Skip to content

Commit

Permalink
logs with redacted password in URL
Browse files Browse the repository at this point in the history
Signed-off-by: Eguzki Astiz Lezaun <[email protected]>
  • Loading branch information
eguzki committed Oct 7, 2024
1 parent 9cb6336 commit 046d5d1
Show file tree
Hide file tree
Showing 3 changed files with 40 additions and 5 deletions.
3 changes: 2 additions & 1 deletion limitador-server/sandbox/.gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,5 @@
*.key
*.pem
*.csr
report.html
*.srl
report.html
34 changes: 33 additions & 1 deletion limitador-server/src/config.rs
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,27 @@

use crate::envoy_rls::server::RateLimitHeaders;
use limitador::storage;
use std::fmt;
use tracing::level_filters::LevelFilter;
use url::Url;

pub fn redacted_url(url: String) -> String {
return match Url::parse(url.as_str()) {
Ok(url_object) => {
if url_object.password().is_some() {
let mut owned_url = url_object.clone();
if owned_url.set_password(Some("****")).is_ok() {
String::from(owned_url)
} else {
url.clone()
}
} else {
url.clone()
}
}
Err(_) => url.clone(),
};
}

#[derive(Debug)]
pub struct Configuration {
Expand Down Expand Up @@ -164,12 +184,24 @@ pub struct DiskStorageConfiguration {
pub optimization: storage::disk::OptimizeFor,
}

#[derive(PartialEq, Eq, Debug)]
#[derive(PartialEq, Eq)]
pub struct RedisStorageConfiguration {
pub url: String,
pub cache: Option<RedisStorageCacheConfiguration>,
}

impl fmt::Debug for RedisStorageConfiguration {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
f.debug_struct("Foo")
.field("cache", &self.cache)
.field(
"url",
&format_args!("{}", redacted_url(self.url.clone()).as_str()),
)
.finish()
}
}

#[derive(PartialEq, Eq, Debug)]
pub struct RedisStorageCacheConfiguration {
pub batch_size: usize,
Expand Down
8 changes: 5 additions & 3 deletions limitador-server/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ extern crate clap;
#[cfg(feature = "distributed_storage")]
use crate::config::DistributedStorageConfiguration;
use crate::config::{
Configuration, DiskStorageConfiguration, InMemoryStorageConfiguration,
redacted_url, Configuration, DiskStorageConfiguration, InMemoryStorageConfiguration,
RedisStorageCacheConfiguration, RedisStorageConfiguration, StorageConfiguration,
};
use crate::envoy_rls::server::{run_envoy_rls_server, RateLimitHeaders};
Expand Down Expand Up @@ -121,7 +121,8 @@ impl Limiter {
AsyncRedisStorage::new(redis_url)
.await
.unwrap_or_else(|err| {
eprintln!("Failed to connect to Redis at {redis_url}: {err}");
let redacted_redis_url = redacted_url(String::from(redis_url));
eprintln!("Failed to connect to Redis at {redacted_redis_url}: {err}");
process::exit(1)
})
}
Expand All @@ -139,7 +140,8 @@ impl Limiter {
.response_timeout(Duration::from_millis(cache_cfg.response_timeout));

cached_redis_storage.build().await.unwrap_or_else(|err| {
eprintln!("Failed to connect to Redis at {redis_url}: {err}");
let redacted_redis_url = redacted_url(String::from(redis_url));
eprintln!("Failed to connect to Redis at {redacted_redis_url}: {err}");
process::exit(1)
})
}
Expand Down

0 comments on commit 046d5d1

Please sign in to comment.