From 32930846e6bd1a2111742f8e19067c9fe9b3b3c1 Mon Sep 17 00:00:00 2001 From: Jeremy Cline Date: Mon, 20 May 2024 22:25:17 -0400 Subject: fix: redact password in database URI when logging (#2032) Previously, in the event that there was a configuration issue and the atuin server failed to connect to PostgreSQL, it would log the password. For example, if the password authentication failed the following log message would be printed: Error: failed to connect to db: PostgresSettings { db_uri: "postgres://atuin:definitelymypassword@db.example.com/atuin" } This change sets the password to "****" when printing it via Debug: Error: failed to connect to db: PostgresSettings { db_uri: "postgres://atuin:****@db.example.com/atuin" } Hopefully few people use **** as the actual password. --- crates/atuin-server-postgres/src/lib.rs | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'crates/atuin-server-postgres/src/lib.rs') diff --git a/crates/atuin-server-postgres/src/lib.rs b/crates/atuin-server-postgres/src/lib.rs index 6dc56fe4..8a010195 100644 --- a/crates/atuin-server-postgres/src/lib.rs +++ b/crates/atuin-server-postgres/src/lib.rs @@ -1,3 +1,4 @@ +use std::fmt::Debug; use std::ops::Range; use async_trait::async_trait; @@ -23,11 +24,26 @@ pub struct Postgres { pool: sqlx::Pool, } -#[derive(Clone, Debug, Deserialize, Serialize)] +#[derive(Clone, Deserialize, Serialize)] pub struct PostgresSettings { pub db_uri: String, } +// Do our best to redact passwords so they're not logged in the event of an error. +impl Debug for PostgresSettings { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + let redacted_uri = url::Url::parse(&self.db_uri) + .map(|mut url| { + let _ = url.set_password(Some("****")); + url.to_string() + }) + .unwrap_or(self.db_uri.clone()); + f.debug_struct("PostgresSettings") + .field("db_uri", &redacted_uri) + .finish() + } +} + fn fix_error(error: sqlx::Error) -> DbError { match error { sqlx::Error::RowNotFound => DbError::NotFound, -- cgit v1.3.1