secrets appear on errors in logfile (#261)

With PHP>=8.2 they will appear like this:

```
/var/www/html/apps-extra/app_api/lib/Service/AppAPIService.php
line 89
OCA\AppAPI\Service\AppAPIService->requestToExAppInternal(
  [
    "OCA\\AppAPI\\Db\\ExApp",
    3
  ],
  "POST",
  "http://host.docker.internal:9031/video_to_gif",
  [
    "SensitiveParameterValue"
  ]
)
```

Also adjustments in the Nextcloud Server required, to hide headers in
`IClient` calls, we cannot do it from AppAPI side.

Signed-off-by: Alexander Piskun <[email protected]>

CHANGELOG.md

@@ -14,6 +14,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 ### Fixed
 
 - Corrected error handling for `occ` commands: `register` and `update`. #258
+- `SensitiveParameter` is applied to variables containing secrets, preventing them from being leaked to the logs. #261
 
 ## [2.3.2 - 2024-03-28]
 

lib/Service/AppAPIService.php

@@ -85,20 +85,30 @@ public function requestToExApp(
 		array $options = [],
 		?IRequest $request = null,
 	): array|IResponse {
-		$request_data = $this->prepareRequestToExApp($exApp, $route, $userId, $method, $params, $options, $request);
+		$requestData = $this->prepareRequestToExApp($exApp, $route, $userId, $method, $params, $options, $request);
+		return $this->requestToExAppInternal($exApp, $method, $requestData['url'], $requestData['options']);
+	}
+
+	private function requestToExAppInternal(
+		ExApp $exApp,
+		string $method,
+		string $uri,
+		#[\SensitiveParameter]
+		array $options,
+	): array|IResponse {
 		try {
 			switch ($method) {
 				case 'GET':
-					$response = $this->client->get($request_data['url'], $request_data['options']);
+					$response = $this->client->get($uri, $options);
 					break;
 				case 'POST':
-					$response = $this->client->post($request_data['url'], $request_data['options']);
+					$response = $this->client->post($uri, $options);
 					break;
 				case 'PUT':
-					$response = $this->client->put($request_data['url'], $request_data['options']);
+					$response = $this->client->put($uri, $options);
 					break;
 				case 'DELETE':
-					$response = $this->client->delete($request_data['url'], $request_data['options']);
+					$response = $this->client->delete($uri, $options);
 					break;
 				default:
 					return ['error' => 'Bad HTTP method'];
@@ -119,16 +129,26 @@ public function requestToExAppAsync(
 		array $options = [],
 		?IRequest $request = null,
 	): void {
-		$request_data = $this->prepareRequestToExApp($exApp, $route, $userId, $method, $params, $options, $request);
+		$requestData = $this->prepareRequestToExApp($exApp, $route, $userId, $method, $params, $options, $request);
+		$this->requestToExAppInternalAsync($exApp, $method, $requestData['url'], $requestData['options']);
+	}
+
+	private function requestToExAppInternalAsync(
+		ExApp $exApp,
+		string $method,
+		string $uri,
+		#[\SensitiveParameter]
+		array $options,
+	): void {
 		switch ($method) {
 			case 'POST':
-				$promise = $this->client->postAsync($request_data['url'], $request_data['options']);
+				$promise = $this->client->postAsync($uri, $options);
 				break;
 			case 'PUT':
-				$promise = $this->client->putAsync($request_data['url'], $request_data['options']);
+				$promise = $this->client->putAsync($uri, $options);
 				break;
 			case 'DELETE':
-				$promise = $this->client->deleteAsync($request_data['url'], $request_data['options']);
+				$promise = $this->client->deleteAsync($uri, $options);
 				break;
 			default:
 				$this->logger->error('Bad HTTP method: requestToExAppAsync accepts only `POST`, `PUT` and `DELETE`');
@@ -145,6 +165,7 @@ private function prepareRequestToExApp(
 		?string $userId,
 		string $method,
 		array $params,
+		#[\SensitiveParameter]
 		array $options,
 		?IRequest $request,
 	): array {
@@ -478,7 +499,11 @@ public function runOccCommand(string $command): bool {
 		return true;
 	}
 
-	public function heartbeatExApp(string $exAppUrl, array $auth): bool {
+	public function heartbeatExApp(
+		string $exAppUrl,
+		#[\SensitiveParameter]
+		array $auth,
+	): bool {
 		$heartbeatAttempts = 0;
 		$delay = 1;
 		$maxHeartbeatAttempts = 60 * 10 * $delay; // minutes for container initialization