Hide password from repository URLs

2025-08-12 16:17:41 +00:00 · 2020-03-20 22:52:27 +00:00
parent 10e3340863
commit 206cadfab4
6 changed files with 172 additions and 21 deletions
--- a/internal/backend/rest/config.go
+++ b/internal/backend/rest/config.go
@@ -31,10 +31,7 @@ func ParseConfig(s string) (interface{}, error) {
 		return nil, errors.New("invalid REST backend specification")
 	}

-	s = s[5:]
-	if !strings.HasSuffix(s, "/") {
-		s += "/"
-	}
+	s = prepareURL(s)

 	u, err := url.Parse(s)

@@ -46,3 +43,31 @@ func ParseConfig(s string) (interface{}, error) {
 	cfg.URL = u
 	return cfg, nil
 }
+
+// StripPassword removes the password from the URL
+// If the repository location cannot be parsed as a valid URL, it will be returned as is
+// (it's because this function is used for logging errors)
+func StripPassword(s string) string {
+	scheme := s[:5]
+	s = prepareURL(s)
+
+	u, err := url.Parse(s)
+	if err != nil {
+		return scheme + s
+	}
+
+	if _, set := u.User.Password(); !set {
+		return scheme + s
+	}
+
+	// a password was set: we replace it with ***
+	return scheme + strings.Replace(u.String(), u.User.String()+"@", u.User.Username()+":***@", 1)
+}
+
+func prepareURL(s string) string {
+	s = s[5:]
+	if !strings.HasSuffix(s, "/") {
+		s += "/"
+	}
+	return s
+}