mirror of https://github.com/status-im/consul.git
Merge pull request #860 from hashicorp/f-hide-tokens
Hide tokens from logs and monitor
This commit is contained in:
commit
5491df1885
|
@ -282,17 +282,26 @@ func (s *HTTPServer) wrap(handler func(resp http.ResponseWriter, req *http.Reque
|
|||
f := func(resp http.ResponseWriter, req *http.Request) {
|
||||
setHeaders(resp, s.agent.config.HTTPAPIResponseHeaders)
|
||||
|
||||
// Obfuscate any tokens from appearing in the logs
|
||||
req.ParseForm()
|
||||
logURL := req.URL.String()
|
||||
if tokens, ok := req.Form["token"]; ok {
|
||||
for _, token := range tokens {
|
||||
logURL = strings.Replace(logURL, token, "<hidden>", -1)
|
||||
}
|
||||
}
|
||||
|
||||
// Invoke the handler
|
||||
start := time.Now()
|
||||
defer func() {
|
||||
s.logger.Printf("[DEBUG] http: Request %v (%v)", req.URL, time.Now().Sub(start))
|
||||
s.logger.Printf("[DEBUG] http: Request %v (%v)", logURL, time.Now().Sub(start))
|
||||
}()
|
||||
obj, err := handler(resp, req)
|
||||
|
||||
// Check for an error
|
||||
HAS_ERR:
|
||||
if err != nil {
|
||||
s.logger.Printf("[ERR] http: Request %v, error: %v", req.URL, err)
|
||||
s.logger.Printf("[ERR] http: Request %v, error: %v", logURL, err)
|
||||
code := 500
|
||||
errMsg := err.Error()
|
||||
if strings.Contains(errMsg, "Permission denied") || strings.Contains(errMsg, "ACL not found") {
|
||||
|
|
|
@ -6,6 +6,7 @@ import (
|
|||
"fmt"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"net"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
|
@ -13,6 +14,7 @@ import (
|
|||
"path/filepath"
|
||||
"runtime"
|
||||
"strconv"
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
|
@ -274,6 +276,30 @@ func TestContentTypeIsJSON(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestHTTP_wrap_obfuscateLog(t *testing.T) {
|
||||
dir, srv := makeHTTPServer(t)
|
||||
defer os.RemoveAll(dir)
|
||||
defer srv.Shutdown()
|
||||
defer srv.agent.Shutdown()
|
||||
|
||||
// Attach a custom logger so we can inspect it
|
||||
buf := &bytes.Buffer{}
|
||||
srv.logger = log.New(buf, "", log.LstdFlags)
|
||||
|
||||
resp := httptest.NewRecorder()
|
||||
req, _ := http.NewRequest("GET", "/some/url?token=secret1&token=secret2", nil)
|
||||
|
||||
handler := func(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
|
||||
return nil, nil
|
||||
}
|
||||
srv.wrap(handler)(resp, req)
|
||||
|
||||
// Make sure no tokens from the URL show up in the log
|
||||
if strings.Contains(buf.String(), "secret") {
|
||||
t.Fatalf("bad: %s", buf.String())
|
||||
}
|
||||
}
|
||||
|
||||
func TestPrettyPrint(t *testing.T) {
|
||||
testPrettyPrint("pretty=1", t)
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue