日志功能增加密码加密字段

config/admin.php

@@ -283,6 +283,11 @@ return [
         // Only logging allowed methods in the list
         'allowed_methods' => ['GET', 'HEAD', 'POST', 'PUT', 'DELETE', 'CONNECT', 'OPTIONS', 'TRACE', 'PATCH'],
 
+        'secret_fields' => [
+            'password',
+            'password_confirmation',
+        ],
+
         // Routes that will not log to database.
         // All method to path like: auth/logs/*/edit
         // or specific method to path like: get:auth/logs.

src/Middleware/LogOperation.php

@@ -6,6 +6,7 @@ use Dcat\Admin\Admin;
 use Dcat\Admin\Models\OperationLog as OperationLogModel;
 use Dcat\Admin\Support\Helper;
 use Illuminate\Http\Request;
+use Illuminate\Support\Str;
 
 class LogOperation
 {
@@ -27,7 +28,7 @@ class LogOperation
                 'path'    => substr($request->path(), 0, 255),
                 'method'  => $request->method(),
                 'ip'      => $request->getClientIp(),
-                'input'   => json_encode($request->input()),
+                'input'   => $this->formatInput($request->input()),
             ];
 
             try {
@@ -40,6 +41,22 @@ class LogOperation
         return $next($request);
     }
 
+    /**
+     * @param array $input
+     *
+     * @return string
+     */
+    protected function formatInput(array $input)
+    {
+        foreach ((array) config('admin.operation_log.secret_fields') as $field) {
+            if ($field && ! empty($input[$field])) {
+                $input[$field] = Str::limit($input[$field], 3, '******');
+            }
+        }
+
+       return json_encode($input);
+    }
+
     /**
      * @param Request $request
      *