tsweb: normalize passkey identities in bucketed stats

Signed-off-by: Tom DNetto <tom@tailscale.com> Updates: corp#17075
2024-11-25 19:15:34 +00:00 · 2024-02-07 15:37:23 -08:00 · 2024-02-07 15:37:23 -08:00 · 653721541c
commit 653721541c
parent 8d6d9d28ba
2 changed files with 5 additions and 3 deletions
--- a/tsweb/tsweb.go
+++ b/tsweb/tsweb.go
@ -196,8 +196,8 @@ type BucketedStatsOptions struct {
 // normalizePathRegex matches components in a HTTP request path
 // that should be replaced.
 //
-// See: https://regex101.com/r/WIfpaR/1 for the explainer and test cases.
-var normalizePathRegex = regexp.MustCompile("([a-fA-F0-9]{9,}|([^\\/])+\\.([^\\/]){2,}|((n|k|u|L|t|S)[a-zA-Z0-9]{5,}(CNTRL|Djz1H|LV5CY|mxgaY|jNy1b)))")
+// See: https://regex101.com/r/WIfpaR/3 for the explainer and test cases.
+var normalizePathRegex = regexp.MustCompile("([a-fA-F0-9]{9,}|([^\\/])+\\.([^\\/]){2,}|((n|k|u|L|t|S)[a-zA-Z0-9]{5,}(CNTRL|Djz1H|LV5CY|mxgaY|jNy1b))|(([^\\/])+\\@passkey))")

 // NormalizedPath returns the given path with the following modifications:
 //
@ -206,7 +206,8 @@ type BucketedStatsOptions struct {
 //     replaced by an ellipsis
 //   - any path component containing a period with at least two characters
 //     after the period (i.e. an email or domain)
-//   - any path component consisting of a common Tailscale Stable ID.
+//   - any path component consisting of a common Tailscale Stable ID
+//   - any path segment *@passkey.
 func NormalizedPath(p string) string {
 	// Fastpath: No hex sequences in there we might have to trim.
 	// Avoids allocating.
--- a/tsweb/tsweb_test.go
+++ b/tsweb/tsweb_test.go
@ -686,6 +686,7 @@ func TestBucket(t *testing.T) {
 		{"/a/831a4bf39856?refreshed=true", "/a/…"},
 		{"/c2n/nxaaa1CNTRL", "/c2n/…"},
 		{"/api/v2/tailnet/blueberries.com/keys/kxaDK21CNTRL", "/api/v2/tailnet/…/keys/…"},
+		{"/api/v2/tailnet/bloop@passkey/devices", "/api/v2/tailnet/…/devices"},
 	}

 	for _, tc := range tcs {