Use opengribs.org API

[svenseeberg]

Use opengribs.org to fetch sea currents and wind data. We first have to request a GRIBS file via the API. The API then returns a download path after a few seconds. The file is downloaded into the simulation input directory and should automatically be used.

Fix #74

In general, to fix clear-text logging of sensitive data, remove sensitive fields from log messages or replace them with non-sensitive summaries (e.g., IDs, coarse buckets, or hashes) while preserving enough context for debugging. When you need to trace operations without exposing raw values, log an opaque identifier or a redacted/rounded representation instead of exact data.

For this specific issue, the problem is that logger.info(f"Got GRIBS file {download_url} for {bbox}") logs a bounding box derived from sensitive coordinates. The simplest fix that preserves behavior is to stop logging bbox entirely or replace it with a non-sensitive placeholder. Since download_url is already sufficient to understand what has been retrieved operationally, we can modify the log line to only mention the URL, or, if more context is needed, log the filename derived from the URL. No changes are required to how the data is requested or processed; only the log message string needs adjustment.

Concretely, in opendrift_leeway_webgui/leeway/utils.py at line 305, change the log call to avoid embedding the bbox dict (and thus latitude/longitude-derived values). For example:

logger.info("Got GRIBS file %s", download_url)

or, if you want slightly more context without coordinates:

logger.info("Got GRIBS file for OpenGRIBS request: %s", download_url)

This requires no new imports or helper methods, and it addresses all alert variants since every tainted path flows into bbox in that single log call.

In general, to fix clear‑text logging of sensitive data you should avoid logging raw user-derived values or full command lines containing such values. Either remove the log, reduce it to non-sensitive, high-level information, or explicitly redact the sensitive fields before logging.

For this specific case, the minimal, non‑functional change is to stop printing the full docker command string containing simulation.longitude and simulation.latitude. Since this is a Celery task that already uses a logger, the best fix is to replace the print(" ".join(params)) with a safer debug message that omits or redacts sensitive parameters while still giving some context (e.g., logging only the simulation UUID or that a simulation is starting). This avoids introducing new behavior while retaining observability. No other parts of the snippet require changes, and no new imports or helper methods are needed.

Concretely:

• In opendrift_leeway_webgui/leeway/tasks.py, at line 56, replace print(" ".join(params)) with a logger.debug call that does not include longitude/latitude or any other sensitive data. For example: logger.debug("Starting leeway simulation %s", simulation.uuid).
• Leave all other lines as-is.