Merge pull request #14053 from MACscr/feature/prune-sensitive-data-fr…

…om-failed-import-data-output

Feature: Prune sensitive data from failed_import_rows data

packages/actions/docs/07-prebuilt-actions/08-import.md

@@ -336,6 +336,19 @@ ImportColumn::make('customer_ratings')
     ->nestedRecursiveRules(['integer', 'min:1', 'max:5'])
 ```
 
+### Marking column data as sensitive
+
+When import rows fail validation, they are logged to the database, ready for export when the import completes. You may want to exclude certain columns from this logging to avoid storing sensitive data in plain text. To achieve this, you can use the `sensitive()` method on the `ImportColumn` to prevent its data from being logged:
+
+```php
+use Filament\Actions\Imports\ImportColumn;
+
+ImportColumn::make('ssn')
+    ->label('Social security number')
+    ->sensitive()
+    ->rules(['required', 'digits:9'])
+```
+
 ### Customizing how a column is filled into a record
 
 If you want to customize how column state is filled into a record, you can pass a function to the `fillRecordUsing()` method:

packages/actions/src/Imports/ImportColumn.php

@@ -78,6 +78,8 @@ class ImportColumn extends Component
 
     protected string | Htmlable | Closure | null $helperText = null;
 
+    protected bool | Closure $isSensitive = false;
+
     final public function __construct(string $name)
     {
         $this->name($name);
@@ -606,4 +608,16 @@ protected function resolveDefaultClosureDependencyForEvaluationByType(string $pa
             default => parent::resolveDefaultClosureDependencyForEvaluationByType($parameterType),
         };
     }
+
+    public function sensitive(bool | Closure $condition = true): static
+    {
+        $this->isSensitive = $condition;
+
+        return $this;
+    }
+
+    public function isSensitive(): bool
+    {
+        return (bool) $this->evaluate($this->isSensitive);
+    }
 }

packages/actions/src/Imports/Jobs/ImportCsv.php

@@ -6,6 +6,7 @@
 use Exception;
 use Filament\Actions\Imports\Events\ImportChunkProcessed;
 use Filament\Actions\Imports\Exceptions\RowImportFailedException;
+use Filament\Actions\Imports\ImportColumn;
 use Filament\Actions\Imports\Importer;
 use Filament\Actions\Imports\Models\FailedImportRow;
 use Filament\Actions\Imports\Models\Import;
@@ -143,11 +144,42 @@ protected function logFailedRow(array $data, ?string $validationError = null): v
     {
         $failedRow = app(FailedImportRow::class);
         $failedRow->import()->associate($this->import);
-        $failedRow->data = $data;
+        $failedRow->data = $this->filterSensitiveData($data);
         $failedRow->validation_error = $validationError;
         $failedRow->save();
     }
 
+    /**
+     * @param  array<string, mixed>  $data
+     * @return array<string, mixed>
+     */
+    protected function filterSensitiveData(array $data): array
+    {
+        return array_reduce(
+            $this->importer->getColumns(),
+            function (array $carry, ImportColumn $column): array {
+                if (! $column->isSensitive()) {
+                    return $carry;
+                }
+
+                $csvHeader = $this->columnMap[$column->getName()] ?? null;
+
+                if (blank($csvHeader)) {
+                    return $carry;
+                }
+
+                if (! array_key_exists($csvHeader, $carry)) {
+                    return $carry;
+                }
+
+                unset($carry[$csvHeader]);
+
+                return $carry;
+            },
+            initial: $data,
+        );
+    }
+
     protected function utf8Encode(mixed $value): mixed
     {
         if (is_array($value)) {