Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Laravel Flare Scrubber
Assessments

Laravel Flare Scrubber Laravel Package

johnwilhite/laravel-flare-scrubber

Laravel service provider to scrub sensitive request data before reporting errors to Flare. Recursively sanitizes matching keys or values via exact keys, key regex, or value regex, with configurable replacement text (default SANITIZED).

View on GitHub
Deep Wiki
Context7

Getting Started

Minimal Steps

  1. Installation

    composer require johnwilhite/laravel-flare-scrubber

    Publish the config file (if not auto-generated):

    php artisan vendor:publish --provider="JohnWilhite\LaravelFlareScrubber\FlareScrubberServiceProvider" --tag="config"

  2. Configure Sensitive Data Edit config/flare.php and define sensitive_data rules:

    'sensitive_data' => [
    'keys' => ['password', 'api_key'],
    'key_regex' => ['/^secret_/'],
    'value_regex' => ['/^\d{4}-\d{4}-\d{4}-\d{4}$/'], // Example: UUID scrubbing
],

  3. First Use Case Trigger an error (e.g., 1/0 in Tinker) and verify Flare reports scrubbed data. Check the Request Data tab in Flare for sanitized fields.

Implementation Patterns

Workflows

  1. Dynamic Scrubbing Rules Override config/flare.php per environment (e.g., config/flare-local.php for dev/staging).

    // config/flare.php
'sensitive_data' => env('APP_ENV') === 'local'
    ? ['keys' => ['debug_token']]
    : ['keys' => ['password']],

  2. Conditional Scrubbing Use middleware to toggle scrubbing for specific routes:

    // app/Http/Middleware/ScrubSensitiveData.php
public function handle($request, Closure $next) {
    if ($request->is('admin/*')) {
        config(['flare.sensitive_data.keys' => array_merge(
            config('flare.sensitive_data.keys'),
            ['admin_token']
        )]);
    }
    return $next($request);
}

  3. Integration with Flare Events Extend scrubbing logic via Flare’s flare.error event:

    // app/Providers/EventServiceProvider.php
protected $listen = [
    'flare.error' => [
        \JohnWilhite\LaravelFlareScrubber\Events\ScrubRequestData::class,
    ],
];

Key Patterns

  • Recursive Scrubbing: Automatically handles nested arrays/objects (e.g., request->input() with multi-level keys).
  • Regex Flexibility: Use key_regex for partial matches (e.g., ^/user/.*_token$) or value_regex for pattern-based scrubbing (e.g., credit card numbers).
  • Fallback Values: Customize the sanitized value in flare.php: 
    'sanitized_value' => '[REDACTED]',

Gotchas and Tips

Pitfalls

  1. Performance Overhead

    • Issue: Recursive scrubbing adds latency for large payloads (e.g., API requests with deep nested data).
    • Fix: Exclude non-sensitive routes or use flare.scrub_exclude in config: 
      'scrub_exclude' => ['/healthcheck', '/webhooks/stripe'],

  2. False Positives

    • Issue: Overly broad key_regex (e.g., /^pass/) may scrub legitimate keys like password_hash.
    • Fix: Test regex patterns in isolation: 
      preg_match('/^pass/', 'password_hash'); // Avoid!

  3. Flare Native vs. Package

    • Issue: Flare 3+ has built-in scrubbing (see Flare’s blog).
    • Fix: Use this package only if you need recursive scrubbing or custom regex logic not covered by Flare’s native flare:config.

Debugging

  • Log Scrubbed Data: Add a temporary log to verify scrubbing:

    // app/Providers/AppServiceProvider.php
public function boot() {
    if (app()->environment('local')) {
        \JohnWilhite\LaravelFlareScrubber\Scrubber::setDebug(true);
    }
}

    Check storage/logs/flare-scrubber.log for scrubbed keys/values.

  • Test Edge Cases:

    // Test nested arrays
$request->merge([
    'user' => [
        'profile' => [
            'ssn' => '123-45-6789',
            'address' => ['city' => 'New York']
        ]
    ]
]);

Extension Points

  1. Custom Scrubbers Register additional scrubbers via the service provider:

    // app/Providers/FlareScrubberServiceProvider.php
public function register() {
    $this->app->extend('flare.scrubber', function ($scrubber) {
        $scrubber->addScrubber(function ($key, $value) {
            return str_contains($value, 'supersecret') ? '[REDACTED]' : $value;
        });
        return $scrubber;
    });
}

  2. Dynamic Config Loading Load scrub rules from a database or API:

    // config/flare.php
'sensitive_data' => [
    'keys' => config('services.scrubber.keys', []),
],

  3. Exclude Specific Values Whitelist safe values to avoid scrubbing:

    'safe_values' => [
    'password_hash' => ['starts_with' => 'bcrypt$']
],
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
codeflextech/permission-manager
karnoweb/livewire-datepicker
sayedenam/sayed-dashboard
milito/query-filter
apiboxsym/user-bundle
apiboxsym/health-check-bundle
jayeshmepani/jpl-moshier-ephemeris-php
elnasnato/laraliveui
labrodev/rest-sdk
sampaui/sampaui
babelqueue/php-sdk
facebook/capi-param-builder-php
babelqueue/symfony
hamzi/corewatch
minionfactory/raw-hydrator
hexters/coinpayment
rjcodes/rjcms
act-training/laravel-permissions-manager
alimarchal/laravel-chart-of-accounts
babenkoivan/elastic-scout-driver