don't log full password string

cmd/manage/main.go

@@ -6,6 +6,7 @@ import (
 	"log"
 	"os"
 	"runtime/debug"
+	"strings"
 	"sync"
 
 	"git.yetaga.in/alazyreader/library/book"
@@ -47,6 +48,13 @@ func (s *State) Set(key string, value interface{}) {
 	s.stateMap[key] = value
 }
 
+func max(a, b int) int {
+	if a > b {
+		return a
+	}
+	return b
+}
+
 // UI states
 const (
 	IN_MENU = iota
@@ -66,6 +74,9 @@ func main() {
 
 	// set up DB connection
 	if c.DBUser == "" || c.DBPass == "" || c.DBHost == "" || c.DBPort == "" || c.DBName == "" {
+		if c.DBPass != "" { // obscure password
+			c.DBPass = c.DBPass[0:max(3, len(c.DBPass))] + strings.Repeat("*", max(0, len(c.DBPass)-3))
+		}
 		log.Fatalf("vars: %+v", c)
 	}
 	lib, err := database.NewMySQLConnection(c.DBUser, c.DBPass, c.DBHost, c.DBPort, c.DBName)

cmd/serve/main.go

@@ -6,6 +6,7 @@ import (
 	"io/fs"
 	"log"
 	"net/http"
+	"strings"
 
 	"git.yetaga.in/alazyreader/library/book"
 	"git.yetaga.in/alazyreader/library/config"
@@ -14,6 +15,13 @@ import (
 	"github.com/kelseyhightower/envconfig"
 )
 
+func max(a, b int) int {
+	if a > b {
+		return a
+	}
+	return b
+}
+
 type Library interface {
 	GetAllBooks(context.Context) ([]book.Book, error)
 }
@@ -29,7 +37,6 @@ func (r *Router) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 		return
 	}
 	StaticHandler(r.static).ServeHTTP(w, req)
-	return
 }
 
 func APIHandler(l Library) http.Handler {
@@ -66,6 +73,9 @@ func main() {
 		log.Fatalln(err)
 	}
 	if c.DBUser == "" || c.DBPass == "" || c.DBHost == "" || c.DBPort == "" || c.DBName == "" {
+		if c.DBPass != "" { // obscure password
+			c.DBPass = c.DBPass[0:max(3, len(c.DBPass))] + strings.Repeat("*", max(0, len(c.DBPass)-3))
+		}
 		log.Fatalf("vars: %+v", c)
 	}
 	lib, err := database.NewMySQLConnection(c.DBUser, c.DBPass, c.DBHost, c.DBPort, c.DBName)