feat: add env-aware client log policy and const lint fixes

2026-02-24 15:38:55 +09:00
parent 4ffe5110dd
commit aeb418fb9f
14 changed files with 701 additions and 47 deletions
--- a/userfront/test/log_policy_test.dart
+++ b/userfront/test/log_policy_test.dart
@@ -0,0 +1,114 @@
+import 'package:flutter_test/flutter_test.dart';
+import 'package:userfront/core/services/log_policy.dart';
+
+void main() {
+  group('LogPolicy.debugEnabled', () {
+    test('non production enables debug by default', () {
+      expect(
+        LogPolicy.debugEnabled(appEnv: 'dev', productionDebugFlag: null),
+        isTrue,
+      );
+      expect(
+        LogPolicy.debugEnabled(appEnv: 'staging', productionDebugFlag: 'false'),
+        isTrue,
+      );
+    });
+
+    test('production disables debug unless explicitly enabled', () {
+      expect(
+        LogPolicy.debugEnabled(appEnv: 'production', productionDebugFlag: ''),
+        isFalse,
+      );
+      expect(
+        LogPolicy.debugEnabled(
+          appEnv: 'production',
+          productionDebugFlag: 'true',
+        ),
+        isTrue,
+      );
+      expect(
+        LogPolicy.debugEnabled(appEnv: 'prod', productionDebugFlag: '1'),
+        isTrue,
+      );
+    });
+  });
+
+  group('LogPolicy.shouldRelayClientLog', () {
+    test('production default forwards only warning or higher', () {
+      expect(
+        LogPolicy.shouldRelayClientLog(
+          level: 'INFO',
+          appEnv: 'production',
+          productionDebugFlag: '',
+        ),
+        isFalse,
+      );
+      expect(
+        LogPolicy.shouldRelayClientLog(
+          level: 'WARNING',
+          appEnv: 'production',
+          productionDebugFlag: '',
+        ),
+        isTrue,
+      );
+      expect(
+        LogPolicy.shouldRelayClientLog(
+          level: 'ERROR',
+          appEnv: 'production',
+          productionDebugFlag: '',
+        ),
+        isTrue,
+      );
+    });
+
+    test('production debug option forwards info logs', () {
+      expect(
+        LogPolicy.shouldRelayClientLog(
+          level: 'INFO',
+          appEnv: 'production',
+          productionDebugFlag: 'true',
+        ),
+        isTrue,
+      );
+    });
+  });
+
+  group('LogPolicy.sanitize', () {
+    test('sanitizes sensitive message patterns', () {
+      const message =
+          'token=abc123 payload={"password":"hello","safe":"ok"} authorization:BearerXYZ';
+      final sanitized = LogPolicy.sanitizeMessage(message);
+      expect(sanitized, isNot(contains('abc123')));
+      expect(sanitized, contains('token=*****'));
+      expect(sanitized, contains('"password":"*****"'));
+      expect(sanitized, contains('authorization=*****'));
+    });
+
+    test('sanitizes nested sensitive keys', () {
+      final data = <String, dynamic>{
+        'token': 'tok',
+        'ok': 'value',
+        'nested': {'new_password': 'pw', 'safe': 'x'},
+        'arr': [
+          {'authorization': 'Bearer secret'},
+          'cookie=session=raw',
+        ],
+      };
+
+      final sanitized = LogPolicy.sanitizeData(data);
+      expect(sanitized['token'], '*****');
+      expect(sanitized['ok'], 'value');
+      expect(
+        (sanitized['nested'] as Map<String, dynamic>)['new_password'],
+        '*****',
+      );
+      expect((sanitized['nested'] as Map<String, dynamic>)['safe'], 'x');
+      expect(
+        ((sanitized['arr'] as List).first
+            as Map<String, dynamic>)['authorization'],
+        '*****',
+      );
+      expect((sanitized['arr'] as List)[1], 'cookie=*****');
+    });
+  });
+}