize("/pic-pay/entry/id/{$ecosystemId3}"));
+        self::assertSame('/api-gateway/service/<PREFIXED-ID>', Uri::sanitize("/api-gateway/service/{$ecosystemId2}"));
+        self::assertSame('/health-check/status/<PREFIXED-ID>', Uri::sanitize("/health-check/status/{$billUuid}"));
+
+        // Teste sem barra final
+        self::assertSame('/test/<PREFIXED-ID>', Uri::sanitize("/test/{$billUuid}"));
+        self::assertSame('/ecosystem/<PREFIXED-ID>', Uri::sanitize("/ecosystem/{$ecosystemId1}"));
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -124,7 +124,7 @@ protected function appendCustomResponseSpan(Span $span, ServerRequestInterface $`
`124`	`124`
`125`	`125`	`protected function buildSpan(ServerRequestInterface $request): Span`
`126`	`126`	`{`
`127`		`- $path = $this->getPath($request->getUri());`
	`127`	`+ $path = $this->getPath($request);`
`128`	`128`	`$spanName = sprintf('%s %s', $request->getMethod(), $path);`
`129`	`129`
`130`	`130`	`$span = $this->startSpan($spanName, [], SPAN_KIND_RPC_SERVER);`
`@@ -156,8 +156,20 @@ protected function buildSpan(ServerRequestInterface $request): Span`
`156`	`156`	`return $span;`
`157`	`157`	`}`
`158`	`158`
`159`		`- protected function getPath(UriInterface $uri): string`
	`159`	`+ protected function getPath(ServerRequestInterface $request): string`
`160`	`160`	`{`
`161`		`- return Uri::sanitize($uri->getPath());`
	`161`	`+ $dispatched = $request->getAttribute(Dispatched::class);`
	`162`	`+ if (! $dispatched) {`
	`163`	`+ return Uri::sanitize($request->getUri()->getPath(), $this->getUriMask());`
	`164`	`+ }`
	`165`	`+ if (! $dispatched->handler) {`
	`166`	`+ return 'not_found';`
	`167`	`+ }`
	`168`	`+ return $dispatched->handler->route;`
	`169`	`+ }`
	`170`	`+`
	`171`	`+ protected function getUriMask(): array`
	`172`	`+ {`
	`173`	`+ return is_array($this->config['uri_mask'])? $this->config['uri_mask'] : [];`
`162`	`174`	`}`
`163`	`175`	`}`