From 438c999e119722b480b331436f136ac561f26be9 Mon Sep 17 00:00:00 2001
From: Yang Luo <hsluoyz@qq.com>
Date: Wed, 12 Jul 2023 23:21:47 +0800
Subject: [PATCH] Add password mask to /get-ldaps and /get-ldap APIs

---
 controllers/ldap.go |  4 ++--
 object/ldap.go      | 31 +++++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/controllers/ldap.go b/controllers/ldap.go
index 02d5c639..b77ba6b5 100644
--- a/controllers/ldap.go
+++ b/controllers/ldap.go
@@ -100,7 +100,7 @@ func (c *ApiController) GetLdapUsers() {
 func (c *ApiController) GetLdaps() {
 	owner := c.Input().Get("owner")
 
-	c.ResponseOk(object.GetLdaps(owner))
+	c.ResponseOk(object.GetMaskedLdaps(object.GetLdaps(owner)))
 }
 
 // GetLdap
@@ -116,7 +116,7 @@ func (c *ApiController) GetLdap() {
 	}
 
 	_, name := util.GetOwnerAndNameFromId(id)
-	c.ResponseOk(object.GetLdap(name))
+	c.ResponseOk(object.GetMaskedLdap(object.GetLdap(name)))
 }
 
 // AddLdap
diff --git a/object/ldap.go b/object/ldap.go
index d76c0e63..927b41b7 100644
--- a/object/ldap.go
+++ b/object/ldap.go
@@ -103,6 +103,37 @@ func GetLdap(id string) (*Ldap, error) {
 	}
 }
 
+func GetMaskedLdap(ldap *Ldap, errs ...error) (*Ldap, error) {
+	if len(errs) > 0 && errs[0] != nil {
+		return nil, errs[0]
+	}
+
+	if ldap == nil {
+		return nil, nil
+	}
+
+	if ldap.Password != "" {
+		ldap.Password = "***"
+	}
+
+	return ldap, nil
+}
+
+func GetMaskedLdaps(ldaps []*Ldap, errs ...error) ([]*Ldap, error) {
+	if len(errs) > 0 && errs[0] != nil {
+		return nil, errs[0]
+	}
+
+	var err error
+	for _, ldap := range ldaps {
+		ldap, err = GetMaskedLdap(ldap)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return ldaps, nil
+}
+
 func UpdateLdap(ldap *Ldap) (bool, error) {
 	if l, err := GetLdap(ldap.Id); err != nil {
 		return false, nil