fix: redact password in database URI when logging (#2032)

Previously, in the event that there was a configuration issue and the
atuin server failed to connect to PostgreSQL, it would log the password.

For example, if the password authentication failed the following log
message would be printed:

Error: failed to connect to db: PostgresSettings { db_uri:
    "postgres://atuin:definitelymypassword@db.example.com/atuin" }

This change sets the password to "****" when printing it via Debug:

Error: failed to connect to db: PostgresSettings { db_uri:
    "postgres://atuin:****@db.example.com/atuin" }

Hopefully few people use **** as the actual password.

1 files changed, 17 insertions, 1 deletions

diff --git a/crates/atuin-server-postgres/src/lib.rs b/crates/atuin-server-postgres/src/lib.rs
index 6dc56fe4..8a010195 100644
--- a/crates/atuin-server-postgres/src/lib.rs
+++ b/crates/atuin-server-postgres/src/lib.rs
@@ -1,3 +1,4 @@
+use std::fmt::Debug;
 use std::ops::Range;
 
 use async_trait::async_trait;
@@ -23,11 +24,26 @@ pub struct Postgres {
     pool: sqlx::Pool<sqlx::postgres::Postgres>,
 }
 
-#[derive(Clone, Debug, Deserialize, Serialize)]
+#[derive(Clone, Deserialize, Serialize)]
 pub struct PostgresSettings {
     pub db_uri: String,
 }
 
+// Do our best to redact passwords so they're not logged in the event of an error.
+impl Debug for PostgresSettings {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        let redacted_uri = url::Url::parse(&self.db_uri)
+            .map(|mut url| {
+                let _ = url.set_password(Some("****"));
+                url.to_string()
+            })
+            .unwrap_or(self.db_uri.clone());
+        f.debug_struct("PostgresSettings")
+            .field("db_uri", &redacted_uri)
+            .finish()
+    }
+}
+
 fn fix_error(error: sqlx::Error) -> DbError {
     match error {
         sqlx::Error::RowNotFound => DbError::NotFound,