feat: improve record content masking (#2923)

* feat: hide password in record * feat: improve code format * feat: improve code format
2025-07-03 12:30:19 +08:00 · 2024-05-05 12:42:09 +08:00
parent 1dfbbf0e90
commit e0455df504
1 changed files with 13 additions and 1 deletions
--- a/object/record.go
+++ b/object/record.go
@ -17,6 +17,7 @@ package object
 import (
 	"encoding/json"
 	"fmt"
+	"regexp"
 	"strings"

 	"github.com/beego/beego/context"
@ -25,10 +26,14 @@ import (
 	"github.com/casvisor/casvisor-go-sdk/casvisorsdk"
 )

-var logPostOnly bool
+var (
+	logPostOnly   bool
+	passwordRegex *regexp.Regexp
+)

 func init() {
 	logPostOnly = conf.GetConfigBool("logPostOnly")
+	passwordRegex = regexp.MustCompile("\"password\":\".+\"")
 }

 type Record struct {
@ -40,6 +45,10 @@ type Response struct {
 	Msg    string `json:"msg"`
 }

+func maskPassword(recordString string) string {
+	return passwordRegex.ReplaceAllString(recordString, "\"password\":\"***\"")
+}
+
 func NewRecord(ctx *context.Context) (*casvisorsdk.Record, error) {
 	ip := strings.Replace(util.GetIPFromRequest(ctx.Request), ": ", "", -1)
 	action := strings.Replace(ctx.Request.URL.Path, "/api/", "", -1)
@ -51,6 +60,7 @@ func NewRecord(ctx *context.Context) (*casvisorsdk.Record, error) {
 	object := ""
 	if ctx.Input.RequestBody != nil && len(ctx.Input.RequestBody) != 0 {
 		object = string(ctx.Input.RequestBody)
+		object = maskPassword(object)
 	}

 	respBytes, err := json.Marshal(ctx.Input.Data()["json"])
@ -99,6 +109,8 @@ func AddRecord(record *casvisorsdk.Record) bool {

 	record.Owner = record.Organization

+	record.Object = maskPassword(record.Object)
+
 	errWebhook := SendWebhooks(record)
 	if errWebhook == nil {
 		record.IsTriggered = true