fix: redact passwords in logs

Fixes #238

Replaces URLs of the format `rtsp://user:password@localhost:8554` with
`rtsp://user:xxxxx@localhost:8554` in logs. This is best-effort for now
and does not handle cases where passwords appear in query strings. It
should be fairly easy to extend the `RedactPassword` function in the
future in case there are other common password pattern that are worth
handling.

Author: martinohmann

internal/expr/expr.go

@@ -17,7 +17,7 @@ func Init() {
 			return "", err
 		}
 
-		log.Debug().Msgf("[expr] url=%s", url)
+		log.Debug().Msgf("[expr] url=%s", streams.RedactPassword(url[5:]))
 
 		if url = v.(string); url == "" {
 			return "", errors.New("expr: result is empty")

internal/streams/helpers.go

@@ -20,3 +20,11 @@ func ParseQuery(s string) url.Values {
 	}
 	return params
 }
+
+func RedactPassword(s string) string {
+	if u, err := url.Parse(s); err == nil {
+		return u.Redacted()
+	}
+
+	return s
+}

internal/streams/helpers_test.go

@@ -0,0 +1,14 @@
+package streams
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestRedactPassword(t *testing.T) {
+	require.Equal(t, "not_a_url", RedactPassword("not_a_url"))
+	require.Equal(t, "rtsp://localhost:8554", RedactPassword("rtsp://localhost:8554"))
+	require.Equal(t, "rtsp://user:xxxxx@localhost:8554", RedactPassword("rtsp://user:password@localhost:8554"))
+	require.Equal(t, "rtsp://:xxxxx@localhost:8554", RedactPassword("rtsp://:password@localhost:8554"))
+}

internal/streams/producer.go

@@ -149,7 +149,7 @@ func (p *Producer) start() {
 		return
 	}
 
-	log.Debug().Msgf("[streams] start producer url=%s", p.url)
+	log.Debug().Msgf("[streams] start producer url=%s", RedactPassword(p.url))
 
 	p.state = stateStart
 	p.workerID++
@@ -167,7 +167,7 @@ func (p *Producer) worker(conn core.Producer, workerID int) {
 			return
 		}
 
-		log.Warn().Err(err).Str("url", p.url).Caller().Send()
+		log.Warn().Err(err).Str("url", RedactPassword(p.url)).Caller().Send()
 	}
 
 	p.reconnect(workerID, 0)
@@ -178,11 +178,11 @@ func (p *Producer) reconnect(workerID, retry int) {
 	defer p.mu.Unlock()
 
 	if p.workerID != workerID {
-		log.Trace().Msgf("[streams] stop reconnect url=%s", p.url)
+		log.Trace().Msgf("[streams] stop reconnect url=%s", RedactPassword(p.url))
 		return
 	}
 
-	log.Debug().Msgf("[streams] retry=%d to url=%s", retry, p.url)
+	log.Debug().Msgf("[streams] retry=%d to url=%s", retry, RedactPassword(p.url))
 
 	conn, err := GetProducer(p.url)
 	if err != nil {
@@ -257,7 +257,7 @@ func (p *Producer) stop() {
 		p.workerID++
 	}
 
-	log.Debug().Msgf("[streams] stop producer url=%s", p.url)
+	log.Debug().Msgf("[streams] stop producer url=%s", RedactPassword(p.url))
 
 	if p.conn != nil {
 		_ = p.conn.Stop()

internal/streams/streams.go

@@ -119,7 +119,7 @@ func GetOrPatch(query url.Values) *Stream {
 
 	// check if name param provided
 	if name := query.Get("name"); name != "" {
-		log.Info().Msgf("[streams] create new stream url=%s", source)
+		log.Info().Msgf("[streams] create new stream url=%s", RedactPassword(source))
 
 		return Patch(name, source)
 	}
@@ -143,6 +143,8 @@ func Delete(id string) {
 	delete(streams, id)
 }
 
-var log zerolog.Logger
-var streams = map[string]*Stream{}
-var streamsMu sync.Mutex
+var (
+	log       zerolog.Logger
+	streams   = map[string]*Stream{}
+	streamsMu sync.Mutex
+)