Fix message body obfuscation, preventing truncation

Author: onlime

CHANGELOG.md

@@ -1,6 +1,10 @@
 # CHANGELOG
 
-## [v1.2.x (Unreleased)](https://github.com/onlime/laravel-http-client-global-logger/compare/v1.2.5...main)
+## [v1.2.x (Unreleased)](https://github.com/onlime/laravel-http-client-global-logger/compare/v1.2.6...main)
+
+## [v1.2.6 (2025-06-30)](https://github.com/onlime/laravel-http-client-global-logger/compare/v1.2.5...v1.2.6)
+
+- Fix message body obfuscation, improving the regexes in `obfuscateBody()` to prevent truncation on replacement.
 
 ## [v1.2.5 (2025-06-29)](https://github.com/onlime/laravel-http-client-global-logger/compare/v1.2.4...v1.2.5)
 

src/Traits/ObfuscatesBody.php

@@ -16,18 +16,29 @@ protected function obfuscateBody(string $message): string
     {
         $replacement = config('http-client-global-logger.obfuscate.replacement');
 
-        foreach (config('http-client-global-logger.obfuscate.body_keys') as $key) {
+        $bodyKeys = config('http-client-global-logger.obfuscate.body_keys');
+
+        // For each key, replace JSON-style and query param style
+        foreach ($bodyKeys as $key) {
             $quoted = preg_quote($key, '/');
-            // JSON-style: "key":"value"
+
+            // NOTES:
+            // No multiline (/m) or ungreedy (/U) flags are needed; you only want to match within each line.
+            // Each match is replaced in-place without modifying the rest of the string.
+
+            // 1. JSON-style: "key":"value"
             $message = preg_replace(
-                '/(?<="'.$quoted.'":")[^"]*(?=")/mU',
-                $replacement,
+                '/("'.$quoted.'"\s*:\s*")[^"]*(")/',
+                '$1'.$replacement.'$2',
                 $message
             );
-            // form-style: key=value (until & or end)
-            $message = preg_replace(
-                '/(?<=\b'. $quoted .'=)[^&]*(?=&|$)/',
-                $replacement,
+
+            // 2. Form/query-style: key=value (stopping at & or end)
+            // Using preg_replace_callback, so we don’t accidentally re-use the matched value or cause duplicates.
+            // The pattern (\bkey=)[^&\s]* will match only the value, and not cross line breaks or ampersands.
+            $message = preg_replace_callback(
+                '/(\b'.$quoted.'=)[^&\s]*/',
+                fn ($matches) => $matches[1].$replacement,
                 $message
             );
         }

tests/HttpClientLoggerTest.php

@@ -158,14 +158,14 @@ function setupLogger(): MockInterface
     $logger = setupLogger();
 
     $logger->shouldReceive('info')->withArgs(function ($message) use ($expected) {
-        expect($message)->toContain('REQUEST: POST https://example.com')
-            ->and($message)->toContain('Authorization: **********')
+        expect($message)->toContain("REQUEST: POST https://example.com\r\n")
+            ->and($message)->toContain("Authorization: **********\r\n")
             ->and($message)->toContain($expected);
         return true;
     })->once();
 
     $logger->shouldReceive('info')->withArgs(function ($message) {
-        expect($message)->toContain('RESPONSE: HTTP/1.1 200 OK');
+        expect($message)->toContain("RESPONSE: HTTP/1.1 200 OK\r\n");
         return true;
     })->once();
 
@@ -193,7 +193,8 @@ function setupLogger(): MockInterface
     $logger = setupLogger();
 
     $logger->shouldReceive('info')->withArgs(function ($message) use ($expected) {
-        expect($message)->toContain('REQUEST: GET '.$expected);
+        expect($message)->toContain("REQUEST: GET $expected\r\n")
+            ->and(substr_count($message, "\r\n"))->toBeGreaterThan(1);
         return true;
     })->once();