From 2803ce919ae90638813b917f00a60d9acba46d96 Mon Sep 17 00:00:00 2001 From: David Ashby Date: Sun, 8 Aug 2021 16:56:45 -0400 Subject: [PATCH] don't log full password string --- cmd/manage/main.go | 11 +++++++++++ cmd/serve/main.go | 12 +++++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/cmd/manage/main.go b/cmd/manage/main.go index db95152..3d105db 100644 --- a/cmd/manage/main.go +++ b/cmd/manage/main.go @@ -6,6 +6,7 @@ import ( "log" "os" "runtime/debug" + "strings" "sync" "git.yetaga.in/alazyreader/library/book" @@ -47,6 +48,13 @@ func (s *State) Set(key string, value interface{}) { s.stateMap[key] = value } +func max(a, b int) int { + if a > b { + return a + } + return b +} + // UI states const ( IN_MENU = iota @@ -66,6 +74,9 @@ func main() { // set up DB connection if c.DBUser == "" || c.DBPass == "" || c.DBHost == "" || c.DBPort == "" || c.DBName == "" { + if c.DBPass != "" { // obscure password + c.DBPass = c.DBPass[0:max(3, len(c.DBPass))] + strings.Repeat("*", max(0, len(c.DBPass)-3)) + } log.Fatalf("vars: %+v", c) } lib, err := database.NewMySQLConnection(c.DBUser, c.DBPass, c.DBHost, c.DBPort, c.DBName) diff --git a/cmd/serve/main.go b/cmd/serve/main.go index 60d2e60..567a0de 100644 --- a/cmd/serve/main.go +++ b/cmd/serve/main.go @@ -6,6 +6,7 @@ import ( "io/fs" "log" "net/http" + "strings" "git.yetaga.in/alazyreader/library/book" "git.yetaga.in/alazyreader/library/config" @@ -14,6 +15,13 @@ import ( "github.com/kelseyhightower/envconfig" ) +func max(a, b int) int { + if a > b { + return a + } + return b +} + type Library interface { GetAllBooks(context.Context) ([]book.Book, error) } @@ -29,7 +37,6 @@ func (r *Router) ServeHTTP(w http.ResponseWriter, req *http.Request) { return } StaticHandler(r.static).ServeHTTP(w, req) - return } func APIHandler(l Library) http.Handler { @@ -66,6 +73,9 @@ func main() { log.Fatalln(err) } if c.DBUser == "" || c.DBPass == "" || c.DBHost == "" || c.DBPort == "" || c.DBName == "" { + if c.DBPass != "" { // obscure password + c.DBPass = c.DBPass[0:max(3, len(c.DBPass))] + strings.Repeat("*", max(0, len(c.DBPass)-3)) + } log.Fatalf("vars: %+v", c) } lib, err := database.NewMySQLConnection(c.DBUser, c.DBPass, c.DBHost, c.DBPort, c.DBName)