Skip to content

Commit

Permalink
feat: [torrust#424] remove secrets from settings API endpoint
Browse files Browse the repository at this point in the history 
These fields:

- data.tracker.token
- data.mail.password
- data.auth.secret_key

are replaced with asterisks.
  • Loading branch information
@josecelano
josecelano committed Feb 9, 2024
1 parent 1388e76 commit a4ff205
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 1 deletion.
6 changes: 6 additions & 0 deletions src/config.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -389,6 +389,12 @@ impl TorrustIndex {
fn override_tracker_api_token(&mut self, tracker_api_token: &str) {
self.tracker.override_tracker_api_token(tracker_api_token);
}

pub fn remove_secrets(&mut self) {
self.tracker.token = "***".to_owned();
self.mail.password = "***".to_owned();
self.auth.secret_key = "***".to_owned();
}
}

/// The configuration service.
Expand Down
6 changes: 5 additions & 1 deletion src/services/settings.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,11 @@ impl Service {
return Err(ServiceError::Unauthorized);
}

Ok(self.configuration.get_all().await)
let mut torrust_index_configuration = self.configuration.get_all().await;

torrust_index_configuration.remove_secrets();

Ok(torrust_index_configuration)
}

/// It gets only the public settings.
Expand Down

0 comments on commit a4ff205

Please sign in to comment.