Add redact_auth_from_url

eval-exec · eval-exec · commit 85ae3ecf7f87 · 2025-06-17T18:27:05.000+08:00
diff --git a/tentacle/src/runtime/tokio_runtime/mod.rs b/tentacle/src/runtime/tokio_runtime/mod.rs
@@ -6,8 +6,9 @@ pub use tokio::{
     task::{JoinHandle, block_in_place, spawn_blocking, yield_now},
 };
 
-use crate::service::config::{
-    TcpSocket, TcpSocketConfig, TcpSocketTransformer, TransformerContext,
+use crate::{
+    service::config::{TcpSocket, TcpSocketConfig, TcpSocketTransformer, TransformerContext},
+    utils::redact_auth_from_url,
 };
 use socket2::{Domain, Protocol as SocketProtocol, Socket, Type};
 #[cfg(unix)]
@@ -170,7 +171,7 @@ async fn connect_by_proxy(
                 io::ErrorKind::Other,
                 format!(
                     "socks5_connect to target_addr: {}, target_port: {} by proxy_server: {} failed, err: {}",
-                    target_addr, target_port, proxy_server_url, err
+                    target_addr, target_port, redact_auth_from_url(&proxy_server_url), err
                 ),
             )
         })
diff --git a/tentacle/src/utils.rs b/tentacle/src/utils.rs
@@ -1,8 +1,11 @@
+use url::Url;
+
 use crate::{
     multiaddr::{Multiaddr, Protocol},
     secio::PeerId,
 };
 use std::{
+    borrow::Cow,
     iter::{self},
     net::{IpAddr, SocketAddr},
 };
@@ -153,6 +156,37 @@ pub fn find_type(addr: &Multiaddr) -> TransportType {
     .unwrap_or(TransportType::Tcp)
 }
 
+/// Function to redact the username and password from a URL:
+/// This function takes a URL of the form "https://user:password@example.com/path?key=value#hash"
+/// and returns a modified version where the password is replaced with "****", resulting in:
+/// "https://user:****@example.com/path?key=value#hash".
+/// If the URL does not contain a username or password, it is returned unchanged.
+/// Returns a `Cow<'_, Url>` to manage ownership efficiently, using `Borrowed` when possible.
+///
+/// # Parameters
+/// - `url`: A reference to a `Url` object representing the original input URL.
+///
+/// # Returns
+/// - A `Cow<'_, Url>` object representing the URL with redacted credentials.
+pub fn redact_auth_from_url(url: &Url) -> Cow<'_, Url> {
+    let mut owned_url = url.clone();
+    let mut modified = false;
+
+    if url.username() != "" && owned_url.set_username("****").is_ok() {
+        modified = true;
+    }
+
+    if url.password().is_some() && owned_url.set_password(Some("****")).is_ok() {
+        modified = true;
+    }
+
+    if modified {
+        Cow::Owned(owned_url)
+    } else {
+        Cow::Borrowed(url)
+    }
+}
+
 #[cfg(test)]
 mod test {
     use crate::{
