dont log secrets in logs

This commit is contained in:
dusk 2023-04-21 22:34:44 +03:00
parent 8d509136ba
commit dbfcbfae07
Signed by: dusk
GPG Key ID: 1D8F8FAF2294D6EA
2 changed files with 74 additions and 7 deletions

View File

@ -10,7 +10,7 @@ tokio = {version = "1", features = ["rt-multi-thread"]}
dotenvy = "0.15"
tracing = "0.1"
tracing-subscriber = {version = "0.3", features = ["env-filter"]}
tower-http = {version = "0.4", features = ["trace", "cors"]}
tower-http = {version = "0.4", features = ["trace", "cors", "sensitive-headers"]}
hyper = {version = "0.14", features = ["client"]}
http = "0.2"
async-tungstenite = {version = "0.21", features = ["tokio-runtime"]}

View File

@ -1,4 +1,4 @@
use std::net::SocketAddr;
use std::{fmt::Display, net::SocketAddr};
use super::AppError;
use async_tungstenite::{
@ -28,8 +28,7 @@ use serde::{Deserialize, Serialize};
use serde_json::Value;
use tokio::net::TcpStream;
use tower_http::{
cors::CorsLayer,
trace::{DefaultMakeSpan, TraceLayer},
cors::CorsLayer, sensitive_headers::SetSensitiveRequestHeadersLayer, trace::TraceLayer,
};
use tracing::{Instrument, Span};
@ -61,9 +60,76 @@ async fn block_external_ips<B>(
}
}
struct ComponentDisplay<Left, Right> {
left: Left,
right: Right,
}
impl<'a, 'b> ComponentDisplay<&'a str, &'b str> {
fn is_empty(&self) -> bool {
self.left.is_empty() && self.right.is_empty()
}
}
impl<Left, Right> Display for ComponentDisplay<Left, Right>
where
Left: Display,
Right: Display,
{
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
write!(f, "{}{}", self.left, self.right)
}
}
fn make_span_trace<B>(req: &Request<B>) -> Span {
let uri_query_filtered = req
.uri()
.query()
.map(|q| {
let token_start = q.find("&token=");
if let Some(pos) = token_start {
let (left, right) = q.split_at(pos);
let (_, right) = right.split_at(pos + 6 + 30);
return ComponentDisplay { left, right };
}
let token_start = q.find("token=");
if let Some(_) = token_start {
let (_, right) = q.split_at(6 + 30);
return ComponentDisplay { left: "", right };
}
ComponentDisplay { left: q, right: "" }
})
.unwrap_or(ComponentDisplay {
left: "",
right: "",
});
let uri_path = ComponentDisplay {
left: {
if !uri_query_filtered.is_empty() {
ComponentDisplay {
left: req.uri().path(),
right: "?",
}
} else {
ComponentDisplay {
left: req.uri().path(),
right: "",
}
}
},
right: uri_query_filtered,
};
tracing::debug_span!(
"request",
method = %req.method(),
uri = %uri_path,
version = ?req.version(),
headers = ?req.headers(),
)
}
pub(super) async fn handler(state: AppState) -> Result<Router, AppError> {
let trace_layer =
TraceLayer::new_for_http().make_span_with(DefaultMakeSpan::default().include_headers(true));
let trace_layer = TraceLayer::new_for_http().make_span_with(make_span_trace);
let internal_router = Router::new()
.route("/token/generate", get(generate_token))
@ -71,9 +137,10 @@ pub(super) async fn handler(state: AppState) -> Result<Router, AppError> {
.layer(axum::middleware::from_fn(block_external_ips));
let router = Router::new()
.route("/thumbnails/:id", get(http))
.route("/thumbnail/:id", get(http))
.route("/audio/id/:id", get(http))
.route("/", get(metadata_ws))
.layer(SetSensitiveRequestHeadersLayer::new([AUTHORIZATION]))
.layer(trace_layer)
.layer(
CorsLayer::new()